Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Abnow redirect virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 CookieCrisp

CookieCrisp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 27 February 2012 - 09:46 PM

Hi guys, I've recently encountered the annoying and potentially devastating Abnow redirect virus.

Doing some research, I've found that my searches indeed are redirected towards that bogus site, and my computer has slowed noticeably.
I have searched for the (i guess) common HKEY registry additions to delete and other [random].exe files but could not find any.

I have ran Ad Aware and MBAM, and while they have detected and removed some threats, I am still getting the redirect.

Some important information: I have two partitions on my PC:
Windows 7 32-bit (infected)
Windows 7 64-bit (not redirecting, but I have nothing telling me why it wouldnt be able to spread there)

Here is the log. I will be happy to post any additional information, and I have DDS and GMER data.

one last thing: I won't be home or have internet access from Saturday (March 3rd) to Saturday (10th), so I apologize for the lack of response during that period.

Thanks for your consideration! I Really appreciate your time spent helping me.

Here is the DDS Log:
--------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.1
Run by Ryan 32 at 19:47:00 on 2012-02-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2815.1557 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
B:\Windows\system32\wininit.exe
B:\Windows\system32\lsm.exe
B:\Windows\system32\svchost.exe -k DcomLaunch
B:\Windows\system32\nvvsvc.exe
B:\Windows\system32\svchost.exe -k RPCSS
B:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
B:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
B:\Windows\system32\svchost.exe -k netsvcs
B:\Windows\system32\svchost.exe -k LocalService
B:\Windows\system32\svchost.exe -k NetworkService
B:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
B:\Windows\System32\spoolsv.exe
B:\Windows\system32\nvvsvc.exe
B:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
B:\Program Files\Bonjour\mDNSResponder.exe
B:\Windows\system32\CISVC.EXE
B:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
B:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
B:\Windows\system32\svchost.exe -k imgsvc
B:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
B:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
B:\Windows\system32\wbem\unsecapp.exe
B:\Windows\system32\taskhost.exe
B:\Windows\system32\taskeng.exe
B:\Windows\system32\wbem\wmiprvse.exe
B:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
B:\Windows\system32\Dwm.exe
B:\Program Files\ASUS\Wireless Console 3\wcourier.exe
B:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
B:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
B:\Windows\explorer.exe
B:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
B:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
B:\Program Files\Common Files\Java\Java Update\jusched.exe
B:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
B:\Program Files\Pure Networks\Network Magic\nmapp.exe
B:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
B:\Windows\System32\StikyNot.exe
B:\Program Files\Logitech\SetPoint\SetPoint.exe
B:\Windows\system32\SearchIndexer.exe
B:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
B:\Program Files\Windows Mail\WinMail.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
B:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
B:\Program Files\Windows Media Player\wmpnetwk.exe
B:\Users\Ryan 32\AppData\Local\Google\Chrome\Application\chrome.exe
B:\Users\Ryan 32\AppData\Local\Google\Chrome\Application\chrome.exe
B:\Users\Ryan 32\AppData\Local\Google\Chrome\Application\chrome.exe
B:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
B:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
B:\Windows\system32\taskeng.exe
B:\Windows\system32\DllHost.exe
B:\Windows\system32\DllHost.exe
B:\Windows\system32\conhost.exe
B:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=b:\users\ryan 32\appdata\local\34387960\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - b:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - b:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - b:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - b:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - b:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
uRun: [RESTART_STICKY_NOTES] b:\windows\system32\StikyNot.exe
uRun: [Google Update] "b:\users\ryan 32\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "b:\program files\steam\Steam.exe" -silent
uRun: [MusicManager] "b:\users\ryan 32\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE b:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Google Desktop Search] "b:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "b:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "b:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "b:\program files\common files\java\java update\jusched.exe"
mRun: [nmctxth] "b:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "b:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Malwarebytes' Anti-Malware] "b:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: b:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - b:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - b:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 128.180.2.9 128.180.1.3
TCP: Interfaces\{3867F16B-B426-4735-817A-506FFFA30BB1} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{6989A231-9226-489E-BF92-BECA86033143} : DhcpNameServer = 128.180.2.9 128.180.1.3
TCP: Interfaces\{B23CBF08-3AF6-4C3F-8444-234D7F135227} : DhcpNameServer = 128.180.2.9 128.180.1.3
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - b:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - b:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - b:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - b:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: b:\progra~1\google\google~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - b:\users\ryan 32\appdata\roaming\mozilla\firefox\profiles\76fluzup.default\
FF - plugin: b:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: b:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: b:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: b:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: b:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: b:\users\ryan 32\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: b:\users\ryan 32\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: b:\users\ryan 32\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: b:\windows\system32\npdeployJava1.dll
FF - plugin: b:\windows\system32\npmproxy.dll
FF - plugin: b:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;b:\windows\system32\drivers\Lbd.sys [2011-5-17 64512]
R1 vwififlt;Virtual WiFi Filter Driver;b:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 iPodDrv;iPodDrv;b:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;b:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2152152]
R2 MBAMService;MBAMService;b:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-27 652360]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;b:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
R3 MBAMProtector;MBAMProtector;b:\windows\system32\drivers\mbam.sys [2012-2-27 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;b:\windows\system32\drivers\mbamswissarmy.sys [2012-2-27 40776]
R3 RTL8167;Realtek 8167 NT Driver;b:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;b:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;b:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);b:\windows\system32\drivers\ssudbus.sys [2011-11-24 80184]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;b:\program files\google\google desktop search\GoogleDesktop.exe [2011-7-21 30192]
S3 NUMARK_NS7_MIDI;Numark NS7 WDM MIDI Device;b:\windows\system32\drivers\ns7_midi.sys [2009-11-13 30720]
S3 NUMARK_NS7_USB;Numark NS7 USB driver;b:\windows\system32\drivers\ns7_usb.sys [2009-11-13 477696]
S3 NUMARK_NS7_WDM;Numark NS7 WDM;b:\windows\system32\drivers\ns7_wdm.sys [2009-11-13 57344]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);b:\windows\system32\drivers\ssudmdm.sys [2011-11-24 181432]
S3 StorSvc;Storage Service;b:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;b:\windows\system32\drivers\TsUsbFlt.sys [2011-6-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;b:\windows\system32\wat\WatAdminSvc.exe [2010-8-20 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;b:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-28 00:45:22 40776 ----a-w- b:\windows\system32\drivers\mbamswissarmy.sys
2012-02-27 17:08:05 -------- d-----w- b:\users\ryan 32\appdata\roaming\Malwarebytes
2012-02-27 17:08:01 -------- d-----w- b:\programdata\Malwarebytes
2012-02-27 17:08:00 20464 ----a-w- b:\windows\system32\drivers\mbam.sys
2012-02-27 17:08:00 -------- d-----w- b:\program files\Malwarebytes' Anti-Malware
2012-02-27 16:55:50 -------- d-----w- b:\windows\system32\appmgmt
2012-02-27 05:31:33 -------- d-----w- B:\sh4ldr
2012-02-27 05:31:33 -------- d-----w- b:\program files\Enigma Software Group
2012-02-27 05:30:23 -------- d-----w- b:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-27 05:30:16 -------- d-----w- b:\program files\common files\Wise Installation Wizard
2012-02-27 00:31:51 -------- d-sh--w- b:\windows\system32\%APPDATA%
2012-02-27 00:28:02 -------- d-----w- b:\program files\coolpro2
2012-02-27 00:17:46 0 --sha-w- b:\windows\system32\dds_log_trash.cmd
2012-02-27 00:16:39 -------- d-sh--w- b:\users\ryan 32\appdata\local\34387960
2012-02-24 22:33:44 6552120 ----a-w- b:\programdata\microsoft\windows defender\definition updates\{614c3ffb-9d63-4e07-a293-decdae872938}\mpengine.dll
2012-02-20 20:44:15 -------- d-----w- b:\users\ryan 32\Rapid Evolution 3
2012-02-20 20:42:58 -------- d-----w- b:\program files\Rapid Evolution 3
2012-02-15 02:20:48 478720 ----a-w- b:\windows\system32\timedate.cpl
2012-02-15 02:20:46 690688 ----a-w- b:\windows\system32\msvcrt.dll
2012-02-15 02:20:46 442880 ----a-w- b:\windows\system32\ntshrui.dll
2012-02-15 02:20:41 2343424 ----a-w- b:\windows\system32\win32k.sys
2012-02-12 21:13:56 348160 ----a-w- b:\windows\system32\msvcr71.dll
2012-02-12 21:13:56 -------- d-----w- b:\program files\Mixed In Key 4
2012-02-12 21:12:05 -------- d-----w- b:\users\ryan 32\appdata\roaming\Philipp Winterberg
2012-02-12 21:12:01 -------- d-----w- b:\program files\Free RAR Extract Frog
2012-02-06 21:34:47 -------- d-----w- b:\program files\common files\SafeNet Sentinel
2012-02-06 21:31:29 -------- d-----w- b:\users\ryan 32\appdata\roaming\Tanner EDA
2012-02-06 21:31:29 -------- d-----w- b:\program files\Tanner EDA
2012-01-31 17:56:07 -------- d-----w- b:\users\ryan 32\appdata\local\{5CB69F9B-DA5E-417D-A628-94B908FC923C}
2012-01-31 17:55:57 -------- d-----w- b:\users\ryan 32\appdata\local\{74D9A7F7-4352-44F2-AA0A-149CEFDDF64F}
2012-01-31 01:57:37 -------- d-----w- b:\windows\en
2012-01-31 01:55:29 -------- d-----w- b:\program files\Microsoft SQL Server Compact Edition
2012-01-31 01:54:27 -------- d-----w- b:\windows\PCHEALTH
2012-01-31 01:52:33 69464 ----a-w- b:\windows\system32\XAPOFX1_3.dll
2012-01-31 01:52:33 515416 ----a-w- b:\windows\system32\XAudio2_5.dll
2012-01-31 01:52:33 453456 ----a-w- b:\windows\system32\d3dx10_42.dll
2012-01-31 01:52:01 3426072 ----a-w- b:\windows\system32\d3dx9_32.dll
2012-01-31 01:51:44 15712 ----a-w- b:\program files\common files\windows live\.cache\e27fb0841ccdfba04\MeshBetaRemover.exe
2012-01-31 01:51:40 94040 ----a-w- b:\program files\common files\windows live\.cache\dfb38db81ccdfba03\DSETUP.dll
2012-01-31 01:51:40 525656 ----a-w- b:\program files\common files\windows live\.cache\dfb38db81ccdfba03\DXSETUP.exe
2012-01-31 01:51:40 1691480 ----a-w- b:\program files\common files\windows live\.cache\dfb38db81ccdfba03\dsetup32.dll
2012-01-31 01:51:37 94040 ----a-w- b:\program files\common files\windows live\.cache\dca72cab1ccdfba02\DSETUP.dll
2012-01-31 01:51:37 525656 ----a-w- b:\program files\common files\windows live\.cache\dca72cab1ccdfba02\DXSETUP.exe
2012-01-31 01:51:37 1691480 ----a-w- b:\program files\common files\windows live\.cache\dca72cab1ccdfba02\dsetup32.dll
2012-01-31 01:50:50 -------- d-----w- b:\users\ryan 32\appdata\local\Windows Live
2012-01-31 01:50:49 -------- d-----w- b:\program files\common files\Windows Live
2012-01-31 01:50:03 -------- d-----w- b:\users\ryan 32\appdata\local\{83CBF6F5-EFC7-4966-A17E-9C939F90C458}
2012-01-29 21:17:21 -------- d-----w- b:\users\ryan 32\appdata\roaming\Unified Remote
2012-01-29 21:16:53 -------- d-----w- b:\program files\Unified Remote
.
==================== Find3M ====================
.
2012-01-29 10:10:42 237072 ------w- b:\windows\system32\MpSigStub.exe
2012-01-06 05:25:42 444952 ----a-w- b:\windows\system32\wrap_oal.dll
2012-01-06 05:25:42 109080 ----a-w- b:\windows\system32\OpenAL32.dll
2011-12-14 03:04:54 1798656 ----a-w- b:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- b:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- b:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- b:\windows\system32\mshtml.tlb
.
============= FINISH: 19:48:00.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 28 February 2012 - 02:06 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CookieCrisp

CookieCrisp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 28 February 2012 - 01:46 PM

Thank you for the quick response Gringo! I appreciate your time and effort put into this matter.

