Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pleading for help from experts at Bleeping Computer!!


  • This topic is locked This topic is locked
24 replies to this topic

#1 Vinson

Vinson

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 12 March 2012 - 10:53 PM

It appears that I have contracted a google redirecting virus. I am currently using the windows 7 pro (32 bit) os on a dell. At first I was being re-directed on almost every search result I clicked on. (Various search sites, happili.com, some others) I have ran Mbam, as well as super anti spyware, and they come up clean.
It wasn't until i ran Tdss killer that i actually had luck in finding a virus, which i removed. (All 3 of these were ran in safe mode)
It looked like it took a little of the edge off of the virus, because the random redirects weren't as frequent. That said, they are becoming more frequent the more I search with google, so i apparently have only ticked the bleeper off!
BTW, entering the URL seems to work fine.
Any help on this topic will be greatly appreciated! TIA!!

I would also like to add that I have not been able to update windows for some reason, as it never seems to start the d-load on MS's update site. it appears to be SP1 that will not update. This may or may not have anything to do with my problems. Again thanks.

Edited by Vinson, 12 March 2012 - 11:01 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 13 March 2012 - 01:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2012 - 10:56 AM

Thanks for the fast reply Gringo!! I have a problem when I try to run defogger. It tells me i must have admin rights to do so. This is a work laptop so not sure if that is the problem or not. I can run/install most all other programs with ease :(. Not sure if this will help, but i did go ahead and run DDS. Here is the files associated with it... Also, just a note, but my wallpaper has disappeared. It's just black now.


DDs.txt..............

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by VISHERRILL at 10:45:09 on 2012-03-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3241.2059 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\CmgShieldSvc.exe
C:\Windows\system32\EMSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Lotus\Notes\nslsvice.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Windows\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Lotus\Notes\nsd.exe
C:\Lotus\Notes\ntmulti.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PrinterSwitcher\PSS.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\drivers\chkfn.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\CmgShieldUI.exe
C:\Windows\System32\EmsServiceHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PrinterSwitcher\PrinterSwitcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LANDesk\LDClient\vulScan.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Update] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\microsoft\klzgc.dll",DllRegisterServer
mRun: [eCopy Scan Inbox Monitor] "c:\program files\ecopy\paperworks\bin\InboxMonitor.exe" -run
mRun: [eCopyPWPrntHlpr] "c:\program files\ecopy\paperworks\bin\eCopyPWPrntHlpr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ricohcfn] "c:\windows\system32\drivers\lchkfn.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IBM Lotus Notes Preloader] "c:\lotus\notes\nntspreld.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe
mRun: [EmsService] EmsServiceHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [Update] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\microsoft\klzgc.dll",DllRegisterServer
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\printe~1.lnk - c:\program files\printerswitcher\PrinterSwitcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{f3c1de9e-5e16-4ba9-b854-7b53a45e3579}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: bigmachines.com
Trusted Zone: ca02ntas02
Trusted Zone: documentmall.com
Trusted Zone: ikon.net
Trusted Zone: ikon.org
Trusted Zone: intuit.com\ttlc
Trusted Zone: isuiteonline.com
Trusted Zone: lanier.com
Trusted Zone: madisonpg.com\infocenter
Trusted Zone: nj02ldesk01
Trusted Zone: ricoh
Trusted Zone: ricoh-la.com\www1
Trusted Zone: ricoh-usa.com
Trusted Zone: ricoh.com
Trusted Zone: ricoh.com\*.wc
Trusted Zone: ricoh.com\rcg.support
Trusted Zone: ricoh.ds\*.us
Trusted Zone: salesforce.com
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxp://mgamac04.us.ricoh.ds/dwa85W.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://ssl2.ricoh-usa.com/+CSCOL+/csvrloader32.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://ssl2.ricoh-usa.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://mgamac04.us.ricoh.ds/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://ssl1.ricoh-usa.com/CACHE/sdesktop/install/binaries/instweb.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F33B353-7D4E-4BFD-93C5-2E7C422916A7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F33B353-7D4E-4BFD-93C5-2E7C422916A7}\94E4455425D45434 : DhcpNameServer = 10.10.45.3 10.77.52.236 10.10.35.3
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\visherrill\appdata\roaming\mozilla\firefox\profiles\d8x9dbcs.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CmgHiber;CmgHiber;c:\windows\system32\drivers\CmgHiber.sys [2011-5-4 101544]
R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [2011-5-4 303784]
R0 CMGShieldReg;CMGShieldReg;c:\windows\system32\drivers\CmgShREG.sys [2011-5-4 22696]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-7-22 17648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-7-22 81920]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2009-11-10 155648]
R2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2011-5-4 2762152]
R2 EMS;EMS;EMSService.exe --> EMSService.exe [?]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2011-7-22 139264]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?]
R2 Printer Switcher Service;Printer Switcher Service;c:\program files\printerswitcher\PSS.exe [2011-7-22 240440]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2011-7-22 385024]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-9 1831024]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-10-21 592120]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-4-6 43888]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-4-6 349736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-16 106104]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-4-6 269824]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2011-7-22 5120]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-6 41088]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2011-7-22 6144]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\o2mdrxp.sys [2011-4-6 61728]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [2011-4-6 63136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2011-7-22 14336]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2011-4-6 60904]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-8 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-03-12 23:08:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-12 13:50:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-12 13:23:19 -------- d-----w- C:\ComboFix
2012-03-08 12:59:34 -------- d-----w- c:\windows\system32\Wat
2012-02-18 20:26:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-18 20:26:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-18 20:25:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 20:27:49 98816 ----a-w- c:\windows\sed.exe
2012-02-16 20:27:49 518144 ----a-w- c:\windows\SWREG.exe
2012-02-16 20:27:49 256000 ----a-w- c:\windows\PEV.exe
2012-02-16 20:27:49 208896 ----a-w- c:\windows\MBR.exe
2012-02-15 13:01:58 386048 ----a-w- c:\windows\system32\html.iec
2012-02-15 13:01:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 13:01:52 2340864 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-26 13:37:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 09:03:07 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-03 05:44:24 478208 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 08:02:26 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
.
============= FINISH: 10:46:41.13 ===============



Attach.txt......

