Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible foodpuma redirect virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 markm22

markm22

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 16 February 2012 - 07:22 PM

About a week ago my computer received a virus that is redirecting and or preventing searches to work properly. Ive tried malware bytes and many other removal tools and they aren't finding anything. It has also stopped my computer from going to certain sites to download removal tools. I don't know if this helps but I ran highjackthis and this is the log:

Logfile of HijackThis v1.99.1
Scan saved at 5:05:34 PM, on 2/16/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RSA Security\RSA SecurID Toolbar Token\RsaToolbarServer.exe
C:\Users\SalesRep\Desktop\SpywareTools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://tlgposdotcom.cingular.com/v2/Login.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: RSA Toolbar - {749F8452-7D28-4658-A903-9B047E5A2CE8} - C:\Program Files\RSA Security\RSA SecurID Toolbar Token\RsaToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG10\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Client/Server Security Agent (svcGenericHost) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - c:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 19 February 2012 - 02:34 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 19 February 2012 - 11:28 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by SalesRep at 11:19:54 on 2012-02-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.875 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\SalesRep\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://tlgposdotcom.cingular.com/v2/Login.html
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: RSA Toolbar: {749f8452-7d28-4658-a903-9b047e5a2ce8} - c:\program files\rsa security\rsa securid toolbar token\RsaToolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
dRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: cingular.com\tlgposdotcom
Trusted Zone: yourwaresoftware.com\uspcs
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12 71.243.0.12
TCP: Interfaces\{FBAB2D37-2A22-4CAD-96A1-996C805C40BC}\C696E6B637973713 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FBF2DA35-AB95-4677-A6E6-3E6230A65B86} : DhcpNameServer = 68.237.161.12 71.250.0.12 71.243.0.12
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {FC8B4D35-FC70-4A52-9655-E8784FDEEB87} - msiexec /fu {FC8B4D35-FC70-4A52-9655-E8784FDEEB87}
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\salesrep\appdata\roaming\mozilla\firefox\profiles\zbx71a9d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-11 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-11 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-26 167936]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-6 51792]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
R3 VIACRX86;VIACRX86;c:\windows\system32\drivers\viacr.sys [2010-10-26 59392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-12 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-12 146528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MKHEUDZ;MKHEUDZ;c:\users\salesrep\appdata\local\temp\MKHEUDZ.exe [2012-2-16 592768]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 QJXCD;QJXCD;c:\users\salesrep\appdata\local\temp\QJXCD.exe [2012-2-16 572288]
S3 RYSZI;RYSZI;c:\users\salesrep\appdata\local\temp\RYSZI.exe [2012-2-16 367488]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-3 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-19 16:06:54 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-02-19 16:06:50 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f8b8f397-a31c-40d7-b7c9-2b9441677a8d}\mpengine.dll
2012-02-16 22:16:19 14664 ----a-w- c:\windows\stinger.sys
2012-02-16 22:15:34 -------- d-----w- c:\program files\stinger
2012-02-16 22:14:58 -------- d-----w- C:\VundoFix Backups
2012-02-16 18:43:50 -------- d-----w- c:\users\salesrep\appdata\local\ElevatedDiagnostics
2012-02-15 16:45:26 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 14:18:18 -------- d-----w- c:\users\salesrep\appdata\roaming\AVG
2012-02-14 21:13:27 -------- d-----w- c:\program files\common files\Bitdefender
2012-02-11 19:07:11 -------- d-----w- c:\program files\Dell Support Center
2012-02-10 20:05:52 -------- d-----w- c:\users\salesrep\appdata\roaming\B2D2B
2012-02-10 19:21:57 -------- d-----w- c:\program files\2BE5A
2012-02-10 00:29:14 -------- d-----w- c:\program files\LP
2012-01-25 18:04:58 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-25 18:04:58 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 18:04:58 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-25 18:04:58 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-25 18:04:58 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-25 18:04:58 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 18:04:58 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 18:04:58 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-25 18:04:58 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-25 18:04:58 1037312 ----a-w- c:\windows\system32\lsasrv.dll
.
==================== Find3M ====================
.
2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:20:52.34 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/3/2011 8:44:51 AM
System Uptime: 2/19/2012 11:15:48 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0N867P
Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2793/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 250.766 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP77: 2/14/2012 4:13:47 PM - Removed AVG 2011
RP78: 2/14/2012 4:15:39 PM - Removed AVG 2012
RP79: 2/14/2012 4:32:16 PM - Windows Update
RP80: 2/14/2012 4:51:57 PM - Installed AVG 2012
RP81: 2/14/2012 4:52:31 PM - Installed AVG 2012
RP82: 2/15/2012 3:00:49 AM - Windows Update
RP83: 2/15/2012 11:09:45 AM - Windows Update
RP84: 2/15/2012 11:45:08 AM - Windows Update
RP85: 2/16/2012 3:01:07 AM - Windows Update
RP86: 2/19/2012 11:03:20 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP87: 2/19/2012 11:06:10 AM - Windows Update
RP88: 2/19/2012 11:08:02 AM - Removed AVG 2012
RP89: 2/19/2012 11:10:03 AM - Removed AVG 2012
.
==== Installed Programs ======================
.
.print Client Windows (RDP)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Conexant SmartAudio
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Support Center
Dell Webcam Central
Dell Wireless WLAN Card Utility
GoToMeeting 5.0.0.799
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.2.0
Mozilla Firefox 10.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RSA SecurID Toolbar 1.4.2 for Internet Explorer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Spelling Dictionaries Support For Adobe Reader 9
Trend Micro Client/Server Security Agent
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
2/19/2012 11:17:31 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/19/2012 11:13:49 AM, Error: Service Control Manager [7022] - The Task Scheduler service hung on starting.
2/19/2012 11:01:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
2/19/2012 11:00:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d0f41d, 0x8ab17b4c, 0x8ab17730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021912-23384-01.
2/16/2012 7:26:11 PM, Error: Service Control Manager [7030] - The QJXCD service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/16/2012 6:32:24 PM, Error: Service Control Manager [7034] - The BVW service terminated unexpectedly. It has done this 1 time(s).
2/16/2012 5:11:54 PM, Error: Service Control Manager [7030] - The RYSZI service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/16/2012 5:11:13 PM, Error: Service Control Manager [7030] - The BVW service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/16/2012 5:11:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MKHEUDZ service to connect.
2/16/2012 5:11:13 PM, Error: Service Control Manager [7000] - The MKHEUDZ service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2012 5:10:42 PM, Error: Service Control Manager [7030] - The MKHEUDZ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/16/2012 2:54:28 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:52:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:52:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/16/2012 2:52:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/16/2012 2:52:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/16/2012 2:52:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache is3srv spldr tmtdi Wanarpv6
2/16/2012 2:52:28 PM, Error: Service Control Manager [7022] - The IKE and AuthIP IPsec Keying Modules service hung on starting.
2/16/2012 2:52:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/16/2012 2:51:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
2/16/2012 2:36:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/16/2012 2:10:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/16/2012 2:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/16/2012 2:10:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx86 Avgmfx86 Avgtdix DfsC discache is3srv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vwififlt Wanarpv6 WfpLwf
2/16/2012 2:10:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Profile Service service to connect.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/16/2012 2:10:46 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2012 2:08:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WORKGROUP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FBF2DA35-AB95-4677-A6E6-3E6230A6. The master browser is stopping or an election is being forced.
2/15/2012 3:00:29 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{FBF2DA35-AB95-4677-A6E6-3E6230A65B86} because another computer on the network has the same name. The server could not start.
2/15/2012 12:28:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2660465).
2/15/2012 11:36:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2647516).
2/15/2012 11:36:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2660465).
2/13/2012 12:51:00 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
2/13/2012 12:49:35 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 19 February 2012 - 02:05 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 19 February 2012 - 02:16 PM