I ran ComboFix, and despite my best effort to disable Ad-Aware, ComboFix complained about it. I decided to push through anyway, and everything turned out to be okay. During the ComboFix run, a few boxes came up with random windows processes had stopped, but nothing too severe. Combofix mentioned that I had the ZeroAccess Rootkit, which, from my research is a pretty bad thing.

following the combofix process, my searches are not routed to abnow anymore. I'm not sure if my computer is any faster or slower. I'm not sure if everything is OK, but the symptom of being rerouted is gone.

Here is the combofix logfile:
--------------------------------------------------------------

ComboFix 12-02-27.02 - Ryan 32 02/28/2012 13:17:09.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2815.2085 [GMT -5:00]
Running from: b:\users\Ryan 32\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
b:\users\Ryan 32\AppData\Local\34387960\U
b:\users\Ryan 32\AppData\Local\34387960\U\00000001.@
b:\users\Ryan 32\AppData\Local\34387960\U\000000c0.@
b:\users\Ryan 32\AppData\Local\34387960\U\000000cb.@
b:\users\Ryan 32\AppData\Local\34387960\U\000000cf.@
b:\users\Ryan 32\AppData\Local\34387960\U\80000000.@
b:\users\Ryan 32\AppData\Local\34387960\U\800000c0.@
b:\users\Ryan 32\AppData\Local\34387960\U\800000cb.@
b:\users\Ryan 32\AppData\Local\34387960\U\800000cf.@
b:\users\Ryan 32\AppData\Local\34387960\X
b:\windows\$NtUninstallKB45735$
b:\windows\$NtUninstallKB45735$\2875336882
b:\windows\$NtUninstallKB45735$\876116320\@
b:\windows\$NtUninstallKB45735$\876116320\L\xadqgnnk
b:\windows\$NtUninstallKB45735$\876116320\loader.tlb
b:\windows\$NtUninstallKB45735$\876116320\U\@00000001
b:\windows\$NtUninstallKB45735$\876116320\U\@000000c0
b:\windows\$NtUninstallKB45735$\876116320\U\@000000cb
b:\windows\$NtUninstallKB45735$\876116320\U\@000000cf
b:\windows\$NtUninstallKB45735$\876116320\U\@80000000
b:\windows\$NtUninstallKB45735$\876116320\U\@800000c0
b:\windows\$NtUninstallKB45735$\876116320\U\@800000cb
b:\windows\$NtUninstallKB45735$\876116320\U\@800000cf
b:\windows\system32\a8djusb.dll
b:\windows\system32\alertservice.dll
b:\windows\system32\ashampoodefragservice.dll
b:\windows\system32\aswlsvc.dll
b:\windows\system32\ati2mpaa.dll
b:\windows\system32\Atmuni.dll
b:\windows\system32\automate6.dll
b:\windows\system32\bthusb.dll
b:\windows\system32\Cap7134.dll
b:\windows\system32\cmdagent.dll
b:\windows\system32\cpqfcalm.dll
b:\windows\system32\DCamUSBEMPIA.dll
b:\windows\system32\enxpsvr.dll
b:\windows\system32\EpmPsd.dll
b:\windows\system32\generichidservice.dll
b:\windows\system32\GMSIPCI.dll
b:\windows\system32\hidgame.dll
b:\windows\system32\iastor.dll
b:\windows\system32\ikfilesec.dll
b:\windows\system32\intelide.dll
b:\windows\system32\ipsecmon.dll
b:\windows\system32\lmimirr.dll
b:\windows\system32\lvupdtio.dll
b:\windows\system32\lxdj_device.dll
b:\windows\system32\mbr.dll
b:\windows\system32\MRESP50.dll
b:\windows\system32\MXOPSWD.dll
b:\windows\system32\nim32.dll
b:\windows\system32\NWADI.dll
b:\windows\system32\om518p.dll
b:\windows\system32\owstimer.dll
b:\windows\system32\pae_1394.dll
b:\windows\system32\pdrframe.dll
b:\windows\system32\Pnp680r.dll
b:\windows\system32\psdistributionagent.dll
b:\windows\system32\PSDNServ.dll
b:\windows\system32\racsvc.dll
b:\windows\system32\rasacd.dll
b:\windows\system32\s3savagenb.dll
b:\windows\system32\SGHIDI.dll
b:\windows\system32\SlNtHal.dll
b:\windows\system32\snapman380.dll
b:\windows\system32\ss_mdfl.dll
b:\windows\system32\sysaidagent.dll
b:\windows\system32\tvtnetwk.dll
b:\windows\system32\Uim_IM.dll
b:\windows\system32\USBMN1X1.dll
b:\windows\system32\vds.dll
b:\windows\system32\w200mgmt.dll
b:\windows\system32\w550mdm.dll
b:\windows\system32\wuauserv.dll
.
Infected copy of b:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aclient
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 18:26 . 2012-02-28 18:29 -------- d-----w- b:\users\Ryan 32\AppData\Local\temp
2012-02-28 18:26 . 2012-02-28 18:26 -------- d-----w- b:\users\Default\AppData\Local\temp
2012-02-28 18:25 . 2012-02-28 18:25 56200 ----a-w- b:\programdata\Microsoft\Windows Defender\Definition Updates\{614C3FFB-9D63-4E07-A293-DECDAE872938}\offreg.dll
2012-02-28 18:14 . 2010-11-20 08:39 187904 ----a-w- b:\windows\system32\drivers\netbt.sys
2012-02-27 17:08 . 2012-02-27 17:08 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Malwarebytes
2012-02-27 17:08 . 2012-02-27 17:08 -------- d-----w- b:\programdata\Malwarebytes
2012-02-27 17:08 . 2012-02-27 17:08 -------- d-----w- b:\program files\Malwarebytes' Anti-Malware
2012-02-27 17:08 . 2011-12-10 20:24 20464 ----a-w- b:\windows\system32\drivers\mbam.sys
2012-02-27 05:31 . 2012-02-27 16:55 -------- d-----w- B:\sh4ldr
2012-02-27 05:31 . 2012-02-27 05:31 -------- d-----w- b:\program files\Enigma Software Group
2012-02-27 05:30 . 2012-02-27 16:55 -------- d-----w- b:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-27 05:30 . 2012-02-27 05:30 -------- d-----w- b:\program files\Common Files\Wise Installation Wizard
2012-02-27 00:31 . 2012-02-27 00:31 -------- d-sh--w- b:\windows\system32\%APPDATA%
2012-02-27 00:28 . 2012-02-27 00:33 -------- d-----w- b:\program files\coolpro2
2012-02-27 00:17 . 2012-02-28 17:45 0 --sha-w- b:\windows\system32\dds_log_trash.cmd
2012-02-27 00:16 . 2012-02-28 18:26 -------- d-sh--w- b:\users\Ryan 32\AppData\Local\34387960
2012-02-27 00:03 . 2012-02-27 00:03 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Syntrillium
2012-02-24 22:33 . 2012-02-08 06:03 6552120 ----a-w- b:\programdata\Microsoft\Windows Defender\Definition Updates\{614C3FFB-9D63-4E07-A293-DECDAE872938}\mpengine.dll
2012-02-20 20:44 . 2012-02-21 20:31 -------- d-----w- b:\users\Ryan 32\Rapid Evolution 3
2012-02-20 20:42 . 2012-02-20 20:43 -------- d-----w- b:\program files\Rapid Evolution 3
2012-02-15 02:20 . 2011-12-30 05:27 478720 ----a-w- b:\windows\system32\timedate.cpl
2012-02-15 02:20 . 2012-01-04 08:58 442880 ----a-w- b:\windows\system32\ntshrui.dll
2012-02-15 02:20 . 2011-12-16 07:52 690688 ----a-w- b:\windows\system32\msvcrt.dll
2012-02-15 02:20 . 2012-01-14 03:35 2343424 ----a-w- b:\windows\system32\win32k.sys
2012-02-12 21:13 . 2012-02-20 20:32 -------- d-----w- b:\program files\Mixed In Key 4
2012-02-12 21:13 . 2007-09-13 22:30 348160 ----a-w- b:\windows\system32\msvcr71.dll
2012-02-12 21:12 . 2012-02-12 21:12 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Philipp Winterberg
2012-02-12 21:12 . 2012-02-12 21:12 -------- d-----w- b:\program files\Free RAR Extract Frog
2012-02-06 21:34 . 2012-02-06 21:34 -------- d-----w- b:\program files\Common Files\SafeNet Sentinel
2012-02-06 21:31 . 2012-02-15 02:43 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Tanner EDA
2012-02-06 21:31 . 2012-02-15 02:43 -------- d-----w- b:\program files\Tanner EDA
2012-01-31 01:57 . 2012-01-31 01:57 -------- d-----w- b:\windows\en
2012-01-31 01:55 . 2012-01-31 01:55 -------- d-----w- b:\program files\Microsoft SQL Server Compact Edition
2012-01-31 01:54 . 2012-01-31 01:54 -------- d-----w- b:\windows\PCHEALTH
2012-01-31 01:53 . 2012-01-31 01:57 -------- d-----w- b:\program files\Windows Live
2012-01-31 01:52 . 2009-09-04 22:44 69464 ----a-w- b:\windows\system32\XAPOFX1_3.dll
2012-01-31 01:52 . 2009-09-04 22:44 515416 ----a-w- b:\windows\system32\XAudio2_5.dll
2012-01-31 01:52 . 2009-09-04 22:29 453456 ----a-w- b:\windows\system32\d3dx10_42.dll
2012-01-31 01:52 . 2006-11-29 18:06 3426072 ----a-w- b:\windows\system32\d3dx9_32.dll
2012-01-31 01:50 . 2012-01-31 17:56 -------- d-----w- b:\users\Ryan 32\AppData\Local\Windows Live
2012-01-31 01:50 . 2012-01-31 01:50 -------- d-----w- b:\program files\Common Files\Windows Live
2012-01-29 21:17 . 2012-01-29 21:17 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Unified Remote
2012-01-29 21:16 . 2012-01-29 21:16 -------- d-----w- b:\program files\Unified Remote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 01:53 . 2011-03-28 23:36 18328 ----a-w- b:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-29 10:10 . 2010-08-20 18:40 237072 ------w- b:\windows\system32\MpSigStub.exe
2012-01-16 06:04 . 2012-01-16 06:04 65536 ----a-r- b:\users\Ryan 32\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-01-06 05:25 . 2012-01-06 05:25 444952 ----a-w- b:\windows\system32\wrap_oal.dll
2012-01-06 05:25 . 2012-01-06 05:25 109080 ----a-w- b:\windows\system32\OpenAL32.dll
2012-01-26 05:52 . 2011-05-15 02:17 121816 ----a-w- b:\program files\mozilla firefox\components\browsercomps.dll
2011-07-21 21:40 . 2011-07-21 21:40 119808 ----a-w- b:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="b:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Steam"="b:\program files\Steam\Steam.exe" [2012-01-06 1242448]
"MusicManager"="b:\users\Ryan 32\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-01-11 13224448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="b:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Google Desktop Search"="b:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-21 30192]
"Adobe Reader Speed Launcher"="b:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="b:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="b:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"nmctxth"="b:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="b:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Malwarebytes' Anti-Malware"="b:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
b:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - b:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-13 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- b:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=b:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\B:^Users^Ryan 32^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=b:\users\Ryan 32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=b:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- b:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- b:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-11 20:17 136176 ----atw- b:\users\Ryan 32\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- b:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- b:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-12-29 22:34 735608 ----a-w- b:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- b:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;b:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);b:\windows\system32\DRIVERS\ssudbus.sys [2011-11-25 80184]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;b:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-21 30192]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;b:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;b:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 NUMARK_NS7_MIDI;Numark NS7 WDM MIDI Device;b:\windows\system32\drivers\ns7_midi.sys [2009-11-13 30720]
R3 NUMARK_NS7_USB;Numark NS7 USB driver;b:\windows\system32\Drivers\ns7_usb.sys [2009-11-13 477696]
R3 NUMARK_NS7_WDM;Numark NS7 WDM;b:\windows\system32\drivers\ns7_wdm.sys [2009-11-13 57344]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);b:\windows\system32\DRIVERS\ssudmdm.sys [2011-11-25 181432]
R3 TsUsbFlt;TsUsbFlt;b:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;b:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;b:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;b:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S1 vwififlt;Virtual WiFi Filter Driver;b:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 iPodDrv;iPodDrv;b:\windows\system32\drivers\iPodDrv.sys [2011-03-10 6656]
S2 MBAMService;MBAMService;b:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;b:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;b:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
SiSRaid
A88xEnc
dwusbdnt
aspi32
mi-raysat_3dsmax9_32
se44nd5
iAimFP7
tversitymediaserver
SQTECH905C
ps2
SilverLink
ati2mtag
VirtualCam
2wirepcp
Alpham1
ICAM5USB
DSXUSB
epgspooler
w200mdm
MASPINT
VNUSB
dvd-ram_service
transbaseservice
nvatabus
vmm
se26nd5
plscsi
dpti2o
syntp
smcirda
xnacc
vcsw
zpjobq
apache
nvedavt
smstsmgr
asctrm
snac
uscbs108
clsched
mferkdk
w800mdm
iAimFP6
M2500
digisptiservice
cvspydr2
CoachVc
s3ssavage
SeaPort
bcm43xx
mnsframework
viaagp1
aclient
WNIPROT5
VRFIL
racsvc
iaimtv2
hsxhwazl
nmwcdc
ss_bus
cdr4_xp
dlcj_device
sonicstagemonitoring
lexbces
ALYac_PZSrv
as32svc
wwnetdde
dlaudfam
niorbk
RTSTOR
vnxservice
downloadmanagerlite
Exportit
server
tosrfhid
zpnodecollector
fingrd32
tavsvc
RAPIProtocol
macformatservice
TIEHDUSB
acs
se59mdm
sit_flt
ctxcpusched
ASDR
nicser_wmp11
NPPTNT
TeamViewer
ATMsg
tangoservice
TBPanel
spmgr
iaimtv1
caccprovsp
xpagentserver
se44mgmt
iAimTV6
s7oppitx
n558
imonitor
SymIMMP
adiloader
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 b:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2831552950-2453436779-1420864200-1001Core.job
- b:\users\Ryan 32\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 20:17]
.
2012-02-28 b:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2831552950-2453436779-1420864200-1001UA.job
- b:\users\Ryan 32\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 128.180.2.9 128.180.1.3
FF - ProfilePath - b:\users\Ryan 32\AppData\Roaming\Mozilla\Firefox\Profiles\76fluzup.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3260)
b:\program files\Logitech\SetPoint\IMHook.dll
b:\program files\Logitech\SetPoint\GameHook.dll
b:\program files\Logitech\SetPoint\lgscroll.dll
b:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
b:\windows\system32\nvvsvc.exe
b:\windows\system32\nvvsvc.exe
b:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
b:\program files\Bonjour\mDNSResponder.exe
b:\windows\system32\CISVC.EXE
b:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
b:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
b:\windows\system32\taskhost.exe
b:\windows\system32\conhost.exe
b:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
b:\program files\Windows Mail\WinMail.exe
b:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-28 13:33:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 18:33
.
Pre-Run: 18,981,953,536 bytes free
Post-Run: 18,984,120,320 bytes free
.
- - End Of File - - 96C3B995B45B5CE8844C710E2D9296B5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 28 February 2012 - 04:07 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CookieCrisp