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2011 7:41:47 AM
System Uptime: 3/13/2012 10:27:09 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0H5TG2
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 201.543 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
BlackBerry Desktop Software 5.0.1
Carolina Barcode Fonts Demo v5
Cisco AnyConnect VPN Client
Cisco Systems VPN Client 5.0.05.0290
CMG Windows Shield
Dell Touchpad
E-Term for IBM
E-Term32
eCopy PaperWorks
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 21
LANDesk Advance Agent
LANDesk® Common Base Agent 8
LiveUpdate 3.3 (Symantec Corporation)
Lotus Notes 8.5.2
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel Viewer
Microsoft Office Outlook 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Oracle JInitiator 1.1.8.16
PowerDVD
PrinterSwitcher 1.0.2.0
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
swMSM
Symantec Endpoint Protection
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vista Plus ™ Windows Client 4.40
WinZip 11.2
WinZip Command Line Support Add-On 2.3
.
==== Event Viewer Messages From Past Week ========
.
3/13/2012 7:57:25 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/13/2012 7:57:25 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/13/2012 7:57:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/13/2012 7:57:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/13/2012 7:57:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/13/2012 7:57:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
3/13/2012 7:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/13/2012 7:57:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/13/2012 7:57:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX SysPlant Wanarpv6
3/13/2012 10:41:19 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
3/13/2012 10:30:59 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
3/13/2012 10:28:20 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain US due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/12/2012 8:47:03 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/12/2012 8:20:46 AM, Error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).
3/12/2012 5:27:34 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/12/2012 4:29:26 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/12/2012 3:52:27 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/12/2012 10:41:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:41:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/12/2012 10:41:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/12/2012 10:40:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX SysPlant tdx vwififlt Wanarpv6 WfpLwf WPS ws2ifsl
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2012 10:47:12 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
3/11/2012 10:47:07 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 13 March 2012 - 01:00 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2012 - 02:20 PM

OK cool. It seemed to run well. My desktop came back! Here is the log Gringo....


ComboFix 12-03-13.01 - VISHERRILL 03/13/2012 13:17:09.5.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3241.1722 [GMT -5:00]
Running from: c:\users\visherrill\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 18:34 . 2012-03-13 18:34 -------- d-----w- c:\users\visherrill\AppData\Local\temp
2012-03-13 18:34 . 2012-03-13 18:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-13 18:34 . 2012-03-13 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 18:34 . 2012-03-13 18:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-12 23:08 . 2012-03-12 23:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-08 12:59 . 2012-03-08 12:59 -------- d-----w- c:\windows\system32\Wat
2012-02-18 20:26 . 2012-03-10 15:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-18 20:26 . 2012-02-18 20:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-18 20:25 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 13:01 . 2011-12-16 06:49 386048 ----a-w- c:\windows\system32\html.iec
2012-02-15 13:01 . 2011-12-16 06:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 13:01 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 13:37 . 2011-07-31 18:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 14:40 . 2012-03-12 15:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-10 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eCopy Scan Inbox Monitor"="c:\program files\eCopy\PaperWorks\Bin\InboxMonitor.exe" [2009-05-18 73728]
"eCopyPWPrntHlpr"="c:\program files\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe" [2009-05-18 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Ricohcfn"="c:\windows\system32\drivers\lchkfn.exe" [2010-11-05 310297]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-15 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-15 177176]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-15 178200]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-12-07 536668]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"IBM Lotus Notes Preloader"="c:\lotus\Notes\nntspreld.exe" [2010-08-11 20360]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-09 115560]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2011-05-04 267688]
"EmsService"="EmsServiceHelper.exe" [2011-05-04 2053544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PrinterSwitcher.lnk - c:\program files\PrinterSwitcher\PrinterSwitcher.exe [2011-7-22 668984]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2011-7-22 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 13 March 2012 - 02:34 PM

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2012 - 03:32 PM

Tdsskiller didn't find anything malicious gringo. Nonetheless, here is the log from it & both logs from DDs...