When I try to run ComboFix it tells me to disable anti-spyware StopZilla from running but I uninstalled this already and cannot find it anywhere on the computer. Should I run it anyways or is there a way to disable or get rid of StopZilla permanently? If I go to add/remove programs it is not listed there.

#6 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 19 February 2012 - 02:27 PM

I searched Program Files and cannot find StopZilla anywhere either.... I noticed two unusual folders though. One Is Labeled 2BE5A and has no contents, the other folder is labeled LP and when you open it there is a folder labeled 2EFB and inside that folder are ten .tmp files inside with recent dates that are all after when my computer has encountered problems.....

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 19 February 2012 - 02:36 PM

Hello

Go ahead and run it anyway


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 19 February 2012 - 04:17 PM

Combofix ran for around and hour and i got a message that said "freeware implementation of xcacls has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

ComboFix never actually closed though and i can't tell if it is still running or not.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 19 February 2012 - 05:21 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 21 February 2012 - 10:37 AM

ComboFix 12-02-19.02 - SalesRep 02/21/2012 10:25:16.1.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1124 [GMT -5:00]
Running from: c:\users\SalesRep\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\2EFB\4E7E.tmp
c:\program files\LP\2EFB\5038.tmp
c:\program files\LP\2EFB\5FC1.tmp
c:\program files\LP\2EFB\801.tmp
c:\program files\LP\2EFB\8F1A.tmp
c:\program files\LP\2EFB\9E5F.tmp
c:\program files\LP\2EFB\BAC6.tmp
c:\program files\LP\2EFB\DAD6.tmp
c:\program files\LP\2EFB\E7E4.tmp
c:\program files\LP\2EFB\F588.tmp
c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll
c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll
c:\users\SalesRep\g2mdlhlpx.exe
c:\windows\$NtUninstallKB24191$
c:\windows\$NtUninstallKB24191$\243792480
c:\windows\$NtUninstallKB24191$\939288963\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 15:30 . 2012-02-21 15:30 -------- d-----w- c:\users\SalesRep\AppData\Local\temp
2012-02-21 15:30 . 2012-02-21 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 17:09 . 2012-02-19 17:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8B8F397-A31C-40D7-B7C9-2B9441677A8D}\offreg.dll
2012-02-19 16:06 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8B8F397-A31C-40D7-B7C9-2B9441677A8D}\mpengine.dll
2012-02-16 22:16 . 2012-02-16 22:16 14664 ----a-w- c:\windows\stinger.sys
2012-02-16 22:15 . 2012-02-16 23:05 -------- d-----w- c:\program files\stinger
2012-02-16 22:14 . 2012-02-16 22:14 -------- d-----w- C:\VundoFix Backups
2012-02-16 18:43 . 2012-02-16 18:43 -------- d-----w- c:\users\SalesRep\AppData\Local\ElevatedDiagnostics
2012-02-15 16:45 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 14:18 . 2012-02-15 14:18 -------- d-----w- c:\users\SalesRep\AppData\Roaming\AVG
2012-02-14 21:13 . 2012-02-14 21:13 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-02-11 19:07 . 2012-02-11 19:07 -------- d-----w- c:\program files\Dell Support Center
2012-02-10 20:05 . 2012-02-10 20:05 -------- d-----w- c:\users\SalesRep\AppData\Roaming\B2D2B
2012-02-10 19:21 . 2012-02-13 17:50 -------- d-----w- c:\program files\2BE5A
2012-01-25 18:04 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-25 18:04 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 18:04 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-25 18:04 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-25 18:04 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-25 18:04 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-25 18:04 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 18:04 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 18:04 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 18:04 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2011-08-03 13:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-11-20 16:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 17:52 . 2011-09-21 18:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-24 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-24 151064]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MKHEUDZ;MKHEUDZ;c:\users\SalesRep\AppData\Local\Temp\MKHEUDZ.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 QJXCD;QJXCD;c:\users\SalesRep\AppData\Local\Temp\QJXCD.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 RYSZI;RYSZI;c:\users\SalesRep\AppData\Local\Temp\RYSZI.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-03 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [2009-07-14 59392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-02-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = https://tlgposdotcom.cingular.com/v2/Login.html
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cingular.com\tlgposdotcom
Trusted Zone: yourwaresoftware.com\uspcs
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12 71.243.0.12
FF - ProfilePath - c:\users\SalesRep\AppData\Roaming\Mozilla\Firefox\Profiles\zbx71a9d.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM_ActiveSetup-{FC8B4D35-FC70-4A52-9655-E8784FDEEB87} - msiexec
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-21 10:32:05
ComboFix-quarantined-files.txt 2012-02-21 15:32
.
Pre-Run: 268,919,275,520 bytes free
Post-Run: 268,781,604,864 bytes free
.
- - End Of File - - D7CB04A13034106CBCDBE89E813B1341