CookieCrisp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 28 February 2012 - 07:20 PM

I ran the TDSS rootkit Killer and nothing was found! :D

I also ran aswMBR. shown below are the respective reports and logs.

Again! Thanks for your time!


-------------------------------------
16:10:05.0080 3616 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:10:05.0306 3616 ============================================================
16:10:05.0307 3616 Current date / time: 2012/02/28 16:10:05.0306
16:10:05.0307 3616 SystemInfo:
16:10:05.0307 3616
16:10:05.0307 3616 OS Version: 6.1.7601 ServicePack: 1.0
16:10:05.0307 3616 Product type: Workstation
16:10:05.0307 3616 ComputerName: RYAN32-PC
16:10:05.0307 3616 UserName: Ryan 32
16:10:05.0307 3616 Windows directory: B:\Windows
16:10:05.0307 3616 System windows directory: B:\Windows
16:10:05.0307 3616 Processor architecture: Intel x86
16:10:05.0307 3616 Number of processors: 2
16:10:05.0307 3616 Page size: 0x1000
16:10:05.0307 3616 Boot type: Normal boot
16:10:05.0307 3616 ============================================================
16:10:06.0812 3616 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:10:10.0582 3616 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:10:10.0585 3616 \Device\Harddisk0\DR0:
16:10:10.0641 3616 MBR used
16:10:10.0641 3616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x32A6CAB6
16:10:10.0641 3616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x341DE000, BlocksNum 0x61A7800
16:10:10.0641 3616 \Device\Harddisk1\DR1:
16:10:10.0641 3616 MBR used
16:10:10.0641 3616 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
16:10:10.0782 3616 Initialize success
16:10:10.0782 3616 ============================================================
16:10:12.0641 0652 ============================================================
16:10:12.0642 0652 Scan started
16:10:12.0642 0652 Mode: Manual;
16:10:12.0642 0652 ============================================================
16:10:14.0158 0652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) B:\Windows\system32\drivers\1394ohci.sys
16:10:14.0161 0652 1394ohci - ok
16:10:14.0244 0652 ACPI (cea80c80bed809aa0da6febc04733349) B:\Windows\system32\drivers\ACPI.sys
16:10:14.0246 0652 ACPI - ok
16:10:14.0298 0652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) B:\Windows\system32\drivers\acpipmi.sys
16:10:14.0300 0652 AcpiPmi - ok
16:10:14.0398 0652 adp94xx (21e785ebd7dc90a06391141aac7892fb) B:\Windows\system32\DRIVERS\adp94xx.sys
16:10:14.0405 0652 adp94xx - ok
16:10:14.0439 0652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) B:\Windows\system32\DRIVERS\adpahci.sys
16:10:14.0445 0652 adpahci - ok
16:10:14.0468 0652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) B:\Windows\system32\DRIVERS\adpu320.sys
16:10:14.0472 0652 adpu320 - ok
16:10:14.0568 0652 AFD (9ebbba55060f786f0fcaa3893bfa2806) B:\Windows\system32\drivers\afd.sys
16:10:14.0574 0652 AFD - ok
16:10:14.0654 0652 agp440 (507812c3054c21cef746b6ee3d04dd6e) B:\Windows\system32\drivers\agp440.sys
16:10:14.0657 0652 agp440 - ok
16:10:14.0735 0652 aic78xx (8b30250d573a8f6b4bd23195160d8707) B:\Windows\system32\DRIVERS\djsvs.sys
16:10:14.0737 0652 aic78xx - ok
16:10:14.0815 0652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) B:\Windows\system32\drivers\aliide.sys
16:10:14.0817 0652 aliide - ok
16:10:14.0848 0652 amdagp (3c6600a0696e90a463771c7422e23ab5) B:\Windows\system32\drivers\amdagp.sys
16:10:14.0850 0652 amdagp - ok
16:10:14.0868 0652 amdide (cd5914170297126b6266860198d1d4f0) B:\Windows\system32\drivers\amdide.sys
16:10:14.0869 0652 amdide - ok
16:10:14.0914 0652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) B:\Windows\system32\DRIVERS\amdk8.sys
16:10:14.0916 0652 AmdK8 - ok
16:10:14.0939 0652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) B:\Windows\system32\DRIVERS\amdppm.sys
16:10:14.0941 0652 AmdPPM - ok
16:10:14.0964 0652 amdsata (d320bf87125326f996d4904fe24300fc) B:\Windows\system32\drivers\amdsata.sys
16:10:14.0967 0652 amdsata - ok
16:10:15.0010 0652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) B:\Windows\system32\DRIVERS\amdsbs.sys
16:10:15.0013 0652 amdsbs - ok
16:10:15.0028 0652 amdxata (46387fb17b086d16dea267d5be23a2f2) B:\Windows\system32\drivers\amdxata.sys
16:10:15.0029 0652 amdxata - ok
16:10:15.0080 0652 AppID (aea177f783e20150ace5383ee368da19) B:\Windows\system32\drivers\appid.sys
16:10:15.0082 0652 AppID - ok
16:10:15.0173 0652 arc (2932004f49677bd84dbc72edb754ffb3) B:\Windows\system32\DRIVERS\arc.sys
16:10:15.0175 0652 arc - ok
16:10:15.0199 0652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) B:\Windows\system32\DRIVERS\arcsas.sys
16:10:15.0201 0652 arcsas - ok
16:10:15.0294 0652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) B:\Windows\system32\DRIVERS\asyncmac.sys
16:10:15.0295 0652 AsyncMac - ok
16:10:15.0335 0652 atapi (338c86357871c167a96ab976519bf59e) B:\Windows\system32\drivers\atapi.sys
16:10:15.0336 0652 atapi - ok
16:10:15.0400 0652 athr (b01751cc563aecac09bbe36aaa21fbef) B:\Windows\system32\DRIVERS\athr.sys
16:10:15.0456 0652 athr - ok
16:10:15.0621 0652 b06bdrv (1a231abec60fd316ec54c66715543cec) B:\Windows\system32\DRIVERS\bxvbdx.sys
16:10:15.0628 0652 b06bdrv - ok
16:10:15.0684 0652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) B:\Windows\system32\DRIVERS\b57nd60x.sys
16:10:15.0688 0652 b57nd60x - ok
16:10:15.0735 0652 Beep (505506526a9d467307b3c393dedaf858) B:\Windows\system32\drivers\Beep.sys
16:10:15.0737 0652 Beep - ok
16:10:15.0817 0652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) B:\Windows\system32\DRIVERS\blbdrive.sys
16:10:15.0819 0652 blbdrive - ok
16:10:15.0908 0652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) B:\Windows\system32\DRIVERS\bowser.sys
16:10:15.0910 0652 bowser - ok
16:10:15.0938 0652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) B:\Windows\system32\DRIVERS\BrFiltLo.sys
16:10:15.0939 0652 BrFiltLo - ok
16:10:15.0954 0652 BrFiltUp (56801ad62213a41f6497f96dee83755a) B:\Windows\system32\DRIVERS\BrFiltUp.sys
16:10:15.0955 0652 BrFiltUp - ok
16:10:15.0993 0652 Bridge (77361d72a04f18809d0efb6cceb74d4b) B:\Windows\system32\DRIVERS\bridge.sys
16:10:15.0995 0652 Bridge - ok
16:10:16.0012 0652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) B:\Windows\system32\DRIVERS\bridge.sys
16:10:16.0013 0652 BridgeMP - ok
16:10:16.0049 0652 Brserid (845b8ce732e67f3b4133164868c666ea) B:\Windows\System32\Drivers\Brserid.sys
16:10:16.0054 0652 Brserid - ok
16:10:16.0076 0652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) B:\Windows\System32\Drivers\BrSerWdm.sys
16:10:16.0139 0652 BrSerWdm - ok
16:10:16.0168 0652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) B:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:16.0170 0652 BrUsbMdm - ok
16:10:16.0191 0652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) B:\Windows\System32\Drivers\BrUsbSer.sys
16:10:16.0193 0652 BrUsbSer - ok
16:10:16.0222 0652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) B:\Windows\system32\DRIVERS\bthmodem.sys
16:10:16.0224 0652 BTHMODEM - ok
16:10:16.0338 0652 catchme - ok
16:10:16.0435 0652 cdfs (77ea11b065e0a8ab902d78145ca51e10) B:\Windows\system32\DRIVERS\cdfs.sys
16:10:16.0437 0652 cdfs - ok
16:10:16.0504 0652 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) B:\Windows\system32\drivers\cdrom.sys
16:10:16.0507 0652 cdrom - ok
16:10:16.0542 0652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) B:\Windows\system32\DRIVERS\circlass.sys
16:10:16.0544 0652 circlass - ok
16:10:16.0648 0652 CLFS (635181e0e9bbf16871bf5380d71db02d) B:\Windows\system32\CLFS.sys
16:10:16.0651 0652 CLFS - ok
16:10:16.0832 0652 CmBatt (dea805815e587dad1dd2c502220b5616) B:\Windows\system32\DRIVERS\CmBatt.sys
16:10:16.0834 0652 CmBatt - ok
16:10:16.0878 0652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) B:\Windows\system32\drivers\cmdide.sys
16:10:16.0880 0652 cmdide - ok
16:10:16.0924 0652 CNG (6427525d76f61d0c519b008d3680e8e7) B:\Windows\system32\Drivers\cng.sys
16:10:16.0930 0652 CNG - ok
16:10:16.0964 0652 Compbatt (a6023d3823c37043986713f118a89bee) B:\Windows\system32\DRIVERS\compbatt.sys
16:10:16.0965 0652 Compbatt - ok
16:10:16.0987 0652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) B:\Windows\system32\drivers\CompositeBus.sys
16:10:16.0988 0652 CompositeBus - ok
16:10:17.0077 0652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) B:\Windows\system32\DRIVERS\crcdisk.sys
16:10:17.0078 0652 crcdisk - ok
16:10:17.0156 0652 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) B:\Windows\system32\drivers\csc.sys
16:10:17.0159 0652 CSC - ok
16:10:17.0224 0652 DfsC (f024449c97ec1e464aaffda18593db88) B:\Windows\system32\Drivers\dfsc.sys
16:10:17.0225 0652 DfsC - ok
16:10:17.0285 0652 dg_ssudbus (919f338fd36f47d860775368d0748780) B:\Windows\system32\DRIVERS\ssudbus.sys
16:10:17.0288 0652 dg_ssudbus - ok
16:10:17.0387 0652 discache (1a050b0274bfb3890703d490f330c0da) B:\Windows\system32\drivers\discache.sys
16:10:17.0388 0652 discache - ok
16:10:17.0478 0652 Disk (565003f326f99802e68ca78f2a68e9ff) B:\Windows\system32\DRIVERS\disk.sys
16:10:17.0479 0652 Disk - ok
16:10:17.0559 0652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) B:\Windows\system32\drivers\drmkaud.sys
16:10:17.0560 0652 drmkaud - ok
16:10:17.0647 0652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) B:\Windows\System32\drivers\dxgkrnl.sys
16:10:17.0658 0652 DXGKrnl - ok
16:10:17.0807 0652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) B:\Windows\system32\DRIVERS\evbdx.sys
16:10:17.0919 0652 ebdrv - ok
16:10:17.0981 0652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) B:\Windows\system32\DRIVERS\elxstor.sys
16:10:17.0989 0652 elxstor - ok
16:10:18.0017 0652 ErrDev (8fc3208352dd3912c94367a206ab3f11) B:\Windows\system32\drivers\errdev.sys
16:10:18.0019 0652 ErrDev - ok
16:10:18.0053 0652 exfat (2dc9108d74081149cc8b651d3a26207f) B:\Windows\system32\drivers\exfat.sys
16:10:18.0056 0652 exfat - ok
16:10:18.0085 0652 fastfat (7e0ab74553476622fb6ae36f73d97d35) B:\Windows\system32\drivers\fastfat.sys
16:10:18.0089 0652 fastfat - ok
16:10:18.0123 0652 fdc (e817a017f82df2a1f8cfdbda29388b29) B:\Windows\system32\DRIVERS\fdc.sys
16:10:18.0256 0652 fdc - ok