15:24:05.0993 5236 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:24:06.0024 5236 ============================================================
15:24:06.0024 5236 Current date / time: 2012/03/13 15:24:06.0024
15:24:06.0024 5236 SystemInfo:
15:24:06.0024 5236
15:24:06.0024 5236 OS Version: 6.1.7600 ServicePack: 0.0
15:24:06.0024 5236 Product type: Workstation
15:24:06.0024 5236 ComputerName: FCNLKQ1
15:24:06.0024 5236 UserName: VISHERRILL
15:24:06.0024 5236 Windows directory: C:\Windows
15:24:06.0024 5236 System windows directory: C:\Windows
15:24:06.0024 5236 Processor architecture: Intel x86
15:24:06.0024 5236 Number of processors: 4
15:24:06.0024 5236 Page size: 0x1000
15:24:06.0024 5236 Boot type: Normal boot
15:24:06.0024 5236 ============================================================
15:24:08.0379 5236 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:24:08.0379 5236 \Device\Harddisk0\DR0:
15:24:08.0379 5236 MBR used
15:24:08.0379 5236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
15:24:08.0411 5236 Initialize success
15:24:08.0411 5236 ============================================================
15:24:10.0626 6012 ============================================================
15:24:10.0626 6012 Scan started
15:24:10.0626 6012 Mode: Manual;
15:24:10.0626 6012 ============================================================
15:24:11.0796 6012 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:24:11.0796 6012 1394ohci - ok
15:24:11.0842 6012 Acceler (3e58933198689f24cfa6ed4b93a80deb) C:\Windows\system32\DRIVERS\Accelern.sys
15:24:11.0858 6012 Acceler - ok
15:24:11.0889 6012 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:24:11.0905 6012 ACPI - ok
15:24:11.0920 6012 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:24:11.0920 6012 AcpiPmi - ok
15:24:11.0983 6012 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:24:11.0998 6012 adp94xx - ok
15:24:12.0030 6012 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:24:12.0030 6012 adpahci - ok
15:24:12.0186 6012 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:24:12.0186 6012 adpu320 - ok
15:24:12.0279 6012 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:24:12.0295 6012 AFD - ok
15:24:12.0326 6012 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:24:12.0326 6012 agp440 - ok
15:24:12.0388 6012 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:24:12.0388 6012 aic78xx - ok
15:24:12.0435 6012 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:24:12.0451 6012 aliide - ok
15:24:12.0482 6012 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:24:12.0482 6012 amdagp - ok
15:24:12.0513 6012 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:24:12.0529 6012 amdide - ok
15:24:12.0560 6012 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:24:12.0576 6012 AmdK8 - ok
15:24:12.0607 6012 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:24:12.0607 6012 AmdPPM - ok
15:24:12.0654 6012 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:24:12.0669 6012 amdsata - ok
15:24:12.0716 6012 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:24:12.0716 6012 amdsbs - ok
15:24:12.0763 6012 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:24:12.0763 6012 amdxata - ok
15:24:12.0825 6012 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:24:12.0841 6012 ApfiltrService - ok
15:24:12.0872 6012 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:24:12.0872 6012 AppID - ok
15:24:12.0950 6012 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:24:12.0950 6012 arc - ok
15:24:12.0997 6012 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:24:12.0997 6012 arcsas - ok
15:24:13.0059 6012 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:24:13.0059 6012 AsyncMac - ok
15:24:13.0090 6012 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:24:13.0090 6012 atapi - ok
15:24:13.0153 6012 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:24:13.0168 6012 b06bdrv - ok
15:24:13.0215 6012 b57nd60x (68fb5af4534aa98b364ea585703d2456) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:24:13.0231 6012 b57nd60x - ok
15:24:13.0387 6012 BCM43XX (684320e13cff66cbac085654e26ed712) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:24:13.0465 6012 BCM43XX - ok
15:24:13.0512 6012 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:24:13.0512 6012 Beep - ok
15:24:13.0558 6012 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:24:13.0558 6012 blbdrive - ok
15:24:13.0605 6012 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:24:13.0621 6012 bowser - ok
15:24:13.0652 6012 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:24:13.0652 6012 BrFiltLo - ok
15:24:13.0683 6012 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:24:13.0683 6012 BrFiltUp - ok
15:24:13.0746 6012 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:24:13.0746 6012 BridgeMP - ok
15:24:13.0792 6012 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:24:13.0792 6012 Brserid - ok
15:24:13.0839 6012 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:24:13.0839 6012 BrSerWdm - ok
15:24:13.0886 6012 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:24:13.0886 6012 BrUsbMdm - ok
15:24:13.0917 6012 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:24:13.0917 6012 BrUsbSer - ok
15:24:13.0980 6012 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
15:24:13.0980 6012 BthEnum - ok
15:24:14.0026 6012 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:24:14.0026 6012 BTHMODEM - ok
15:24:14.0058 6012 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
15:24:14.0058 6012 BthPan - ok
15:24:14.0104 6012 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
15:24:14.0120 6012 BTHPORT - ok
15:24:14.0167 6012 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
15:24:14.0167 6012 BTHUSB - ok
15:24:14.0245 6012 catchme - ok
15:24:14.0323 6012 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:24:14.0323 6012 cdfs - ok
15:24:14.0370 6012 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:24:14.0370 6012 cdrom - ok
15:24:14.0416 6012 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:24:14.0416 6012 circlass - ok
15:24:14.0463 6012 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:24:14.0479 6012 CLFS - ok
15:24:14.0526 6012 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:24:14.0526 6012 CmBatt - ok
15:24:14.0541 6012 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:24:14.0541 6012 cmdide - ok
15:24:14.0604 6012 CmgHiber (cfed35f6feba2d0bad9f7b21922fd974) C:\Windows\system32\DRIVERS\CmgHiber.sys
15:24:14.0604 6012 CmgHiber - ok
15:24:14.0713 6012 CmgShieldCEF (b67c27ce724c8342846c33faa7b7fc9f) C:\Windows\system32\DRIVERS\CMGShCEF.sys
15:24:14.0728 6012 CmgShieldCEF - ok
15:24:14.0760 6012 CMGShieldReg (09fcc5d7e01057cb592e214d43f5e060) C:\Windows\system32\DRIVERS\CmgShREG.sys
15:24:14.0760 6012 CMGShieldReg - ok
15:24:14.0822 6012 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
15:24:14.0822 6012 CNG - ok
15:24:14.0869 6012 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:24:14.0869 6012 Compbatt - ok
15:24:14.0900 6012 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:24:14.0900 6012 CompositeBus - ok
15:24:14.0947 6012 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:24:14.0947 6012 crcdisk - ok
15:24:15.0009 6012 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:24:15.0009 6012 CSC - ok
15:24:15.0072 6012 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
15:24:15.0072 6012 CVirtA - ok
15:24:15.0150 6012 CVPNDRVA (d46b2e0eeaf349f2085f8b164e462156) C:\Windows\system32\Drivers\CVPNDRVA.sys
15:24:15.0150 6012 CVPNDRVA - ok
15:24:15.0196 6012 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:24:15.0196 6012 DfsC - ok
15:24:15.0228 6012 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:24:15.0228 6012 discache - ok
15:24:15.0274 6012 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
15:24:15.0274 6012 Disk - ok
15:24:15.0321 6012 DLABMFSM (a0500678a33802d8954153839301d539) C:\Windows\system32\Drivers\DLABMFSM.SYS
15:24:15.0321 6012 DLABMFSM - ok
15:24:15.0368 6012 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\Windows\system32\Drivers\DLABOIOM.SYS
15:24:15.0368 6012 DLABOIOM - ok
15:24:15.0399 6012 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\Windows\system32\Drivers\DLACDBHM.SYS
15:24:15.0399 6012 DLACDBHM - ok
15:24:15.0430 6012 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\Windows\system32\Drivers\DLADResM.SYS
15:24:15.0430 6012 DLADResM - ok