#11 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 21 February 2012 - 02:21 PM

I did a couple google searches and it seemed to be fixed. A couple hours later I tried a couple more searches and now it seems like the same problem is back.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 21 February 2012 - 08:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 22 February 2012 - 09:49 AM

09:17:48.0904 5640 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
09:17:49.0310 5640 ============================================================
09:17:49.0310 5640 Current date / time: 2012/02/22 09:17:49.0310
09:17:49.0310 5640 SystemInfo:
09:17:49.0310 5640
09:17:49.0310 5640 OS Version: 6.1.7600 ServicePack: 0.0
09:17:49.0310 5640 Product type: Workstation
09:17:49.0310 5640 ComputerName: CHEEKTOWAGAMAIN
09:17:49.0310 5640 UserName: SalesRep
09:17:49.0310 5640 Windows directory: C:\Windows
09:17:49.0310 5640 System windows directory: C:\Windows
09:17:49.0310 5640 Processor architecture: Intel x86
09:17:49.0310 5640 Number of processors: 2
09:17:49.0310 5640 Page size: 0x1000
09:17:49.0310 5640 Boot type: Normal boot
09:17:49.0310 5640 ============================================================
09:17:53.0210 5640 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:17:53.0210 5640 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:17:53.0210 5640 \Device\Harddisk0\DR0:
09:17:53.0210 5640 MBR used
09:17:53.0210 5640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:17:53.0210 5640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
09:17:53.0210 5640 \Device\Harddisk1\DR1:
09:17:53.0210 5640 MBR used
09:17:53.0210 5640 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
09:17:53.0225 5640 Initialize success
09:17:53.0225 5640 ============================================================
09:17:56.0891 4548 ============================================================
09:17:56.0891 4548 Scan started
09:17:56.0891 4548 Mode: Manual;
09:17:56.0891 4548 ============================================================
09:17:57.0531 4548 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
09:17:57.0531 4548 1394ohci - ok
09:17:57.0578 4548 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:17:57.0578 4548 ACPI - ok
09:17:57.0593 4548 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:17:57.0593 4548 AcpiPmi - ok
09:17:57.0625 4548 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:17:57.0625 4548 adp94xx - ok
09:17:57.0656 4548 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:17:57.0656 4548 adpahci - ok
09:17:57.0671 4548 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:17:57.0671 4548 adpu320 - ok
09:17:57.0734 4548 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:17:57.0734 4548 AFD - ok
09:17:57.0734 4548 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:17:57.0749 4548 agp440 - ok
09:17:57.0765 4548 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:17:57.0765 4548 aic78xx - ok
09:17:57.0796 4548 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:17:57.0796 4548 aliide - ok
09:17:57.0796 4548 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:17:57.0812 4548 amdagp - ok
09:17:57.0827 4548 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:17:57.0827 4548 amdide - ok
09:17:57.0843 4548 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:17:57.0843 4548 AmdK8 - ok
09:17:57.0843 4548 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:17:57.0859 4548 AmdPPM - ok
09:17:57.0874 4548 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
09:17:57.0874 4548 amdsata - ok
09:17:57.0905 4548 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:17:57.0905 4548 amdsbs - ok
09:17:57.0921 4548 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
09:17:57.0921 4548 amdxata - ok
09:17:57.0952 4548 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
09:17:57.0952 4548 androidusb - ok
09:17:57.0968 4548 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:17:57.0968 4548 AppID - ok
09:17:57.0999 4548 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:17:57.0999 4548 arc - ok
09:17:58.0046 4548 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:17:58.0046 4548 arcsas - ok
09:17:58.0061 4548 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:17:58.0061 4548 AsyncMac - ok
09:17:58.0093 4548 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:17:58.0093 4548 atapi - ok
09:17:58.0124 4548 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:17:58.0139 4548 b06bdrv - ok
09:17:58.0155 4548 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:17:58.0155 4548 b57nd60x - ok
09:17:58.0186 4548 BCM42RLY (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys
09:17:58.0186 4548 BCM42RLY - ok
09:17:58.0249 4548 BCM43XX (5245ebbe39ed9010240c20d21f5a26a9) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:17:58.0264 4548 BCM43XX - ok
09:17:58.0295 4548 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:17:58.0295 4548 Beep - ok
09:17:58.0342 4548 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:17:58.0342 4548 blbdrive - ok
09:17:58.0373 4548 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:17:58.0373 4548 bowser - ok
09:17:58.0389 4548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:17:58.0389 4548 BrFiltLo - ok
09:17:58.0405 4548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:17:58.0405 4548 BrFiltUp - ok
09:17:58.0420 4548 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:17:58.0420 4548 BridgeMP - ok
09:17:58.0451 4548 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:17:58.0451 4548 Brserid - ok
09:17:58.0467 4548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:17:58.0467 4548 BrSerWdm - ok
09:17:58.0483 4548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:17:58.0483 4548 BrUsbMdm - ok
09:17:58.0498 4548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:17:58.0498 4548 BrUsbSer - ok
09:17:58.0561 4548 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
09:17:58.0561 4548 BTCFilterService - ok
09:17:58.0576 4548 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:17:58.0576 4548 BTHMODEM - ok
09:17:58.0654 4548 catchme - ok
09:17:58.0685 4548 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:17:58.0685 4548 cdfs - ok
09:17:58.0701 4548 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:17:58.0717 4548 cdrom - ok
09:17:58.0732 4548 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:17:58.0732 4548 circlass - ok
09:17:58.0748 4548 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:17:58.0748 4548 CLFS - ok
09:17:58.0779 4548 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:17:58.0779 4548 CmBatt - ok
09:17:58.0826 4548 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:17:58.0826 4548 cmdide - ok
09:17:58.0857 4548 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
09:17:58.0857 4548 CNG - ok
09:17:58.0904 4548 CnxtHdAudService (ff2d3984d938168cb56e839f1e77afd9) C:\Windows\system32\drivers\CHDRT32.sys
09:17:58.0904 4548 CnxtHdAudService - ok
09:17:58.0919 4548 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:17:58.0919 4548 Compbatt - ok
09:17:58.0935 4548 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:17:58.0935 4548 CompositeBus - ok
09:17:58.0951 4548 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:17:58.0951 4548 crcdisk - ok
09:17:58.0997 4548 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
09:17:58.0997 4548 CtAudDrv - ok
09:17:59.0013 4548 CtClsFlt (ceba8413f9b2c73a4e9e16dbd127dc25) C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:17:59.0013 4548 CtClsFlt - ok
09:17:59.0044 4548 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
09:17:59.0044 4548 DfsC - ok
09:17:59.0075 4548 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:17:59.0075 4548 discache - ok
09:17:59.0091 4548 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:17:59.0091 4548 Disk - ok
09:17:59.0122 4548 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:17:59.0122 4548 drmkaud - ok
09:17:59.0153 4548 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:17:59.0153 4548 DXGKrnl - ok
09:17:59.0216 4548 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:17:59.0278 4548 ebdrv - ok