16:10:18.0292 0652 FileInfo (6cf00369c97f3cf563be99be983d13d8) B:\Windows\system32\drivers\fileinfo.sys
16:10:18.0294 0652 FileInfo - ok
16:10:18.0317 0652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) B:\Windows\system32\drivers\filetrace.sys
16:10:18.0319 0652 Filetrace - ok
16:10:18.0355 0652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) B:\Windows\system32\DRIVERS\flpydisk.sys
16:10:18.0357 0652 flpydisk - ok
16:10:18.0382 0652 FltMgr (7520ec808e0c35e0ee6f841294316653) B:\Windows\system32\drivers\fltmgr.sys
16:10:18.0387 0652 FltMgr - ok
16:10:18.0410 0652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) B:\Windows\system32\drivers\FsDepends.sys
16:10:18.0412 0652 FsDepends - ok
16:10:18.0427 0652 Fs_Rec (a574b4360e438977038aae4bf60d79a2) B:\Windows\system32\drivers\Fs_Rec.sys
16:10:18.0429 0652 Fs_Rec - ok
16:10:18.0488 0652 fvevol (8a73e79089b282100b9393b644cb853b) B:\Windows\system32\DRIVERS\fvevol.sys
16:10:18.0489 0652 fvevol - ok
16:10:18.0524 0652 gagp30kx (65ee0c7a58b65e74ae05637418153938) B:\Windows\system32\DRIVERS\gagp30kx.sys
16:10:18.0526 0652 gagp30kx - ok
16:10:18.0614 0652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) B:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:10:18.0618 0652 GEARAspiWDM - ok
16:10:18.0695 0652 giveio (77ebf3e9386daa51551af429052d88d0) B:\Windows\system32\giveio.sys
16:10:18.0697 0652 giveio - ok
16:10:18.0775 0652 hcw85cir (c44e3c2bab6837db337ddee7544736db) B:\Windows\system32\drivers\hcw85cir.sys
16:10:18.0777 0652 hcw85cir - ok
16:10:18.0843 0652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) B:\Windows\system32\drivers\HdAudio.sys
16:10:18.0848 0652 HdAudAddService - ok
16:10:18.0903 0652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) B:\Windows\system32\drivers\HDAudBus.sys
16:10:18.0906 0652 HDAudBus - ok
16:10:18.0932 0652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) B:\Windows\system32\DRIVERS\HidBatt.sys
16:10:18.0933 0652 HidBatt - ok
16:10:18.0956 0652 HidBth (89448f40e6df260c206a193a4683ba78) B:\Windows\system32\DRIVERS\hidbth.sys
16:10:18.0958 0652 HidBth - ok
16:10:18.0971 0652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) B:\Windows\system32\DRIVERS\hidir.sys
16:10:18.0972 0652 HidIr - ok
16:10:19.0047 0652 HidUsb (10c19f8290891af023eaec0832e1eb4d) B:\Windows\system32\DRIVERS\hidusb.sys
16:10:19.0048 0652 HidUsb - ok
16:10:19.0104 0652 HpSAMD (295fdc419039090eb8b49ffdbb374549) B:\Windows\system32\drivers\HpSAMD.sys
16:10:19.0106 0652 HpSAMD - ok
16:10:19.0176 0652 HTTP (871917b07a141bff43d76d8844d48106) B:\Windows\system32\drivers\HTTP.sys
16:10:19.0180 0652 HTTP - ok
16:10:19.0215 0652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) B:\Windows\system32\drivers\hwpolicy.sys
16:10:19.0216 0652 hwpolicy - ok
16:10:19.0272 0652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) B:\Windows\system32\drivers\i8042prt.sys
16:10:19.0275 0652 i8042prt - ok
16:10:19.0354 0652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) B:\Windows\system32\drivers\iaStorV.sys
16:10:19.0360 0652 iaStorV - ok
16:10:19.0419 0652 iirsp (4173ff5708f3236cf25195fecd742915) B:\Windows\system32\DRIVERS\iirsp.sys
16:10:19.0421 0652 iirsp - ok
16:10:19.0501 0652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) B:\Windows\system32\drivers\intelide.sys
16:10:19.0502 0652 intelide - ok
16:10:19.0551 0652 intelppm (3b514d27bfc4accb4037bc6685f766e0) B:\Windows\system32\DRIVERS\intelppm.sys
16:10:19.0552 0652 intelppm - ok
16:10:19.0572 0652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) B:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:19.0574 0652 IpFilterDriver - ok
16:10:19.0617 0652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) B:\Windows\system32\drivers\IPMIDrv.sys
16:10:19.0619 0652 IPMIDRV - ok
16:10:19.0646 0652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) B:\Windows\system32\drivers\ipnat.sys
16:10:19.0649 0652 IPNAT - ok
16:10:19.0752 0652 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) B:\Windows\system32\drivers\iPodDrv.sys
16:10:19.0755 0652 iPodDrv - ok
16:10:19.0805 0652 IRENUM (42996cff20a3084a56017b7902307e9f) B:\Windows\system32\drivers\irenum.sys
16:10:19.0807 0652 IRENUM - ok
16:10:19.0852 0652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) B:\Windows\system32\drivers\isapnp.sys
16:10:19.0854 0652 isapnp - ok
16:10:19.0894 0652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) B:\Windows\system32\drivers\msiscsi.sys
16:10:19.0899 0652 iScsiPrt - ok
16:10:19.0954 0652 kbdclass (adef52ca1aeae82b50df86b56413107e) B:\Windows\system32\DRIVERS\kbdclass.sys
16:10:19.0956 0652 kbdclass - ok
16:10:19.0994 0652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) B:\Windows\system32\DRIVERS\kbdhid.sys
16:10:19.0995 0652 kbdhid - ok
16:10:20.0043 0652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) B:\Windows\system32\Drivers\ksecdd.sys
16:10:20.0045 0652 KSecDD - ok
16:10:20.0089 0652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) B:\Windows\system32\Drivers\ksecpkg.sys
16:10:20.0092 0652 KSecPkg - ok
16:10:20.0224 0652 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) B:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
16:10:20.0225 0652 Lavasoft Kernexplorer - ok
16:10:20.0332 0652 Lbd (336abe8721cbc3110f1c6426da633417) B:\Windows\system32\DRIVERS\Lbd.sys
16:10:20.0335 0652 Lbd - ok
16:10:20.0425 0652 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) B:\Windows\system32\DRIVERS\LHidFilt.Sys
16:10:20.0426 0652 LHidFilt - ok
16:10:20.0490 0652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) B:\Windows\system32\DRIVERS\lltdio.sys
16:10:20.0492 0652 lltdio - ok
16:10:20.0561 0652 LMouFilt (ab33792a87285344f43b5ce23421bab0) B:\Windows\system32\DRIVERS\LMouFilt.Sys
16:10:20.0562 0652 LMouFilt - ok
16:10:20.0606 0652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) B:\Windows\system32\DRIVERS\lsi_fc.sys
16:10:20.0608 0652 LSI_FC - ok
16:10:20.0626 0652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) B:\Windows\system32\DRIVERS\lsi_sas.sys
16:10:20.0629 0652 LSI_SAS - ok
16:10:20.0654 0652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) B:\Windows\system32\DRIVERS\lsi_sas2.sys
16:10:20.0657 0652 LSI_SAS2 - ok
16:10:20.0683 0652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) B:\Windows\system32\DRIVERS\lsi_scsi.sys
16:10:20.0686 0652 LSI_SCSI - ok
16:10:20.0715 0652 luafv (6703e366cc18d3b6e534f5cf7df39cee) B:\Windows\system32\drivers\luafv.sys
16:10:20.0718 0652 luafv - ok
16:10:20.0765 0652 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) B:\Windows\system32\Drivers\LUsbFilt.Sys
16:10:20.0765 0652 LUsbFilt - ok
16:10:20.0838 0652 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) B:\Windows\system32\drivers\mbam.sys
16:10:20.0839 0652 MBAMProtector - ok
16:10:20.0901 0652 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) B:\Windows\system32\mbmiodrvr.sys
16:10:20.0904 0652 mbmiodrvr - ok
16:10:20.0936 0652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) B:\Windows\system32\DRIVERS\megasas.sys
16:10:20.0938 0652 megasas - ok
16:10:20.0976 0652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) B:\Windows\system32\DRIVERS\MegaSR.sys
16:10:20.0982 0652 MegaSR - ok
16:10:21.0051 0652 Modem (f001861e5700ee84e2d4e52c712f4964) B:\Windows\system32\drivers\modem.sys
16:10:21.0052 0652 Modem - ok
16:10:21.0084 0652 monitor (79d10964de86b292320e9dfe02282a23) B:\Windows\system32\DRIVERS\monitor.sys
16:10:21.0084 0652 monitor - ok
16:10:21.0148 0652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) B:\Windows\system32\DRIVERS\mouclass.sys
16:10:21.0203 0652 mouclass - ok
16:10:21.0366 0652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) B:\Windows\system32\DRIVERS\mouhid.sys
16:10:21.0367 0652 mouhid - ok
16:10:21.0411 0652 mountmgr (fc8771f45ecccfd89684e38842539b9b) B:\Windows\system32\drivers\mountmgr.sys
16:10:21.0412 0652 mountmgr - ok
16:10:21.0452 0652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) B:\Windows\system32\drivers\mpio.sys
16:10:21.0455 0652 mpio - ok
16:10:21.0490 0652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) B:\Windows\system32\drivers\mpsdrv.sys
16:10:21.0492 0652 mpsdrv - ok
16:10:21.0574 0652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) B:\Windows\system32\drivers\mrxdav.sys
16:10:21.0577 0652 MRxDAV - ok
16:10:21.0637 0652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) B:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:21.0640 0652 mrxsmb - ok
16:10:21.0689 0652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) B:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:21.0693 0652 mrxsmb10 - ok
16:10:21.0718 0652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) B:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:21.0721 0652 mrxsmb20 - ok
16:10:21.0759 0652 msahci (012c5f4e9349e711e11e0f19a8589f0a) B:\Windows\system32\drivers\msahci.sys
16:10:21.0760 0652 msahci - ok
16:10:21.0790 0652 msdsm (55055f8ad8be27a64c831322a780a228) B:\Windows\system32\drivers\msdsm.sys
16:10:21.0792 0652 msdsm - ok
16:10:21.0854 0652 Msfs (daefb28e3af5a76abcc2c3078c07327f) B:\Windows\system32\drivers\Msfs.sys
16:10:21.0855 0652 Msfs - ok
16:10:21.0877 0652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) B:\Windows\System32\drivers\mshidkmdf.sys
16:10:21.0879 0652 mshidkmdf - ok
16:10:21.0893 0652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) B:\Windows\system32\drivers\msisadrv.sys
16:10:21.0895 0652 msisadrv - ok
16:10:21.0952 0652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) B:\Windows\system32\drivers\MSKSSRV.sys
16:10:21.0953 0652 MSKSSRV - ok
16:10:21.0971 0652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) B:\Windows\system32\drivers\MSPCLOCK.sys
16:10:21.0973 0652 MSPCLOCK - ok
16:10:21.0986 0652 MSPQM (f456e973590d663b1073e9c463b40932) B:\Windows\system32\drivers\MSPQM.sys
16:10:21.0988 0652 MSPQM - ok
16:10:22.0016 0652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) B:\Windows\system32\drivers\MsRPC.sys
16:10:22.0020 0652 MsRPC - ok
16:10:22.0042 0652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) B:\Windows\system32\drivers\mssmbios.sys
16:10:22.0043 0652 mssmbios - ok