15:24:15.0462 6012 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\Windows\system32\Drivers\DLAIFS_M.SYS
15:24:15.0462 6012 DLAIFS_M - ok
15:24:15.0493 6012 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\Windows\system32\Drivers\DLAOPIOM.SYS
15:24:15.0493 6012 DLAOPIOM - ok
15:24:15.0508 6012 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\Windows\system32\Drivers\DLAPoolM.SYS
15:24:15.0508 6012 DLAPoolM - ok
15:24:15.0540 6012 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\Windows\system32\Drivers\DLARTL_M.SYS
15:24:15.0540 6012 DLARTL_M - ok
15:24:15.0571 6012 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\Windows\system32\Drivers\DLAUDFAM.SYS
15:24:15.0571 6012 DLAUDFAM - ok
15:24:15.0602 6012 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\Windows\system32\Drivers\DLAUDF_M.SYS
15:24:15.0602 6012 DLAUDF_M - ok
15:24:15.0649 6012 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
15:24:15.0649 6012 DNE - ok
15:24:15.0727 6012 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
15:24:15.0727 6012 dot4 - ok
15:24:15.0758 6012 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:24:15.0758 6012 Dot4Print - ok
15:24:15.0789 6012 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
15:24:15.0789 6012 dot4usb - ok
15:24:15.0836 6012 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:24:15.0836 6012 drmkaud - ok
15:24:15.0867 6012 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\Windows\system32\Drivers\DRVMCDB.SYS
15:24:15.0883 6012 DRVMCDB - ok
15:24:15.0898 6012 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\Windows\system32\Drivers\DRVNDDM.SYS
15:24:15.0898 6012 DRVNDDM - ok
15:24:15.0961 6012 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:24:15.0976 6012 DXGKrnl - ok
15:24:16.0101 6012 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:24:16.0148 6012 ebdrv - ok
15:24:16.0257 6012 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:24:16.0273 6012 eeCtrl - ok
15:24:16.0335 6012 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:24:16.0351 6012 elxstor - ok
15:24:16.0413 6012 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:24:16.0413 6012 EraserUtilRebootDrv - ok
15:24:16.0429 6012 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:24:16.0429 6012 ErrDev - ok
15:24:16.0491 6012 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:24:16.0491 6012 exfat - ok
15:24:16.0522 6012 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:24:16.0538 6012 fastfat - ok
15:24:16.0569 6012 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:24:16.0569 6012 fdc - ok
15:24:16.0600 6012 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:24:16.0600 6012 FileInfo - ok
15:24:16.0632 6012 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:24:16.0632 6012 Filetrace - ok
15:24:16.0663 6012 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:24:16.0663 6012 flpydisk - ok
15:24:16.0694 6012 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:24:16.0694 6012 FltMgr - ok
15:24:16.0741 6012 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:24:16.0741 6012 FsDepends - ok
15:24:16.0772 6012 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:24:16.0772 6012 Fs_Rec - ok
15:24:16.0803 6012 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:24:16.0819 6012 fvevol - ok
15:24:16.0850 6012 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:24:16.0850 6012 gagp30kx - ok
15:24:16.0881 6012 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:24:16.0881 6012 hcw85cir - ok
15:24:16.0912 6012 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:24:16.0928 6012 HdAudAddService - ok
15:24:16.0959 6012 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:24:16.0959 6012 HDAudBus - ok
15:24:16.0990 6012 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:24:16.0990 6012 HidBatt - ok
15:24:17.0022 6012 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:24:17.0022 6012 HidBth - ok
15:24:17.0053 6012 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:24:17.0053 6012 HidIr - ok
15:24:17.0084 6012 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:24:17.0084 6012 HidUsb - ok
15:24:17.0131 6012 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:24:17.0131 6012 HpSAMD - ok
15:24:17.0240 6012 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:24:17.0240 6012 HTTP - ok
15:24:17.0318 6012 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:24:17.0318 6012 hwpolicy - ok
15:24:17.0365 6012 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:24:17.0365 6012 i8042prt - ok
15:24:17.0427 6012 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:24:17.0427 6012 iaStorV - ok
15:24:17.0724 6012 igfx (0df8f6eae9286d9d3fecac8a46355f70) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:24:17.0911 6012 igfx - ok
15:24:17.0942 6012 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:24:17.0942 6012 iirsp - ok
15:24:17.0989 6012 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:24:18.0004 6012 IntcDAud - ok
15:24:18.0036 6012 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:24:18.0036 6012 intelide - ok
15:24:18.0082 6012 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:24:18.0082 6012 intelppm - ok
15:24:18.0114 6012 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:24:18.0114 6012 IpFilterDriver - ok
15:24:18.0160 6012 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:24:18.0160 6012 IPMIDRV - ok
15:24:18.0192 6012 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:24:18.0192 6012 IPNAT - ok
15:24:18.0223 6012 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:24:18.0223 6012 IRENUM - ok
15:24:18.0238 6012 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:24:18.0254 6012 isapnp - ok
15:24:18.0285 6012 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:24:18.0285 6012 iScsiPrt - ok
15:24:18.0332 6012 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:24:18.0332 6012 kbdclass - ok
15:24:18.0363 6012 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:24:18.0363 6012 kbdhid - ok
15:24:18.0410 6012 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
15:24:18.0426 6012 KSecDD - ok
15:24:18.0441 6012 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
15:24:18.0457 6012 KSecPkg - ok
15:24:18.0504 6012 ldblank (b42d0d37f8c76ed9a462404afe520edb) C:\Windows\system32\DRIVERS\ldblank.sys
15:24:18.0519 6012 ldblank - ok
15:24:18.0550 6012 ldmirror (a3b89beb5fb3ad3bef5e58a5885aea63) C:\Windows\system32\DRIVERS\ldmirror.sys
15:24:18.0550 6012 ldmirror - ok
15:24:18.0613 6012 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:24:18.0613 6012 lltdio - ok
15:24:18.0691 6012 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:24:18.0691 6012 LSI_FC - ok
15:24:18.0722 6012 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:24:18.0738 6012 LSI_SAS - ok
15:24:18.0769 6012 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:24:18.0769 6012 LSI_SAS2 - ok
15:24:18.0816 6012 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:24:18.0816 6012 LSI_SCSI - ok
15:24:18.0847 6012 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:24:18.0862 6012 luafv - ok
15:24:18.0894 6012 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:24:18.0894 6012 megasas - ok
15:24:18.0940 6012 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:24:18.0940 6012 MegaSR - ok
15:24:19.0003 6012 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
15:24:19.0003 6012 MEI - ok
15:24:19.0050 6012 mirrorflt (aadae4ec10f7075217e87c5cfc0580c9) C:\Windows\system32\DRIVERS\mirrorflt.sys
15:24:19.0050 6012 mirrorflt - ok
15:24:19.0081 6012 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:24:19.0081 6012 Modem - ok
15:24:19.0112 6012 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:24:19.0112 6012 monitor - ok
15:24:19.0143 6012 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:24:19.0159 6012 mouclass - ok
15:24:19.0190 6012 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:24:19.0190 6012 mouhid - ok
15:24:19.0252 6012 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:24:19.0252 6012 mountmgr - ok
15:24:19.0299 6012 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:24:19.0299 6012 mpio - ok
15:24:19.0330 6012 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:24:19.0330 6012 mpsdrv - ok
15:24:19.0377 6012 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:24:19.0377 6012 MRxDAV - ok
15:24:19.0424 6012 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:24:19.0424 6012 mrxsmb - ok
15:24:19.0486 6012 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:24:19.0486 6012 mrxsmb10 - ok