09:17:59.0325 4548 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:17:59.0325 4548 elxstor - ok
09:17:59.0341 4548 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:17:59.0341 4548 ErrDev - ok
09:17:59.0387 4548 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:17:59.0387 4548 exfat - ok
09:17:59.0403 4548 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:17:59.0403 4548 fastfat - ok
09:17:59.0419 4548 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:17:59.0434 4548 fdc - ok
09:17:59.0450 4548 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:17:59.0450 4548 FileInfo - ok
09:17:59.0465 4548 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:17:59.0465 4548 Filetrace - ok
09:17:59.0512 4548 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:17:59.0512 4548 flpydisk - ok
09:17:59.0528 4548 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:17:59.0528 4548 FltMgr - ok
09:17:59.0543 4548 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:17:59.0543 4548 FsDepends - ok
09:17:59.0575 4548 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:17:59.0575 4548 Fs_Rec - ok
09:17:59.0606 4548 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:17:59.0606 4548 fvevol - ok
09:17:59.0621 4548 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:17:59.0621 4548 gagp30kx - ok
09:17:59.0637 4548 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:17:59.0653 4548 GEARAspiWDM - ok
09:17:59.0668 4548 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:17:59.0668 4548 hcw85cir - ok
09:17:59.0684 4548 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:17:59.0684 4548 HDAudBus - ok
09:17:59.0699 4548 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:17:59.0699 4548 HidBatt - ok
09:17:59.0715 4548 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:17:59.0731 4548 HidBth - ok
09:17:59.0731 4548 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:17:59.0731 4548 HidIr - ok
09:17:59.0777 4548 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:17:59.0777 4548 HidUsb - ok
09:17:59.0793 4548 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:17:59.0793 4548 HpSAMD - ok
09:17:59.0824 4548 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:17:59.0824 4548 HTTP - ok
09:17:59.0840 4548 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:17:59.0840 4548 hwpolicy - ok
09:17:59.0855 4548 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:17:59.0855 4548 i8042prt - ok
09:17:59.0918 4548 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
09:17:59.0918 4548 iaStorV - ok
09:18:00.0043 4548 igfx (8828710129b835fd59e8be6615eb3786) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:18:00.0136 4548 igfx - ok
09:18:00.0199 4548 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:18:00.0214 4548 iirsp - ok
09:18:00.0230 4548 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:18:00.0230 4548 intelide - ok
09:18:00.0245 4548 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:18:00.0261 4548 intelppm - ok
09:18:00.0277 4548 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:18:00.0277 4548 IpFilterDriver - ok
09:18:00.0292 4548 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:18:00.0292 4548 IPMIDRV - ok
09:18:00.0308 4548 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:18:00.0308 4548 IPNAT - ok
09:18:00.0323 4548 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:18:00.0323 4548 IRENUM - ok
09:18:00.0339 4548 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:18:00.0339 4548 isapnp - ok
09:18:00.0370 4548 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:18:00.0370 4548 iScsiPrt - ok
09:18:00.0386 4548 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:18:00.0386 4548 kbdclass - ok
09:18:00.0386 4548 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:18:00.0386 4548 kbdhid - ok
09:18:00.0417 4548 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
09:18:00.0417 4548 KSecDD - ok
09:18:00.0433 4548 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
09:18:00.0433 4548 KSecPkg - ok
09:18:00.0464 4548 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:18:00.0464 4548 lltdio - ok
09:18:00.0495 4548 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:18:00.0495 4548 LSI_FC - ok
09:18:00.0511 4548 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:18:00.0511 4548 LSI_SAS - ok
09:18:00.0542 4548 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:18:00.0542 4548 LSI_SAS2 - ok
09:18:00.0573 4548 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:18:00.0573 4548 LSI_SCSI - ok
09:18:00.0589 4548 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:18:00.0589 4548 luafv - ok
09:18:00.0682 4548 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:18:00.0682 4548 megasas - ok
09:18:00.0713 4548 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:18:00.0713 4548 MegaSR - ok
09:18:00.0745 4548 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:18:00.0745 4548 Modem - ok
09:18:00.0760 4548 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:18:00.0760 4548 monitor - ok
09:18:00.0791 4548 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys
09:18:00.0791 4548 motandroidusb - ok
09:18:00.0807 4548 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
09:18:00.0807 4548 motccgp - ok
09:18:00.0838 4548 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
09:18:00.0838 4548 motccgpfl - ok
09:18:00.0869 4548 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
09:18:00.0869 4548 motmodem - ok
09:18:00.0885 4548 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
09:18:00.0885 4548 MotoSwitchService - ok
09:18:00.0901 4548 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
09:18:00.0901 4548 Motousbnet - ok
09:18:00.0916 4548 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:18:00.0916 4548 mouclass - ok
09:18:00.0932 4548 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:18:00.0932 4548 mouhid - ok
09:18:00.0947 4548 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:18:00.0947 4548 mountmgr - ok
09:18:00.0963 4548 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:18:00.0963 4548 mpio - ok
09:18:00.0979 4548 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:18:00.0994 4548 mpsdrv - ok
09:18:01.0010 4548 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:18:01.0010 4548 MRxDAV - ok
09:18:01.0041 4548 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:18:01.0041 4548 mrxsmb - ok
09:18:01.0072 4548 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:18:01.0072 4548 mrxsmb10 - ok
09:18:01.0088 4548 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:18:01.0088 4548 mrxsmb20 - ok
09:18:01.0103 4548 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
09:18:01.0103 4548 msahci - ok
09:18:01.0119 4548 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:18:01.0119 4548 msdsm - ok
09:18:01.0150 4548 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:18:01.0150 4548 Msfs - ok
09:18:01.0166 4548 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:18:01.0166 4548 mshidkmdf - ok
09:18:01.0181 4548 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:18:01.0181 4548 msisadrv - ok
09:18:01.0213 4548 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:18:01.0213 4548 MSKSSRV - ok
09:18:01.0228 4548 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:18:01.0228 4548 MSPCLOCK - ok
09:18:01.0244 4548 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:18:01.0244 4548 MSPQM - ok
09:18:01.0259 4548 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:18:01.0259 4548 MsRPC - ok
09:18:01.0275 4548 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:18:01.0275 4548 mssmbios - ok
09:18:01.0275 4548 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:18:01.0275 4548 MSTEE - ok
09:18:01.0306 4548 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:18:01.0306 4548 MTConfig - ok
09:18:01.0322 4548 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:18:01.0322 4548 Mup - ok
09:18:01.0353 4548 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:18:01.0353 4548 NativeWifiP - ok
09:18:01.0384 4548 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:18:01.0384 4548 NDIS - ok