16:10:22.0066 0652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) B:\Windows\system32\drivers\MSTEE.sys
16:10:22.0067 0652 MSTEE - ok
16:10:22.0086 0652 MTConfig (33599130f44e1f34631cea241de8ac84) B:\Windows\system32\DRIVERS\MTConfig.sys
16:10:22.0087 0652 MTConfig - ok
16:10:22.0136 0652 MTsensor (97affa9d95ffe20eee6229bc6be166cf) B:\Windows\system32\DRIVERS\ATKACPI.sys
16:10:22.0137 0652 MTsensor - ok
16:10:22.0153 0652 Mup (159fad02f64e6381758c990f753bcc80) B:\Windows\system32\Drivers\mup.sys
16:10:22.0155 0652 Mup - ok
16:10:22.0237 0652 NativeWifiP (26384429fcd85d83746f63e798ab1480) B:\Windows\system32\DRIVERS\nwifi.sys
16:10:22.0242 0652 NativeWifiP - ok
16:10:22.0294 0652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) B:\Windows\system32\drivers\ndis.sys
16:10:22.0298 0652 NDIS - ok
16:10:22.0345 0652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) B:\Windows\system32\DRIVERS\ndiscap.sys
16:10:22.0347 0652 NdisCap - ok
16:10:22.0384 0652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) B:\Windows\system32\DRIVERS\ndistapi.sys
16:10:22.0386 0652 NdisTapi - ok
16:10:22.0421 0652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) B:\Windows\system32\DRIVERS\ndisuio.sys
16:10:22.0423 0652 Ndisuio - ok
16:10:22.0458 0652 NdisWan (38fbe267e7e6983311179230facb1017) B:\Windows\system32\DRIVERS\ndiswan.sys
16:10:22.0462 0652 NdisWan - ok
16:10:22.0500 0652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) B:\Windows\system32\drivers\NDProxy.sys
16:10:22.0503 0652 NDProxy - ok
16:10:22.0527 0652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) B:\Windows\system32\DRIVERS\netbios.sys
16:10:22.0529 0652 NetBIOS - ok
16:10:22.0592 0652 NetBT (280122ddcf04b378edd1ad54d71c1e54) B:\Windows\system32\DRIVERS\netbt.sys
16:10:22.0594 0652 NetBT - ok
16:10:22.0643 0652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) B:\Windows\system32\DRIVERS\nfrd960.sys
16:10:22.0647 0652 nfrd960 - ok
16:10:22.0702 0652 Npfs (1db262a9f8c087e8153d89bef3d2235f) B:\Windows\system32\drivers\Npfs.sys
16:10:22.0704 0652 Npfs - ok
16:10:22.0730 0652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) B:\Windows\system32\drivers\nsiproxy.sys
16:10:22.0730 0652 nsiproxy - ok
16:10:22.0799 0652 Ntfs (81189c3d7763838e55c397759d49007a) B:\Windows\system32\drivers\Ntfs.sys
16:10:22.0844 0652 Ntfs - ok
16:10:22.0867 0652 Null (f9756a98d69098dca8945d62858a812c) B:\Windows\system32\drivers\Null.sys
16:10:22.0868 0652 Null - ok
16:10:22.0915 0652 NUMARK_NS7_MIDI (d4077516fab2ca8bd84e70095856962c) B:\Windows\system32\drivers\ns7_midi.sys
16:10:22.0916 0652 NUMARK_NS7_MIDI - ok
16:10:22.0990 0652 NUMARK_NS7_USB (5d6ae78ac884fcd20eb0225c6661573d) B:\Windows\system32\Drivers\ns7_usb.sys
16:10:22.0993 0652 NUMARK_NS7_USB - ok
16:10:23.0012 0652 NUMARK_NS7_WDM (adcfafb2c373ca99f9ffd9d98530e80e) B:\Windows\system32\drivers\ns7_wdm.sys
16:10:23.0013 0652 NUMARK_NS7_WDM - ok
16:10:23.0327 0652 nvlddmkm (5ce5b23855262acabaecce156f48dd88) B:\Windows\system32\DRIVERS\nvlddmkm.sys
16:10:23.0605 0652 nvlddmkm - ok
16:10:23.0682 0652 nvraid (b3e25ee28883877076e0e1ff877d02e0) B:\Windows\system32\drivers\nvraid.sys
16:10:23.0685 0652 nvraid - ok
16:10:23.0721 0652 nvstor (4380e59a170d88c4f1022eff6719a8a4) B:\Windows\system32\drivers\nvstor.sys
16:10:23.0724 0652 nvstor - ok
16:10:23.0778 0652 nv_agp (5a0983915f02bae73267cc2a041f717d) B:\Windows\system32\drivers\nv_agp.sys
16:10:23.0781 0652 nv_agp - ok
16:10:23.0816 0652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) B:\Windows\system32\drivers\ohci1394.sys
16:10:23.0818 0652 ohci1394 - ok
16:10:23.0888 0652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) B:\Windows\system32\DRIVERS\parport.sys
16:10:23.0890 0652 Parport - ok
16:10:23.0926 0652 partmgr (bf8f6af06da75b336f07e23aef97d93b) B:\Windows\system32\drivers\partmgr.sys
16:10:23.0928 0652 partmgr - ok
16:10:23.0950 0652 Parvdm (eb0a59f29c19b86479d36b35983daadc) B:\Windows\system32\DRIVERS\parvdm.sys
16:10:23.0952 0652 Parvdm - ok
16:10:23.0993 0652 pci (673e55c3498eb970088e812ea820aa8f) B:\Windows\system32\drivers\pci.sys
16:10:23.0998 0652 pci - ok
16:10:24.0042 0652 pciide (afe86f419014db4e5593f69ffe26ce0a) B:\Windows\system32\drivers\pciide.sys
16:10:24.0044 0652 pciide - ok
16:10:24.0073 0652 pcmcia (f396431b31693e71e8a80687ef523506) B:\Windows\system32\DRIVERS\pcmcia.sys
16:10:24.0078 0652 pcmcia - ok
16:10:24.0104 0652 pcw (250f6b43d2b613172035c6747aeeb19f) B:\Windows\system32\drivers\pcw.sys
16:10:24.0106 0652 pcw - ok
16:10:24.0162 0652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) B:\Windows\system32\drivers\peauth.sys
16:10:24.0172 0652 PEAUTH - ok
16:10:24.0253 0652 pnarp (8092d881311b313c99099870f663f888) B:\Windows\system32\DRIVERS\pnarp.sys
16:10:24.0258 0652 pnarp - ok
16:10:24.0315 0652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) B:\Windows\system32\DRIVERS\raspptp.sys
16:10:24.0317 0652 PptpMiniport - ok
16:10:24.0343 0652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) B:\Windows\system32\DRIVERS\processr.sys
16:10:24.0345 0652 Processor - ok
16:10:24.0391 0652 Psched (6270ccae2a86de6d146529fe55b3246a) B:\Windows\system32\DRIVERS\pacer.sys
16:10:24.0392 0652 Psched - ok
16:10:24.0530 0652 purendis (9715050608550825b23507213cae0208) B:\Windows\system32\DRIVERS\purendis.sys
16:10:24.0532 0652 purendis - ok
16:10:24.0602 0652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) B:\Windows\system32\DRIVERS\ql2300.sys
16:10:24.0659 0652 ql2300 - ok
16:10:24.0692 0652 ql40xx (b4dd51dd25182244b86737dc51af2270) B:\Windows\system32\DRIVERS\ql40xx.sys
16:10:24.0694 0652 ql40xx - ok
16:10:24.0731 0652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) B:\Windows\system32\drivers\qwavedrv.sys
16:10:24.0733 0652 QWAVEdrv - ok
16:10:24.0751 0652 RasAcd (30a81b53c766d0133bb86d234e5556ab) B:\Windows\system32\DRIVERS\rasacd.sys
16:10:24.0753 0652 RasAcd - ok
16:10:24.0802 0652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) B:\Windows\system32\DRIVERS\AgileVpn.sys
16:10:24.0804 0652 RasAgileVpn - ok
16:10:24.0822 0652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) B:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:24.0824 0652 Rasl2tp - ok
16:10:24.0866 0652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) B:\Windows\system32\DRIVERS\raspppoe.sys
16:10:24.0868 0652 RasPppoe - ok
16:10:24.0892 0652 RasSstp (44101f495a83ea6401d886e7fd70096b) B:\Windows\system32\DRIVERS\rassstp.sys
16:10:24.0895 0652 RasSstp - ok
16:10:24.0933 0652 rdbss (d528bc58a489409ba40334ebf96a311b) B:\Windows\system32\DRIVERS\rdbss.sys
16:10:24.0935 0652 rdbss - ok
16:10:24.0965 0652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) B:\Windows\system32\DRIVERS\rdpbus.sys
16:10:24.0967 0652 rdpbus - ok
16:10:25.0002 0652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) B:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:25.0003 0652 RDPCDD - ok
16:10:25.0050 0652 RDPDR (b973fcfc50dc1434e1970a146f7e3885) B:\Windows\system32\drivers\rdpdr.sys
16:10:25.0054 0652 RDPDR - ok
16:10:25.0091 0652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) B:\Windows\system32\drivers\rdpencdd.sys
16:10:25.0092 0652 RDPENCDD - ok
16:10:25.0108 0652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) B:\Windows\system32\drivers\rdprefmp.sys
16:10:25.0109 0652 RDPREFMP - ok
16:10:25.0147 0652 RDPWD (288b06960d78428ff89e811632684e20) B:\Windows\system32\drivers\RDPWD.sys
16:10:25.0151 0652 RDPWD - ok
16:10:25.0200 0652 rdyboost (518395321dc96fe2c9f0e96ac743b656) B:\Windows\system32\drivers\rdyboost.sys
16:10:25.0204 0652 rdyboost - ok
16:10:25.0265 0652 rismxdp (6c1f93c0760c9f79a1869d07233df39d) B:\Windows\system32\DRIVERS\rixdptsk.sys
16:10:25.0268 0652 rismxdp - ok
16:10:25.0347 0652 rspndr (032b0d36ad92b582d869879f5af5b928) B:\Windows\system32\DRIVERS\rspndr.sys
16:10:25.0350 0652 rspndr - ok
16:10:25.0413 0652 RTL8167 (7dfd48e24479b68b258d8770121155a0) B:\Windows\system32\DRIVERS\Rt86win7.sys
16:10:25.0415 0652 RTL8167 - ok
16:10:25.0451 0652 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) B:\Windows\system32\drivers\vms3cap.sys
16:10:25.0452 0652 s3cap - ok
16:10:25.0615 0652 sbp2port (05d860da1040f111503ac416ccef2bca) B:\Windows\system32\drivers\sbp2port.sys
16:10:25.0617 0652 sbp2port - ok
16:10:25.0660 0652 scfilter (0693b5ec673e34dc147e195779a4dcf6) B:\Windows\system32\DRIVERS\scfilter.sys
16:10:25.0662 0652 scfilter - ok
16:10:25.0715 0652 sdbus (0328be1c7f1cba23848179f8762e391c) B:\Windows\system32\drivers\sdbus.sys
16:10:25.0718 0652 sdbus - ok
16:10:25.0881 0652 secdrv (90a3935d05b494a5a39d37e71f09a677) B:\Windows\system32\drivers\secdrv.sys
16:10:25.0883 0652 secdrv - ok
16:10:25.0976 0652 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) B:\Windows\System32\Drivers\SENTINEL.SYS
16:10:25.0978 0652 Sentinel - ok
16:10:26.0019 0652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) B:\Windows\system32\DRIVERS\serenum.sys
16:10:26.0020 0652 Serenum - ok
16:10:26.0049 0652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) B:\Windows\system32\DRIVERS\serial.sys
16:10:26.0051 0652 Serial - ok
16:10:26.0083 0652 sermouse (79bffb520327ff916a582dfea17aa813) B:\Windows\system32\DRIVERS\sermouse.sys
16:10:26.0085 0652 sermouse - ok
16:10:26.0124 0652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) B:\Windows\system32\DRIVERS\sffdisk.sys
16:10:26.0126 0652 sffdisk - ok
16:10:26.0147 0652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) B:\Windows\system32\drivers\sffp_mmc.sys
16:10:26.0149 0652 sffp_mmc - ok
16:10:26.0160 0652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) B:\Windows\system32\DRIVERS\sffp_sd.sys
16:10:26.0161 0652 sffp_sd - ok
16:10:26.0191 0652 sfloppy (db96666cc8312ebc45032f30b007a547) B:\Windows\system32\DRIVERS\sfloppy.sys
16:10:26.0193 0652 sfloppy - ok
16:10:26.0254 0652 sisagp (2565cac0dc9fe0371bdce60832582b2e) B:\Windows\system32\drivers\sisagp.sys
16:10:26.0258 0652 sisagp - ok
16:10:26.0319 0652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) B:\Windows\system32\DRIVERS\SiSRaid2.sys
16:10:26.0321 0652 SiSRaid2 - ok
16:10:26.0349 0652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) B:\Windows\system32\DRIVERS\sisraid4.sys
16:10:26.0382 0652 SiSRaid4 - ok