15:24:19.0533 6012 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:24:19.0533 6012 mrxsmb20 - ok
15:24:19.0564 6012 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
15:24:19.0564 6012 msahci - ok
15:24:19.0611 6012 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:24:19.0611 6012 msdsm - ok
15:24:19.0674 6012 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:24:19.0674 6012 Msfs - ok
15:24:19.0705 6012 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:24:19.0705 6012 mshidkmdf - ok
15:24:19.0720 6012 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:24:19.0720 6012 msisadrv - ok
15:24:19.0783 6012 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:24:19.0783 6012 MSKSSRV - ok
15:24:19.0814 6012 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:24:19.0830 6012 MSPCLOCK - ok
15:24:19.0861 6012 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:24:19.0861 6012 MSPQM - ok
15:24:19.0892 6012 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:24:19.0892 6012 MsRPC - ok
15:24:19.0923 6012 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:24:19.0939 6012 mssmbios - ok
15:24:19.0970 6012 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:24:19.0970 6012 MSTEE - ok
15:24:20.0001 6012 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:24:20.0001 6012 MTConfig - ok
15:24:20.0032 6012 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:24:20.0032 6012 Mup - ok
15:24:20.0110 6012 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:24:20.0126 6012 NativeWifiP - ok
15:24:20.0235 6012 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120312.035\NAVENG.SYS
15:24:20.0235 6012 NAVENG - ok
15:24:20.0329 6012 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120312.035\NAVEX15.SYS
15:24:20.0360 6012 NAVEX15 - ok
15:24:20.0438 6012 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:24:20.0454 6012 NDIS - ok
15:24:20.0500 6012 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:24:20.0500 6012 NdisCap - ok
15:24:20.0532 6012 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:24:20.0532 6012 NdisTapi - ok
15:24:20.0563 6012 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:24:20.0563 6012 Ndisuio - ok
15:24:20.0610 6012 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:24:20.0610 6012 NdisWan - ok
15:24:20.0641 6012 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:24:20.0641 6012 NDProxy - ok
15:24:20.0672 6012 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:24:20.0672 6012 NetBIOS - ok
15:24:20.0703 6012 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:24:20.0719 6012 NetBT - ok
15:24:20.0781 6012 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:24:20.0781 6012 nfrd960 - ok
15:24:20.0828 6012 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:24:20.0828 6012 Npfs - ok
15:24:20.0890 6012 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:24:20.0890 6012 nsiproxy - ok
15:24:20.0984 6012 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:24:21.0015 6012 Ntfs - ok
15:24:21.0046 6012 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:24:21.0046 6012 Null - ok
15:24:21.0093 6012 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:24:21.0109 6012 nvraid - ok
15:24:21.0140 6012 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:24:21.0140 6012 nvstor - ok
15:24:21.0187 6012 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:24:21.0187 6012 nv_agp - ok
15:24:21.0234 6012 O2MDFRDR (5f63917fcc257ed11e828230be594194) C:\Windows\system32\drivers\O2MDFw7.sys
15:24:21.0234 6012 O2MDFRDR - ok
15:24:21.0280 6012 O2MDRRDR (f24dc5d512ff86576f406e9c1427e8bb) C:\Windows\system32\DRIVERS\O2MDRxp.sys
15:24:21.0280 6012 O2MDRRDR - ok
15:24:21.0312 6012 O2SDJRDR (c43c2170e318c66944128f5ea030068a) C:\Windows\system32\DRIVERS\o2sdjxp.sys
15:24:21.0312 6012 O2SDJRDR - ok
15:24:21.0358 6012 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:24:21.0358 6012 ohci1394 - ok
15:24:21.0436 6012 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:24:21.0436 6012 Parport - ok
15:24:21.0468 6012 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:24:21.0468 6012 partmgr - ok
15:24:21.0483 6012 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:24:21.0483 6012 Parvdm - ok
15:24:21.0514 6012 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\drivers\pci.sys
15:24:21.0530 6012 pci - ok
15:24:21.0546 6012 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:24:21.0546 6012 pciide - ok
15:24:21.0577 6012 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:24:21.0577 6012 pcmcia - ok
15:24:21.0608 6012 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:24:21.0608 6012 pcw - ok
15:24:21.0655 6012 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:24:21.0655 6012 PEAUTH - ok
15:24:21.0764 6012 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:24:21.0780 6012 PptpMiniport - ok
15:24:21.0795 6012 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:24:21.0811 6012 Processor - ok
15:24:21.0842 6012 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:24:21.0842 6012 Psched - ok
15:24:21.0889 6012 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
15:24:21.0904 6012 PxHelp20 - ok
15:24:21.0967 6012 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:24:21.0998 6012 ql2300 - ok
15:24:22.0029 6012 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:24:22.0029 6012 ql40xx - ok
15:24:22.0060 6012 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:24:22.0060 6012 QWAVEdrv - ok
15:24:22.0076 6012 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:24:22.0076 6012 RasAcd - ok
15:24:22.0123 6012 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:24:22.0123 6012 RasAgileVpn - ok
15:24:22.0154 6012 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:24:22.0170 6012 Rasl2tp - ok
15:24:22.0201 6012 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:24:22.0216 6012 RasPppoe - ok
15:24:22.0248 6012 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:24:22.0248 6012 RasSstp - ok
15:24:22.0294 6012 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:24:22.0294 6012 rdbss - ok
15:24:22.0341 6012 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:24:22.0357 6012 rdpbus - ok
15:24:22.0372 6012 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:24:22.0372 6012 RDPCDD - ok
15:24:22.0419 6012 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:24:22.0419 6012 RDPDR - ok
15:24:22.0450 6012 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:24:22.0450 6012 RDPENCDD - ok
15:24:22.0482 6012 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:24:22.0482 6012 RDPREFMP - ok
15:24:22.0513 6012 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:24:22.0513 6012 RDPWD - ok
15:24:22.0560 6012 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:24:22.0575 6012 rdyboost - ok
15:24:22.0622 6012 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
15:24:22.0638 6012 RFCOMM - ok
15:24:22.0669 6012 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\System32\Drivers\RimUsb.sys
15:24:22.0684 6012 RimUsb - ok
15:24:22.0731 6012 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
15:24:22.0731 6012 RimVSerPort - ok
15:24:22.0762 6012 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
15:24:22.0778 6012 ROOTMODEM - ok
15:24:22.0809 6012 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:24:22.0825 6012 rspndr - ok
15:24:22.0856 6012 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:24:22.0856 6012 s3cap - ok
15:24:22.0965 6012 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:24:22.0965 6012 SASDIFSV - ok
15:24:22.0996 6012 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:24:22.0996 6012 SASKUTIL - ok
15:24:23.0043 6012 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:24:23.0043 6012 sbp2port - ok
15:24:23.0106 6012 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:24:23.0106 6012 scfilter - ok
15:24:23.0152 6012 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
15:24:23.0152 6012 sdbus - ok
15:24:23.0215 6012 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:24:23.0215 6012 secdrv - ok
15:24:23.0262 6012 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:24:23.0277 6012 Serenum - ok
15:24:23.0308 6012 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:24:23.0308 6012 Serial - ok
15:24:23.0355 6012 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:24:23.0355 6012 sermouse - ok
15:24:23.0418 6012 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:24:23.0418 6012 sffdisk - ok