09:18:01.0400 4548 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:18:01.0400 4548 NdisCap - ok
09:18:01.0415 4548 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:18:01.0415 4548 NdisTapi - ok
09:18:01.0462 4548 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:18:01.0462 4548 Ndisuio - ok
09:18:01.0478 4548 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:18:01.0478 4548 NdisWan - ok
09:18:01.0493 4548 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:18:01.0493 4548 NDProxy - ok
09:18:01.0525 4548 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:18:01.0525 4548 NetBIOS - ok
09:18:01.0540 4548 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:18:01.0540 4548 NetBT - ok
09:18:01.0571 4548 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:18:01.0571 4548 nfrd960 - ok
09:18:01.0603 4548 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:18:01.0603 4548 Npfs - ok
09:18:01.0618 4548 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:18:01.0618 4548 nsiproxy - ok
09:18:01.0681 4548 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
09:18:01.0696 4548 Ntfs - ok
09:18:01.0727 4548 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:18:01.0727 4548 Null - ok
09:18:01.0743 4548 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
09:18:01.0743 4548 nvraid - ok
09:18:01.0774 4548 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
09:18:01.0774 4548 nvstor - ok
09:18:01.0790 4548 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:18:01.0790 4548 nv_agp - ok
09:18:01.0805 4548 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:18:01.0805 4548 ohci1394 - ok
09:18:01.0821 4548 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:18:01.0837 4548 Parport - ok
09:18:01.0852 4548 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:18:01.0852 4548 partmgr - ok
09:18:01.0852 4548 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:18:01.0868 4548 Parvdm - ok
09:18:01.0883 4548 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:18:01.0883 4548 pci - ok
09:18:01.0899 4548 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:18:01.0899 4548 pciide - ok
09:18:01.0930 4548 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:18:01.0930 4548 pcmcia - ok
09:18:01.0946 4548 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:18:01.0946 4548 pcw - ok
09:18:01.0961 4548 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:18:01.0977 4548 PEAUTH - ok
09:18:02.0039 4548 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:18:02.0039 4548 PptpMiniport - ok
09:18:02.0055 4548 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:18:02.0055 4548 Processor - ok
09:18:02.0086 4548 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:18:02.0086 4548 Psched - ok
09:18:02.0117 4548 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
09:18:02.0117 4548 PxHelp20 - ok
09:18:02.0164 4548 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:18:02.0195 4548 ql2300 - ok
09:18:02.0211 4548 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:18:02.0227 4548 ql40xx - ok
09:18:02.0242 4548 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:18:02.0242 4548 QWAVEdrv - ok
09:18:02.0258 4548 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:18:02.0258 4548 RasAcd - ok
09:18:02.0273 4548 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:02.0273 4548 RasAgileVpn - ok
09:18:02.0289 4548 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:02.0289 4548 Rasl2tp - ok
09:18:02.0320 4548 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:02.0320 4548 RasPppoe - ok
09:18:02.0320 4548 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:18:02.0336 4548 RasSstp - ok
09:18:02.0351 4548 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:18:02.0351 4548 rdbss - ok
09:18:02.0367 4548 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:18:02.0367 4548 rdpbus - ok
09:18:02.0383 4548 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:02.0383 4548 RDPCDD - ok
09:18:02.0414 4548 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:18:02.0414 4548 RDPENCDD - ok
09:18:02.0445 4548 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:18:02.0445 4548 RDPREFMP - ok
09:18:02.0461 4548 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:18:02.0461 4548 RDPWD - ok
09:18:02.0476 4548 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:18:02.0492 4548 rdyboost - ok
09:18:02.0507 4548 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
09:18:02.0507 4548 RimUsb - ok
09:18:02.0539 4548 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:18:02.0539 4548 rspndr - ok
09:18:02.0585 4548 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:18:02.0585 4548 RTL8167 - ok
09:18:02.0617 4548 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:18:02.0617 4548 sbp2port - ok
09:18:02.0632 4548 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:18:02.0648 4548 scfilter - ok
09:18:02.0663 4548 sdbus (882a3e55b88a15d4ad9c0b0c62e0bb8b) C:\Windows\system32\DRIVERS\sdbus.sys
09:18:02.0663 4548 sdbus - ok
09:18:02.0695 4548 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:18:02.0695 4548 secdrv - ok
09:18:02.0710 4548 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:18:02.0710 4548 Serenum - ok
09:18:02.0741 4548 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:18:02.0741 4548 Serial - ok
09:18:02.0757 4548 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:18:02.0757 4548 sermouse - ok
09:18:02.0788 4548 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:18:02.0788 4548 sffdisk - ok
09:18:02.0804 4548 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:18:02.0804 4548 sffp_mmc - ok
09:18:02.0819 4548 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:18:02.0819 4548 sffp_sd - ok
09:18:02.0835 4548 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:18:02.0851 4548 sfloppy - ok
09:18:02.0882 4548 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:18:02.0882 4548 sisagp - ok
09:18:02.0897 4548 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:18:02.0897 4548 SiSRaid2 - ok
09:18:02.0913 4548 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:18:02.0929 4548 SiSRaid4 - ok
09:18:02.0929 4548 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:18:02.0929 4548 Smb - ok
09:18:02.0960 4548 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:18:02.0960 4548 spldr - ok
09:18:03.0007 4548 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:18:03.0007 4548 srv - ok
09:18:03.0038 4548 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:18:03.0038 4548 srv2 - ok
09:18:03.0053 4548 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:18:03.0053 4548 srvnet - ok
09:18:03.0085 4548 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
09:18:03.0085 4548 ssadbus - ok
09:18:03.0100 4548 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
09:18:03.0100 4548 ssadmdfl - ok
09:18:03.0131 4548 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
09:18:03.0131 4548 ssadmdm - ok
09:18:03.0147 4548 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
09:18:03.0147 4548 ssadserd - ok
09:18:03.0163 4548 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
09:18:03.0163 4548 sscdbus - ok
09:18:03.0194 4548 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:18:03.0194 4548 sscdmdfl - ok
09:18:03.0209 4548 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
09:18:03.0209 4548 sscdmdm - ok
09:18:03.0241 4548 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:18:03.0241 4548 stexstor - ok
09:18:03.0272 4548 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:18:03.0272 4548 swenum - ok
09:18:03.0443 4548 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
09:18:03.0475 4548 Tcpip - ok
09:18:03.0490 4548 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
09:18:03.0506 4548 TCPIP6 - ok
09:18:03.0537 4548 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:18:03.0537 4548 tcpipreg - ok
09:18:03.0553 4548 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:18:03.0553 4548 TDPIPE - ok
09:18:03.0568 4548 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:18:03.0568 4548 TDTCP - ok