16:10:26.0419 0652 Smb (3e21c083b8a01cb70ba1f09303010fce) B:\Windows\system32\DRIVERS\smb.sys
16:10:26.0422 0652 Smb - ok
16:10:26.0487 0652 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) B:\Windows\system32\speedfan.sys
16:10:26.0491 0652 speedfan - ok
16:10:26.0507 0652 spldr (95cf1ae7527fb70f7816563cbc09d942) B:\Windows\system32\drivers\spldr.sys
16:10:26.0509 0652 spldr - ok
16:10:26.0574 0652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) B:\Windows\system32\DRIVERS\srv.sys
16:10:26.0580 0652 srv - ok
16:10:26.0607 0652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) B:\Windows\system32\DRIVERS\srv2.sys
16:10:26.0613 0652 srv2 - ok
16:10:26.0637 0652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) B:\Windows\system32\DRIVERS\srvnet.sys
16:10:26.0640 0652 srvnet - ok
16:10:26.0710 0652 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) B:\Windows\system32\DRIVERS\ssudmdm.sys
16:10:26.0714 0652 ssudmdm - ok
16:10:26.0793 0652 stexstor (db32d325c192b801df274bfd12a7e72b) B:\Windows\system32\DRIVERS\stexstor.sys
16:10:26.0795 0652 stexstor - ok
16:10:26.0855 0652 storflt (472af0311073dceceaa8fa18ba2bdf89) B:\Windows\system32\drivers\vmstorfl.sys
16:10:26.0857 0652 storflt - ok
16:10:26.0902 0652 storvsc (dcaffd62259e0bdb433dd67b5bb37619) B:\Windows\system32\drivers\storvsc.sys
16:10:26.0904 0652 storvsc - ok
16:10:26.0924 0652 swenum (e58c78a848add9610a4db6d214af5224) B:\Windows\system32\drivers\swenum.sys
16:10:26.0925 0652 swenum - ok
16:10:27.0049 0652 Tcpip (65d10b191c59c5501a1263fc33f6894b) B:\Windows\system32\drivers\tcpip.sys
16:10:27.0095 0652 Tcpip - ok
16:10:27.0170 0652 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) B:\Windows\system32\DRIVERS\tcpip.sys
16:10:27.0180 0652 TCPIP6 - ok
16:10:27.0220 0652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) B:\Windows\system32\drivers\tcpipreg.sys
16:10:27.0223 0652 tcpipreg - ok
16:10:27.0258 0652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) B:\Windows\system32\drivers\tdpipe.sys
16:10:27.0260 0652 TDPIPE - ok
16:10:27.0294 0652 TDTCP (2c10395baa4847f83042813c515cc289) B:\Windows\system32\drivers\tdtcp.sys
16:10:27.0296 0652 TDTCP - ok
16:10:27.0331 0652 tdx (b459575348c20e8121d6039da063c704) B:\Windows\system32\DRIVERS\tdx.sys
16:10:27.0332 0652 tdx - ok
16:10:27.0377 0652 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) B:\Windows\system32\drivers\termdd.sys
16:10:27.0378 0652 TermDD - ok
16:10:27.0406 0652 tssecsrv (254bb140eee3c59d6114c1a86b636877) B:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:27.0408 0652 tssecsrv - ok
16:10:27.0464 0652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) B:\Windows\system32\drivers\tsusbflt.sys
16:10:27.0466 0652 TsUsbFlt - ok
16:10:27.0531 0652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) B:\Windows\system32\DRIVERS\tunnel.sys
16:10:27.0534 0652 tunnel - ok
16:10:27.0576 0652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) B:\Windows\system32\DRIVERS\uagp35.sys
16:10:27.0578 0652 uagp35 - ok
16:10:27.0631 0652 udfs (ee43346c7e4b5e63e54f927babbb32ff) B:\Windows\system32\DRIVERS\udfs.sys
16:10:27.0636 0652 udfs - ok
16:10:27.0687 0652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) B:\Windows\system32\drivers\uliagpkx.sys
16:10:27.0689 0652 uliagpkx - ok
16:10:27.0747 0652 umbus (d295bed4b898f0fd999fcfa9b32b071b) B:\Windows\system32\drivers\umbus.sys
16:10:27.0750 0652 umbus - ok
16:10:27.0772 0652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) B:\Windows\system32\DRIVERS\umpass.sys
16:10:27.0774 0652 UmPass - ok
16:10:27.0835 0652 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) B:\Windows\system32\Drivers\usbaapl.sys
16:10:27.0837 0652 USBAAPL - ok
16:10:27.0889 0652 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) B:\Windows\system32\drivers\usbaudio.sys
16:10:27.0891 0652 usbaudio - ok
16:10:27.0931 0652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) B:\Windows\system32\DRIVERS\usbccgp.sys
16:10:27.0933 0652 usbccgp - ok
16:10:27.0971 0652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) B:\Windows\system32\drivers\usbcir.sys
16:10:27.0973 0652 usbcir - ok
16:10:28.0005 0652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) B:\Windows\system32\DRIVERS\usbehci.sys
16:10:28.0008 0652 usbehci - ok
16:10:28.0064 0652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) B:\Windows\system32\DRIVERS\usbhub.sys
16:10:28.0071 0652 usbhub - ok
16:10:28.0102 0652 usbohci (e185d44fac515a18d9deddc23c2cdf44) B:\Windows\system32\drivers\usbohci.sys
16:10:28.0104 0652 usbohci - ok
16:10:28.0151 0652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) B:\Windows\system32\DRIVERS\usbprint.sys
16:10:28.0154 0652 usbprint - ok
16:10:28.0198 0652 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) B:\Windows\system32\DRIVERS\usbscan.sys
16:10:28.0200 0652 usbscan - ok
16:10:28.0236 0652 USBSTOR (f991ab9cc6b908db552166768176896a) B:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:28.0239 0652 USBSTOR - ok
16:10:28.0267 0652 usbuhci (68df884cf41cdada664beb01daf67e3d) B:\Windows\system32\DRIVERS\usbuhci.sys
16:10:28.0269 0652 usbuhci - ok
16:10:28.0313 0652 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) B:\Windows\System32\Drivers\usbvideo.sys
16:10:28.0318 0652 usbvideo - ok
16:10:28.0375 0652 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) B:\Windows\system32\DRIVERS\usb8023x.sys
16:10:28.0376 0652 usb_rndisx - ok
16:10:28.0435 0652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) B:\Windows\system32\drivers\vdrvroot.sys
16:10:28.0437 0652 vdrvroot - ok
16:10:28.0473 0652 vga (17c408214ea61696cec9c66e388b14f3) B:\Windows\system32\DRIVERS\vgapnp.sys
16:10:28.0475 0652 vga - ok
16:10:28.0502 0652 VgaSave (8e38096ad5c8570a6f1570a61e251561) B:\Windows\System32\drivers\vga.sys
16:10:28.0504 0652 VgaSave - ok
16:10:28.0539 0652 vhdmp (5461686cca2fda57b024547733ab42e3) B:\Windows\system32\drivers\vhdmp.sys
16:10:28.0543 0652 vhdmp - ok
16:10:28.0600 0652 viaagp (c829317a37b4bea8f39735d4b076e923) B:\Windows\system32\drivers\viaagp.sys
16:10:28.0602 0652 viaagp - ok
16:10:28.0660 0652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) B:\Windows\system32\DRIVERS\viac7.sys
16:10:28.0663 0652 ViaC7 - ok
16:10:28.0698 0652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) B:\Windows\system32\drivers\viaide.sys
16:10:28.0700 0652 viaide - ok
16:10:28.0742 0652 vmbus (c2f2911156fdc7817c52829c86da494e) B:\Windows\system32\drivers\vmbus.sys
16:10:28.0746 0652 vmbus - ok
16:10:28.0768 0652 VMBusHID (d4d77455211e204f370d08f4963063ce) B:\Windows\system32\drivers\VMBusHID.sys
16:10:28.0770 0652 VMBusHID - ok
16:10:28.0802 0652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) B:\Windows\system32\drivers\volmgr.sys
16:10:28.0804 0652 volmgr - ok
16:10:28.0845 0652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) B:\Windows\system32\drivers\volmgrx.sys
16:10:28.0848 0652 volmgrx - ok
16:10:28.0897 0652 volsnap (f497f67932c6fa693d7de2780631cfe7) B:\Windows\system32\drivers\volsnap.sys
16:10:28.0902 0652 volsnap - ok
16:10:28.0946 0652 vsmraid (9dfa0cc2f8855a04816729651175b631) B:\Windows\system32\DRIVERS\vsmraid.sys
16:10:28.0950 0652 vsmraid - ok
16:10:28.0979 0652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) B:\Windows\system32\DRIVERS\vwifibus.sys
16:10:28.0981 0652 vwifibus - ok
16:10:29.0028 0652 vwififlt (7090d3436eeb4e7da3373090a23448f7) B:\Windows\system32\DRIVERS\vwififlt.sys
16:10:29.0029 0652 vwififlt - ok
16:10:29.0074 0652 WacomPen (de3721e89c653aa281428c8a69745d90) B:\Windows\system32\DRIVERS\wacompen.sys
16:10:29.0076 0652 WacomPen - ok
16:10:29.0288 0652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) B:\Windows\system32\DRIVERS\wanarp.sys
16:10:29.0291 0652 WANARP - ok
16:10:29.0307 0652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) B:\Windows\system32\DRIVERS\wanarp.sys
16:10:29.0308 0652 Wanarpv6 - ok
16:10:29.0484 0652 Wd (1112a9badacb47b7c0bb0392e3158dff) B:\Windows\system32\DRIVERS\wd.sys
16:10:29.0486 0652 Wd - ok
16:10:29.0581 0652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) B:\Windows\system32\drivers\Wdf01000.sys
16:10:29.0645 0652 Wdf01000 - ok
16:10:30.0064 0652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) B:\Windows\system32\DRIVERS\wfplwf.sys
16:10:30.0070 0652 WfpLwf - ok
16:10:30.0166 0652 WIMMount (5cf95b35e59e2a38023836fff31be64c) B:\Windows\system32\drivers\wimmount.sys
16:10:30.0168 0652 WIMMount - ok
16:10:30.0438 0652 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) B:\Windows\system32\DRIVERS\WinUsb.sys
16:10:30.0446 0652 WinUsb - ok
16:10:30.0569 0652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) B:\Windows\system32\drivers\wmiacpi.sys
16:10:30.0580 0652 WmiAcpi - ok
16:10:30.0741 0652 ws2ifsl (6db3276587b853bf886b69528fdb048c) B:\Windows\system32\drivers\ws2ifsl.sys
16:10:30.0751 0652 ws2ifsl - ok
16:10:30.0854 0652 WudfPf (e714a1c0354636837e20ccbf00888ee7) B:\Windows\system32\drivers\WudfPf.sys
16:10:30.0865 0652 WudfPf - ok
16:10:31.0006 0652 WUDFRd (1023ee888c9b47178c5293ed5336ab69) B:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:31.0012 0652 WUDFRd - ok
16:10:31.0148 0652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:10:31.0244 0652 \Device\Harddisk0\DR0 - ok
16:10:31.0248 0652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
16:10:32.0918 0652 \Device\Harddisk1\DR1 - ok
16:10:32.0949 0652 Boot (0x1200) (52cd9902d7f6e2c5ba5bb14b34ef290d) \Device\Harddisk0\DR0\Partition0
16:10:32.0951 0652 \Device\Harddisk0\DR0\Partition0 - ok
16:10:32.0978 0652 Boot (0x1200) (09e1fbf96cdbf0255c8c2c4f84bcf648) \Device\Harddisk0\DR0\Partition1
16:10:32.0979 0652 \Device\Harddisk0\DR0\Partition1 - ok
16:10:32.0983 0652 Boot (0x1200) (65abca55a674156e32a99be2757fd92f) \Device\Harddisk1\DR1\Partition0
16:10:32.0984 0652 \Device\Harddisk1\DR1\Partition0 - ok
16:10:32.0985 0652 ============================================================
16:10:32.0985 0652 Scan finished
16:10:32.0985 0652 ============================================================
16:10:33.0040 0704 Detected object count: 0
16:10:33.0040 0704 Actual detected object count: 0
------------------------------------------------------------------