15:24:23.0449 6012 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:24:23.0449 6012 sffp_mmc - ok
15:24:23.0480 6012 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:24:23.0480 6012 sffp_sd - ok
15:24:23.0511 6012 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:24:23.0511 6012 sfloppy - ok
15:24:23.0558 6012 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:24:23.0558 6012 sisagp - ok
15:24:23.0605 6012 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:24:23.0605 6012 SiSRaid2 - ok
15:24:23.0652 6012 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:24:23.0652 6012 SiSRaid4 - ok
15:24:23.0698 6012 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:24:23.0698 6012 Smb - ok
15:24:23.0854 6012 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
15:24:23.0854 6012 SPBBCDrv - ok
15:24:23.0886 6012 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:24:23.0901 6012 spldr - ok
15:24:23.0948 6012 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
15:24:23.0948 6012 SRTSP - ok
15:24:23.0995 6012 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
15:24:23.0995 6012 SRTSPL - ok
15:24:24.0026 6012 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
15:24:24.0026 6012 SRTSPX - ok
15:24:24.0073 6012 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:24:24.0088 6012 srv - ok
15:24:24.0135 6012 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:24:24.0151 6012 srv2 - ok
15:24:24.0182 6012 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:24:24.0182 6012 srvnet - ok
15:24:24.0260 6012 stdcfltn (1e72739a30a0d3e3fc95ebb07f83912d) C:\Windows\system32\DRIVERS\stdcfltn.sys
15:24:24.0260 6012 stdcfltn - ok
15:24:24.0307 6012 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:24:24.0307 6012 stexstor - ok
15:24:24.0369 6012 STHDA (21f813319985592b484932fac7167956) C:\Windows\system32\DRIVERS\stwrt.sys
15:24:24.0385 6012 STHDA - ok
15:24:24.0447 6012 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:24:24.0447 6012 storflt - ok
15:24:24.0478 6012 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:24:24.0478 6012 storvsc - ok
15:24:24.0510 6012 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:24:24.0525 6012 swenum - ok
15:24:24.0603 6012 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:24:24.0603 6012 SymEvent - ok
15:24:24.0634 6012 SysPlant (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
15:24:24.0650 6012 SysPlant - ok
15:24:24.0744 6012 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
15:24:24.0759 6012 Tcpip - ok
15:24:24.0837 6012 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
15:24:24.0868 6012 TCPIP6 - ok
15:24:24.0900 6012 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:24:24.0900 6012 tcpipreg - ok
15:24:24.0931 6012 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:24:24.0931 6012 TDPIPE - ok
15:24:24.0962 6012 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:24:24.0962 6012 TDTCP - ok
15:24:25.0009 6012 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:24:25.0009 6012 tdx - ok
15:24:25.0040 6012 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\Windows\system32\DRIVERS\teefer2.sys
15:24:25.0040 6012 Teefer2 - ok
15:24:25.0071 6012 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:24:25.0087 6012 TermDD - ok
15:24:25.0149 6012 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:24:25.0149 6012 tssecsrv - ok
15:24:25.0212 6012 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:24:25.0212 6012 tunnel - ok
15:24:25.0243 6012 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:24:25.0243 6012 uagp35 - ok
15:24:25.0290 6012 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:24:25.0305 6012 udfs - ok
15:24:25.0352 6012 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:24:25.0352 6012 uliagpkx - ok
15:24:25.0399 6012 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:24:25.0399 6012 umbus - ok
15:24:25.0414 6012 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:24:25.0430 6012 UmPass - ok
15:24:25.0492 6012 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
15:24:25.0492 6012 usbccgp - ok
15:24:25.0524 6012 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:24:25.0524 6012 usbcir - ok
15:24:25.0555 6012 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
15:24:25.0555 6012 usbehci - ok
15:24:25.0617 6012 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:24:25.0633 6012 usbhub - ok
15:24:25.0664 6012 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
15:24:25.0664 6012 usbohci - ok
15:24:25.0711 6012 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:24:25.0711 6012 usbprint - ok
15:24:25.0742 6012 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:24:25.0758 6012 USBSTOR - ok
15:24:25.0804 6012 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
15:24:25.0804 6012 usbuhci - ok
15:24:25.0851 6012 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:24:25.0851 6012 vdrvroot - ok
15:24:25.0898 6012 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:24:25.0898 6012 vga - ok
15:24:25.0929 6012 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:24:25.0929 6012 VgaSave - ok
15:24:25.0976 6012 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:24:25.0976 6012 vhdmp - ok
15:24:26.0023 6012 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:24:26.0023 6012 viaagp - ok
15:24:26.0054 6012 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:24:26.0054 6012 ViaC7 - ok
15:24:26.0085 6012 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:24:26.0085 6012 viaide - ok
15:24:26.0132 6012 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:24:26.0132 6012 vmbus - ok
15:24:26.0163 6012 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:24:26.0163 6012 VMBusHID - ok
15:24:26.0210 6012 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:24:26.0210 6012 volmgr - ok
15:24:26.0272 6012 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:24:26.0272 6012 volmgrx - ok
15:24:26.0319 6012 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:24:26.0319 6012 volsnap - ok
15:24:26.0382 6012 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
15:24:26.0382 6012 vpnva - ok
15:24:26.0444 6012 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:24:26.0444 6012 vsmraid - ok
15:24:26.0491 6012 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:24:26.0491 6012 vwifibus - ok
15:24:26.0538 6012 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:24:26.0538 6012 vwififlt - ok
15:24:26.0616 6012 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:24:26.0616 6012 WacomPen - ok
15:24:26.0678 6012 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:24:26.0678 6012 WANARP - ok
15:24:26.0694 6012 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:24:26.0694 6012 Wanarpv6 - ok
15:24:26.0787 6012 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:24:26.0787 6012 Wd - ok
15:24:26.0850 6012 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
15:24:26.0850 6012 WDC_SAM - ok
15:24:26.0896 6012 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:24:26.0912 6012 Wdf01000 - ok
15:24:26.0990 6012 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:24:26.0990 6012 WfpLwf - ok
15:24:27.0037 6012 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:24:27.0037 6012 WIMMount - ok
15:24:27.0130 6012 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:24:27.0130 6012 WmiAcpi - ok
15:24:27.0224 6012 WPS (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\Windows\system32\drivers\wpsdrvnt.sys
15:24:27.0224 6012 WPS - ok
15:24:27.0286 6012 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
15:24:27.0286 6012 WpsHelper - ok
15:24:27.0318 6012 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:24:27.0333 6012 ws2ifsl - ok
15:24:27.0380 6012 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:24:27.0380 6012 WudfPf - ok
15:24:27.0411 6012 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:24:27.0427 6012 WUDFRd - ok
15:24:27.0489 6012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:24:27.0567 6012 \Device\Harddisk0\DR0 - ok
15:24:27.0583 6012 Boot (0x1200) (3b16f3ee1a621839c644e0ed93d127e2) \Device\Harddisk0\DR0\Partition0
15:24:27.0583 6012 \Device\Harddisk0\DR0\Partition0 - ok
15:24:27.0583 6012 ============================================================
15:24:27.0583 6012 Scan finished
15:24:27.0583 6012 ============================================================
15:24:27.0614 3428 Detected object count: 0
15:24:27.0614 3428 Actual detected object count: 0