09:18:03.0599 4548 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:18:03.0599 4548 tdx - ok
09:18:03.0615 4548 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:18:03.0615 4548 TermDD - ok
09:18:03.0662 4548 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\Windows\system32\DRIVERS\tmactmon.sys
09:18:03.0662 4548 tmactmon - ok
09:18:03.0693 4548 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\Windows\system32\DRIVERS\tmcomm.sys
09:18:03.0693 4548 tmcomm - ok
09:18:03.0709 4548 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
09:18:03.0709 4548 tmevtmgr - ok
09:18:03.0755 4548 TmFilter (1d84c335eb869bbe64543c6945a1f3c9) c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
09:18:03.0755 4548 TmFilter - ok
09:18:03.0787 4548 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys
09:18:03.0787 4548 tmlwf - ok
09:18:03.0802 4548 TmPreFilter (7aab3fef8b19ae023ee05386f1b0a5dd) c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
09:18:03.0802 4548 TmPreFilter - ok
09:18:03.0818 4548 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
09:18:03.0818 4548 tmtdi - ok
09:18:03.0833 4548 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys
09:18:03.0849 4548 tmwfp - ok
09:18:03.0880 4548 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:03.0880 4548 tssecsrv - ok
09:18:03.0896 4548 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:18:03.0911 4548 tunnel - ok
09:18:03.0911 4548 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:18:03.0927 4548 uagp35 - ok
09:18:03.0943 4548 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
09:18:03.0958 4548 udfs - ok
09:18:03.0974 4548 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:18:03.0974 4548 uliagpkx - ok
09:18:03.0989 4548 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:18:03.0989 4548 umbus - ok
09:18:04.0021 4548 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:18:04.0021 4548 UmPass - ok
09:18:04.0052 4548 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:18:04.0052 4548 USBAAPL - ok
09:18:04.0067 4548 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:04.0083 4548 usbccgp - ok
09:18:04.0099 4548 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:18:04.0099 4548 usbcir - ok
09:18:04.0130 4548 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\DRIVERS\usbehci.sys
09:18:04.0130 4548 usbehci - ok
09:18:04.0145 4548 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
09:18:04.0145 4548 usbhub - ok
09:18:04.0177 4548 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
09:18:04.0177 4548 usbohci - ok
09:18:04.0192 4548 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:18:04.0208 4548 usbprint - ok
09:18:04.0223 4548 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:04.0239 4548 USBSTOR - ok
09:18:04.0255 4548 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:18:04.0255 4548 usbuhci - ok
09:18:04.0286 4548 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
09:18:04.0286 4548 usbvideo - ok
09:18:04.0301 4548 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:18:04.0301 4548 vdrvroot - ok
09:18:04.0333 4548 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:04.0333 4548 vga - ok
09:18:04.0348 4548 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:18:04.0348 4548 VgaSave - ok
09:18:04.0379 4548 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:18:04.0379 4548 vhdmp - ok
09:18:04.0395 4548 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:18:04.0395 4548 viaagp - ok
09:18:04.0442 4548 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:18:04.0442 4548 ViaC7 - ok
09:18:04.0457 4548 VIACRX86 (585d6a108b0101ce8aa7df648cf43d33) C:\Windows\system32\DRIVERS\viacr.sys
09:18:04.0457 4548 VIACRX86 - ok
09:18:04.0489 4548 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:18:04.0489 4548 viaide - ok
09:18:04.0504 4548 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:18:04.0504 4548 volmgr - ok
09:18:04.0535 4548 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:18:04.0535 4548 volmgrx - ok
09:18:04.0551 4548 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:18:04.0551 4548 volsnap - ok
09:18:04.0613 4548 VSApiNt (8b9325c1d1167a703042986df758d799) c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
09:18:04.0613 4548 VSApiNt - ok
09:18:04.0645 4548 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:18:04.0645 4548 vsmraid - ok
09:18:04.0660 4548 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:18:04.0660 4548 vwifibus - ok
09:18:04.0707 4548 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:18:04.0707 4548 vwififlt - ok
09:18:04.0723 4548 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:18:04.0738 4548 WacomPen - ok
09:18:04.0738 4548 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:18:04.0754 4548 WANARP - ok
09:18:04.0754 4548 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:18:04.0754 4548 Wanarpv6 - ok
09:18:04.0785 4548 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:18:04.0785 4548 Wd - ok
09:18:04.0816 4548 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:18:04.0816 4548 Wdf01000 - ok
09:18:04.0847 4548 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:04.0847 4548 WfpLwf - ok
09:18:04.0863 4548 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:18:04.0863 4548 WIMMount - ok
09:18:04.0910 4548 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
09:18:04.0910 4548 WinUsb - ok
09:18:04.0941 4548 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:18:04.0941 4548 WmiAcpi - ok
09:18:04.0972 4548 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:18:04.0972 4548 ws2ifsl - ok
09:18:05.0003 4548 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:18:05.0003 4548 WSDPrintDevice - ok
09:18:05.0035 4548 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
09:18:05.0035 4548 WudfPf - ok
09:18:05.0050 4548 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:05.0066 4548 WUDFRd - ok
09:18:05.0113 4548 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
09:18:05.0159 4548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:18:05.0159 4548 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:18:05.0159 4548 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
09:18:05.0175 4548 \Device\Harddisk1\DR1 - ok
09:18:05.0191 4548 Boot (0x1200) (0db4c33ea9f363aee0af064e13bb6ad7) \Device\Harddisk0\DR0\Partition0
09:18:05.0191 4548 \Device\Harddisk0\DR0\Partition0 - ok
09:18:05.0206 4548 Boot (0x1200) (2a3f22fa2109c39c816449beeba3b4d3) \Device\Harddisk0\DR0\Partition1
09:18:05.0206 4548 \Device\Harddisk0\DR0\Partition1 - ok
09:18:05.0222 4548 Boot (0x1200) (ca9f6e848545e1f9f048deba49bbf526) \Device\Harddisk1\DR1\Partition0
09:18:05.0222 4548 \Device\Harddisk1\DR1\Partition0 - ok
09:18:05.0222 4548 ============================================================
09:18:05.0222 4548 Scan finished
09:18:05.0222 4548 ============================================================
09:18:05.0222 4436 Detected object count: 1
09:18:05.0222 4436 Actual detected object count: 1
09:18:12.0320 4436 \Device\Harddisk0\DR0\# - copied to quarantine
09:18:12.0320 4436 \Device\Harddisk0\DR0 - copied to quarantine
09:18:12.0351 4436 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
09:18:12.0351 4436 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:18:12.0367 4436 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
09:18:12.0367 4436 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
09:18:12.0382 4436 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
09:18:12.0382 4436 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
09:18:12.0382 4436 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
09:18:12.0382 4436 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
09:18:12.0398 4436 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
09:18:12.0398 4436 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
09:18:12.0398 4436 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
09:18:12.0398 4436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:18:12.0398 4436 \Device\Harddisk0\DR0 - ok
09:18:12.0413 4436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:18:15.0377 4440 Deinitialize success