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 16:11:14
-----------------------------
16:11:14.721 OS Version: Windows 6.1.7601 Service Pack 1
16:11:14.721 Number of processors: 2 586 0x170A
16:11:14.722 ComputerName: RYAN32-PC UserName: Ryan 32
16:11:34.153 Initialize success
16:12:35.282 AVAST engine defs: 12022801
16:12:56.381 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:12:56.384 Disk 0 Vendor: ST9500325AS 0002SDM1 Size: 476940MB BusType: 11
16:12:56.388 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
16:12:56.391 Disk 1 Vendor: WDC_WD5000BEVT-80A0RT0 01.01A01 Size: 476940MB BusType: 11
16:12:56.436 Disk 0 MBR read successfully
16:12:56.440 Disk 0 MBR scan
16:12:56.446 Disk 0 Windows 7 default MBR code
16:12:56.451 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
16:12:56.502 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 414937 MB offset 24579450
16:12:56.541 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 49999 MB offset 874373120
16:12:56.547 Disk 0 scanning sectors +976771072
16:12:56.606 Disk 0 scanning B:\Windows\system32\drivers
16:13:10.729 Service scanning
16:13:35.291 Modules scanning
16:13:41.600 Disk 0 trace - called modules:
16:13:41.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
16:13:41.645 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8623c118]
16:13:41.649 3 CLASSPNP.SYS[8ac0459e] -> nt!IofCallDriver -> [0x86143c10]
16:13:41.654 5 ACPI.sys[8aaaf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d6d030]
16:13:42.292 AVAST engine scan B:\
16:14:12.881 Disk 0 MBR has been saved successfully to "B:\Users\Ryan 32\Desktop\MBR.dat"
16:14:12.888 The log file has been saved successfully to "B:\Users\Ryan 32\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 29 February 2012 - 08:34 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CookieCrisp