And dds...



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by VISHERRILL at 15:25:59 on 2012-03-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3241.2057 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\CmgShieldSvc.exe
C:\Windows\system32\EMSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Lotus\Notes\nslsvice.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Windows\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Lotus\Notes\nsd.exe
C:\Lotus\Notes\ntmulti.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PrinterSwitcher\PSS.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\CmgShieldUI.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\PrinterSwitcher\PrinterSwitcher.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\visherrill\Desktop\tdsskiller.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [eCopy Scan Inbox Monitor] "c:\program files\ecopy\paperworks\bin\InboxMonitor.exe" -run
mRun: [eCopyPWPrntHlpr] "c:\program files\ecopy\paperworks\bin\eCopyPWPrntHlpr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ricohcfn] "c:\windows\system32\drivers\lchkfn.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IBM Lotus Notes Preloader] "c:\lotus\notes\nntspreld.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe
mRun: [EmsService] EmsServiceHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\printe~1.lnk - c:\program files\printerswitcher\PrinterSwitcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{f3c1de9e-5e16-4ba9-b854-7b53a45e3579}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: bigmachines.com
Trusted Zone: ca02ntas02
Trusted Zone: documentmall.com
Trusted Zone: ikon.net
Trusted Zone: ikon.org
Trusted Zone: intuit.com\ttlc
Trusted Zone: isuiteonline.com
Trusted Zone: lanier.com
Trusted Zone: madisonpg.com\infocenter
Trusted Zone: nj02ldesk01
Trusted Zone: ricoh
Trusted Zone: ricoh-la.com\www1
Trusted Zone: ricoh-usa.com
Trusted Zone: ricoh.com
Trusted Zone: ricoh.com\*.wc
Trusted Zone: ricoh.com\rcg.support
Trusted Zone: ricoh.ds\*.us
Trusted Zone: salesforce.com
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxp://mgamac04.us.ricoh.ds/dwa85W.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://ssl2.ricoh-usa.com/+CSCOL+/csvrloader32.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://ssl2.ricoh-usa.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://mgamac04.us.ricoh.ds/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://ssl1.ricoh-usa.com/CACHE/sdesktop/install/binaries/instweb.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F33B353-7D4E-4BFD-93C5-2E7C422916A7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F33B353-7D4E-4BFD-93C5-2E7C422916A7}\94E4455425D45434 : DhcpNameServer = 10.10.45.3 10.77.52.236 10.10.35.3
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\visherrill\appdata\roaming\mozilla\firefox\profiles\d8x9dbcs.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CmgHiber;CmgHiber;c:\windows\system32\drivers\CmgHiber.sys [2011-5-4 101544]
R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [2011-5-4 303784]
R0 CMGShieldReg;CMGShieldReg;c:\windows\system32\drivers\CmgShREG.sys [2011-5-4 22696]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-7-22 17648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-7-22 81920]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2009-11-10 155648]
R2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2011-5-4 2762152]
R2 EMS;EMS;EMSService.exe --> EMSService.exe [?]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2011-7-22 139264]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\notes\nsd.exe -svcinvoke -ini "c:\lotus\notes\notes.ini" --> c:\lotus\notes\nsd.exe -svcinvoke -ini c:\lotus\notes\notes.ini [?]
R2 Printer Switcher Service;Printer Switcher Service;c:\program files\printerswitcher\PSS.exe [2011-7-22 240440]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2011-7-22 385024]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-9 1831024]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-10-21 592120]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-4-6 43888]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-4-6 349736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-16 106104]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-4-6 269824]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2011-7-22 5120]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-6 41088]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2011-7-22 6144]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\o2mdrxp.sys [2011-4-6 61728]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [2011-4-6 63136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2011-7-22 14336]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2011-4-6 60904]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-8 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-03-13 18:38:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-13 18:38:06 -------- d-----w- c:\users\visherrill\appdata\local\temp
2012-03-13 18:15:12 -------- d-----w- C:\ComboFix
2012-03-12 23:08:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-08 12:59:34 -------- d-----w- c:\windows\system32\Wat
2012-02-18 20:26:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-18 20:26:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-18 20:25:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 20:27:49 98816 ----a-w- c:\windows\sed.exe
2012-02-16 20:27:49 518144 ----a-w- c:\windows\SWREG.exe
2012-02-16 20:27:49 256000 ----a-w- c:\windows\PEV.exe
2012-02-16 20:27:49 208896 ----a-w- c:\windows\MBR.exe
2012-02-15 13:01:58 386048 ----a-w- c:\windows\system32\html.iec
2012-02-15 13:01:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 13:01:52 2340864 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-26 13:37:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 09:03:07 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-03 05:44:24 478208 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 08:02:26 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
.
============= FINISH: 15:27:43.29 ===============