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 09:20:26
-----------------------------
09:20:26.472 OS Version: Windows 6.1.7600
09:20:26.472 Number of processors: 2 586 0x170A
09:20:26.472 ComputerName: CHEEKTOWAGAMAIN UserName: SalesRep
09:20:42.041 Initialize success
09:24:55.323 AVAST engine defs: 12022101
09:28:05.487 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:28:05.487 Disk 0 Vendor: ST3320418AS CC46 Size: 305245MB BusType: 3
09:28:05.518 Disk 0 MBR read successfully
09:28:05.518 Disk 0 MBR scan
09:28:05.518 Disk 0 Windows VISTA default MBR code
09:28:05.518 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:28:05.534 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
09:28:05.549 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
09:28:05.565 Disk 0 scanning sectors +625140400
09:28:05.612 Disk 0 scanning C:\Windows\system32\drivers
09:28:22.507 Service scanning
09:28:40.696 Service tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys **LOCKED** 5
09:28:48.917 Service tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys **LOCKED** 5
09:28:54.424 Service tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys **LOCKED** 5
09:28:58.184 Modules scanning
09:29:04.471 Disk 0 trace - called modules:
09:29:04.502 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
09:29:04.502 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e05030]
09:29:04.517 3 CLASSPNP.SYS[891ab59e] -> nt!IofCallDriver -> [0x85939918]
09:29:04.517 5 ACPI.sys[88e243b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859c6030]
09:29:08.246 AVAST engine scan C:\Windows
09:29:10.321 AVAST engine scan C:\Windows\system32
09:31:07.634 AVAST engine scan C:\Windows\system32\drivers
09:31:26.931 AVAST engine scan C:\Users\SalesRep
09:32:22.842 File: C:\Users\SalesRep\Downloads\SpywareToolbox.exe **INFECTED** Win32:Tibia-O [Trj]
09:32:24.152 AVAST engine scan C:\ProgramData
09:33:21.544 Scan finished successfully
09:43:08.621 Disk 0 MBR has been saved successfully to "C:\Users\SalesRep\Desktop\MBR.dat"
09:43:08.637 The log file has been saved successfully to "C:\Users\SalesRep\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:14 PM