CookieCrisp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 29 February 2012 - 05:43 PM

Here is the logfile. Everything seemed to go smoothly!


Thank you again for the swift and helpful responses.

It seems like everything is back to normal, unless something in the log files says so.

Here is the Combofix file

-------------------------------------------------------
ComboFix 12-02-27.02 - Ryan 32 02/29/2012 13:54:57.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2815.1887 [GMT -5:00]
Running from: b:\users\Ryan 32\Desktop\ComboFix.exe
Command switches used :: b:\users\Ryan 32\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
b:\users\Ryan 32\AppData\Local\Temp\ppcrlui_3788_2
b:\users\RYAN32~1\AppData\Local\Temp\ppcrlui_3788_2
b:\windows\system32\dds_log_trash.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 19:03 . 2012-02-29 19:03 -------- d-----w- b:\users\Default\AppData\Local\temp
2012-02-28 18:26 . 2012-02-29 19:03 -------- d-----w- b:\users\Ryan 32\AppData\Local\temp
2012-02-28 18:25 . 2012-02-28 19:36 56200 ----a-w- b:\programdata\Microsoft\Windows Defender\Definition Updates\{614C3FFB-9D63-4E07-A293-DECDAE872938}\offreg.dll
2012-02-28 18:14 . 2010-11-20 08:39 187904 ----a-w- b:\windows\system32\drivers\netbt.sys
2012-02-27 17:08 . 2012-02-27 17:08 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Malwarebytes
2012-02-27 17:08 . 2012-02-27 17:08 -------- d-----w- b:\programdata\Malwarebytes
2012-02-27 17:08 . 2012-02-27 17:08 -------- d-----w- b:\program files\Malwarebytes' Anti-Malware
2012-02-27 17:08 . 2011-12-10 20:24 20464 ----a-w- b:\windows\system32\drivers\mbam.sys
2012-02-27 05:31 . 2012-02-27 16:55 -------- d-----w- B:\sh4ldr
2012-02-27 05:31 . 2012-02-27 05:31 -------- d-----w- b:\program files\Enigma Software Group
2012-02-27 05:30 . 2012-02-27 16:55 -------- d-----w- b:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-27 05:30 . 2012-02-27 05:30 -------- d-----w- b:\program files\Common Files\Wise Installation Wizard
2012-02-27 00:31 . 2012-02-27 00:31 -------- d-sh--w- b:\windows\system32\%APPDATA%
2012-02-27 00:28 . 2012-02-27 00:33 -------- d-----w- b:\program files\coolpro2
2012-02-27 00:16 . 2012-02-28 18:26 -------- d-sh--w- b:\users\Ryan 32\AppData\Local\34387960
2012-02-27 00:03 . 2012-02-27 00:03 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Syntrillium
2012-02-24 22:33 . 2012-02-08 06:03 6552120 ----a-w- b:\programdata\Microsoft\Windows Defender\Definition Updates\{614C3FFB-9D63-4E07-A293-DECDAE872938}\mpengine.dll
2012-02-20 20:44 . 2012-02-21 20:31 -------- d-----w- b:\users\Ryan 32\Rapid Evolution 3
2012-02-20 20:42 . 2012-02-20 20:43 -------- d-----w- b:\program files\Rapid Evolution 3
2012-02-15 02:20 . 2011-12-30 05:27 478720 ----a-w- b:\windows\system32\timedate.cpl
2012-02-15 02:20 . 2012-01-04 08:58 442880 ----a-w- b:\windows\system32\ntshrui.dll
2012-02-15 02:20 . 2011-12-16 07:52 690688 ----a-w- b:\windows\system32\msvcrt.dll
2012-02-15 02:20 . 2012-01-14 03:35 2343424 ----a-w- b:\windows\system32\win32k.sys
2012-02-12 21:13 . 2012-02-20 20:32 -------- d-----w- b:\program files\Mixed In Key 4
2012-02-12 21:13 . 2007-09-13 22:30 348160 ----a-w- b:\windows\system32\msvcr71.dll
2012-02-12 21:12 . 2012-02-12 21:12 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Philipp Winterberg
2012-02-12 21:12 . 2012-02-12 21:12 -------- d-----w- b:\program files\Free RAR Extract Frog
2012-02-06 21:34 . 2012-02-06 21:34 -------- d-----w- b:\program files\Common Files\SafeNet Sentinel
2012-02-06 21:31 . 2012-02-15 02:43 -------- d-----w- b:\users\Ryan 32\AppData\Roaming\Tanner EDA
2012-02-06 21:31 . 2012-02-15 02:43 -------- d-----w- b:\program files\Tanner EDA
2012-01-31 01:57 . 2012-01-31 01:57 -------- d-----w- b:\windows\en
2012-01-31 01:55 . 2012-01-31 01:55 -------- d-----w- b:\program files\Microsoft SQL Server Compact Edition
2012-01-31 01:54 . 2012-01-31 01:54 -------- d-----w- b:\windows\PCHEALTH
2012-01-31 01:53 . 2012-01-31 01:57 -------- d-----w- b:\program files\Windows Live
2012-01-31 01:52 . 2009-09-04 22:44 69464 ----a-w- b:\windows\system32\XAPOFX1_3.dll
2012-01-31 01:52 . 2009-09-04 22:44 515416 ----a-w- b:\windows\system32\XAudio2_5.dll
2012-01-31 01:52 . 2009-09-04 22:29 453456 ----a-w- b:\windows\system32\d3dx10_42.dll
2012-01-31 01:52 . 2006-11-29 18:06 3426072 ----a-w- b:\windows\system32\d3dx9_32.dll
2012-01-31 01:50 . 2012-01-31 17:56 -------- d-----w- b:\users\Ryan 32\AppData\Local\Windows Live
2012-01-31 01:50 . 2012-01-31 01:50 -------- d-----w- b:\program files\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 01:53 . 2011-03-28 23:36 18328 ----a-w- b:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-29 10:10 . 2010-08-20 18:40 237072 ------w- b:\windows\system32\MpSigStub.exe
2012-01-16 06:04 . 2012-01-16 06:04 65536 ----a-r- b:\users\Ryan 32\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-01-06 05:25 . 2012-01-06 05:25 444952 ----a-w- b:\windows\system32\wrap_oal.dll
2012-01-06 05:25 . 2012-01-06 05:25 109080 ----a-w- b:\windows\system32\OpenAL32.dll
2012-01-26 05:52 . 2011-05-15 02:17 121816 ----a-w- b:\program files\mozilla firefox\components\browsercomps.dll
2011-07-21 21:40 . 2011-07-21 21:40 119808 ----a-w- b:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="b:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Steam"="b:\program files\Steam\Steam.exe" [2012-01-06 1242448]
"MusicManager"="b:\users\Ryan 32\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-01-11 13224448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="b:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Google Desktop Search"="b:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-21 30192]
"SunJavaUpdateSched"="b:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"nmctxth"="b:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="b:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Malwarebytes' Anti-Malware"="b:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe Reader Speed Launcher"="b:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="b:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
b:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - b:\program files\Logitech\SetPoint\SetPoint.exe [2011-6-13 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- b:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=b:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\B:^Users^Ryan 32^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=b:\users\Ryan 32\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=b:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- b:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 03:51 37296 ----a-w- b:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-11 20:17 136176 ----atw- b:\users\Ryan 32\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- b:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- b:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-12-29 22:34 735608 ----a-w- b:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- b:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;b:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);b:\windows\system32\DRIVERS\ssudbus.sys [2011-11-25 80184]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;b:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-21 30192]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;b:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;b:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 NUMARK_NS7_MIDI;Numark NS7 WDM MIDI Device;b:\windows\system32\drivers\ns7_midi.sys [2009-11-13 30720]
R3 NUMARK_NS7_USB;Numark NS7 USB driver;b:\windows\system32\Drivers\ns7_usb.sys [2009-11-13 477696]
R3 NUMARK_NS7_WDM;Numark NS7 WDM;b:\windows\system32\drivers\ns7_wdm.sys [2009-11-13 57344]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);b:\windows\system32\DRIVERS\ssudmdm.sys [2011-11-25 181432]
R3 TsUsbFlt;TsUsbFlt;b:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;b:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;b:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;b:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S1 vwififlt;Virtual WiFi Filter Driver;b:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 iPodDrv;iPodDrv;b:\windows\system32\drivers\iPodDrv.sys [2011-03-10 6656]
S2 MBAMService;MBAMService;b:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;b:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;b:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24943884
*NewlyCreated* - ASWMBR
*Deregistered* - 24943884
*Deregistered* - aswMBR
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
SiSRaid
A88xEnc
dwusbdnt
aspi32
mi-raysat_3dsmax9_32
se44nd5
iAimFP7
tversitymediaserver
SQTECH905C
ps2
SilverLink
ati2mtag
VirtualCam
2wirepcp
Alpham1
ICAM5USB
DSXUSB
epgspooler
w200mdm
MASPINT
VNUSB
dvd-ram_service
transbaseservice
nvatabus
vmm
se26nd5
plscsi
dpti2o
syntp
smcirda
xnacc
vcsw
zpjobq
apache
nvedavt
smstsmgr
asctrm
snac
uscbs108
clsched
mferkdk
w800mdm
iAimFP6
M2500
digisptiservice
cvspydr2
CoachVc
s3ssavage
SeaPort
bcm43xx
mnsframework
viaagp1
aclient
WNIPROT5
VRFIL
racsvc
iaimtv2
hsxhwazl
nmwcdc
ss_bus
cdr4_xp
dlcj_device
sonicstagemonitoring
lexbces
ALYac_PZSrv
as32svc
wwnetdde
dlaudfam
niorbk
RTSTOR
vnxservice
downloadmanagerlite
Exportit
server
tosrfhid
zpnodecollector
fingrd32
tavsvc
RAPIProtocol
macformatservice
TIEHDUSB
acs
se59mdm
sit_flt
ctxcpusched
ASDR
nicser_wmp11
NPPTNT
TeamViewer
ATMsg
tangoservice
TBPanel
spmgr
iaimtv1
caccprovsp
xpagentserver
se44mgmt
iAimTV6
s7oppitx
n558
imonitor
SymIMMP
adiloader
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 b:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2831552950-2453436779-1420864200-1001Core.job
- b:\users\Ryan 32\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 20:17]
.
2012-02-29 b:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2831552950-2453436779-1420864200-1001UA.job
- b:\users\Ryan 32\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 128.180.2.9 128.180.1.3
FF - ProfilePath - b:\users\Ryan 32\AppData\Roaming\Mozilla\Firefox\Profiles\76fluzup.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-29 14:05:03
ComboFix-quarantined-files.txt 2012-02-29 19:05
ComboFix2.txt 2012-02-28 18:33
.
Pre-Run: 19,710,033,920 bytes free
Post-Run: 19,753,295,872 bytes free
.
- - End Of File - - 0166C81ED059AA13509754302BDD2E14

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 01 March 2012 - 12:08 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.4.7
Java™ 6 Update 26
Java™ 7 Update 2
JavaFX 2.0.2
JavaFX 2.0.2 SDK
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 03 March 2012 - 11:35 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:02 PM

Posted 07 March 2012 - 11:33 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users