Posted 22 February 2012 - 10:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Users\SalesRep\Downloads\SpywareToolbox.exe

Folder::
c:\users\SalesRep\AppData\Roaming\B2D2B
c:\program files\2BE5A

Driver::
MKHEUDZ
QJXCD
RYSZI

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 markm22

markm22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 22 February 2012 - 11:17 AM

so far so good.... thanks!


ComboFix 12-02-19.02 - SalesRep 02/22/2012 10:25:27.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1316 [GMT -5:00]
Running from: c:\users\SalesRep\Desktop\SpywareTools\ComboFix.exe
Command switches used :: c:\users\SalesRep\Desktop\CFScript.txt
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\SalesRep\Downloads\SpywareToolbox.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\2BE5A
c:\users\SalesRep\AppData\Roaming\B2D2B
c:\users\SalesRep\Downloads\SpywareToolbox.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MKHEUDZ
-------\Service_QJXCD
-------\Service_RYSZI
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 15:38 . 2012-02-22 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 14:18 . 2012-02-22 14:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 19:33 . 2012-02-22 16:01 -------- d-----w- c:\users\SalesRep\AppData\Local\temp
2012-02-19 16:06 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8B8F397-A31C-40D7-B7C9-2B9441677A8D}\mpengine.dll
2012-02-16 22:16 . 2012-02-16 22:16 14664 ----a-w- c:\windows\stinger.sys
2012-02-16 22:15 . 2012-02-16 23:05 -------- d-----w- c:\program files\stinger
2012-02-16 22:14 . 2012-02-16 22:14 -------- d-----w- C:\VundoFix Backups
2012-02-16 18:43 . 2012-02-16 18:43 -------- d-----w- c:\users\SalesRep\AppData\Local\ElevatedDiagnostics
2012-02-15 16:45 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 14:18 . 2012-02-15 14:18 -------- d-----w- c:\users\SalesRep\AppData\Roaming\AVG
2012-02-14 21:13 . 2012-02-14 21:13 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-02-11 19:07 . 2012-02-11 19:07 -------- d-----w- c:\program files\Dell Support Center
2012-01-25 18:04 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-25 18:04 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 18:04 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-25 18:04 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-25 18:04 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-25 18:04 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-25 18:04 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 18:04 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 18:04 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 18:04 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2011-08-03 13:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2011-11-20 16:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 20:02 . 2011-09-21 18:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-24 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-24 151064]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-03 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-11 230928]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-11 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 497008]
S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [2009-07-14 59392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-02-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = https://tlgposdotcom.cingular.com/v2/Login.html
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cingular.com\tlgposdotcom
Trusted Zone: yourwaresoftware.com\uspcs
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12 71.243.0.12
FF - ProfilePath - c:\users\SalesRep\AppData\Roaming\Mozilla\Firefox\Profiles\zbx71a9d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\windows\system32\conhost.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-02-22 11:07:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 16:07
ComboFix2.txt 2012-02-21 19:33
ComboFix3.txt 2012-02-21 15:32
.
Pre-Run: 268,224,667,648 bytes free
Post-Run: 268,156,911,616 bytes free
.
- - End Of File - - C3B2DE71622AECE0C5D22C4C2D1EF24C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users