Attach .txt

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2011 7:41:47 AM
System Uptime: 3/13/2012 10:27:09 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 0H5TG2
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 201.543 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
BlackBerry Desktop Software 5.0.1
Carolina Barcode Fonts Demo v5
Cisco AnyConnect VPN Client
Cisco Systems VPN Client 5.0.05.0290
CMG Windows Shield
Dell Touchpad
E-Term for IBM
E-Term32
eCopy PaperWorks
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 21
LANDesk Advance Agent
LANDesk® Common Base Agent 8
LiveUpdate 3.3 (Symantec Corporation)
Lotus Notes 8.5.2
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel Viewer
Microsoft Office Outlook 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Oracle JInitiator 1.1.8.16
PowerDVD
PrinterSwitcher 1.0.2.0
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
swMSM
Symantec Endpoint Protection
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vista Plus ™ Windows Client 4.40
WinZip 11.2
WinZip Command Line Support Add-On 2.3
.
==== Event Viewer Messages From Past Week ========
.
3/13/2012 7:57:25 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/13/2012 7:57:25 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/13/2012 7:57:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/13/2012 7:57:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/13/2012 7:57:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/13/2012 7:57:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
3/13/2012 7:57:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/13/2012 7:57:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/13/2012 7:57:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX SysPlant Wanarpv6
3/13/2012 2:28:29 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain US due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/13/2012 10:41:19 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
3/13/2012 10:30:59 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
3/13/2012 1:34:50 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/13/2012 1:15:06 PM, Error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).
3/12/2012 5:27:34 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/12/2012 4:29:26 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/12/2012 3:52:27 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/12/2012 10:41:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:41:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/12/2012 10:41:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/12/2012 10:40:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX SysPlant tdx vwififlt Wanarpv6 WfpLwf WPS ws2ifsl
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:54 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 10:40:52 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/11/2012 10:47:12 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
3/11/2012 10:47:07 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
.
==== End Of File ===========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 13 March 2012 - 04:40 PM

Hello


send me the report from asweMBR


Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2012 - 05:46 PM

Ok here is the avast log file gringo... Also, I noticed that symatec had found a trojan.gen while aswMBR was running. Not sure if i should have disabled prior to scan or not.?.?


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 17:05:10
-----------------------------
17:05:10.856 OS Version: Windows 6.1.7600
17:05:10.856 Number of processors: 4 586 0x2A07
17:05:10.871 ComputerName: FCNLKQ1 UserName:
17:05:12.275 Initialize success
17:07:11.039 AVAST engine defs: 12031300
17:07:56.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:07:56.373 Disk 0 Vendor: ST9250410AS D005SDM1 Size: 238475MB BusType: 11
17:07:56.435 Disk 0 MBR read successfully
17:07:56.435 Disk 0 MBR scan
17:07:56.466 Disk 0 Windows 7 default MBR code
17:07:56.482 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
17:07:56.497 Disk 0 scanning sectors +488394752
17:07:56.622 Disk 0 scanning C:\Windows\system32\drivers
17:08:34.374 Service scanning
17:09:06.822 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
17:09:07.727 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
17:09:13.764 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
17:09:14.373 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
17:09:16.276 Modules scanning
17:09:25.199 Disk 0 trace - called modules:
17:09:25.230 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
17:09:25.246 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3a760]
17:09:25.262 3 CLASSPNP.SYS[8c10a59e] -> nt!IofCallDriver -> [0x86a3ad88]
17:09:25.277 5 stdcfltn.sys[8c074896] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86058908]
17:09:26.213 AVAST engine scan C:\Windows
17:09:32.328 AVAST engine scan C:\Windows\system32
17:16:13.467 AVAST engine scan C:\Windows\system32\drivers
17:22:41.208 AVAST engine scan C:\Users\visherrill
17:34:55.055 AVAST engine scan C:\ProgramData
17:37:27.164 Scan finished successfully
17:39:54.624 Disk 0 MBR has been saved successfully to "C:\Users\visherrill\Desktop\MBR.dat"
17:39:54.640 The log file has been saved successfully to "C:\Users\visherrill\Desktop\aswMBR.txt"

#10 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2012 - 05:54 PM

Gringo, here is what the Symatec recently found in its quarantine...

Trojan.Gen.2 (risk) unp126452860.tmp (filename)

Maybe it just thought that Avast was a risk..


Also, I did NOT click "fixMBR" . I assume that is correct?

Edited by Vinson, 13 March 2012 - 05:59 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 13 March 2012 - 08:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2012 - 10:55 PM

Gringo it seems to be working much better! No more redirects so far! Here is the latest combo fix log..


Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3241.1738 [GMT -5:00]
Running from: c:\users\xxxxxxx\Desktop\ComboFix.exe
Command switches used :: c:\users\ill\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 03:14 . 2012-03-14 03:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-14 03:14 . 2012-03-14 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 03:14 . 2012-03-14 03:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-13 18:38 . 2012-03-14 03:14 -------- d-----w- c:\users\visherrill\AppData\Local\temp
2012-03-12 23:08 . 2012-03-12 23:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-08 12:59 . 2012-03-08 12:59 -------- d-----w- c:\windows\system32\Wat
2012-02-18 20:26 . 2012-03-10 15:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-18 20:26 . 2012-02-18 20:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-18 20:25 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 13:01 . 2011-12-16 06:49 386048 ----a-w- c:\windows\system32\html.iec
2012-02-15 13:01 . 2011-12-16 06:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 13:01 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 13:37 . 2011-07-31 18:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 14:40 . 2012-03-12 15:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-10 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eCopy Scan Inbox Monitor"="c:\program files\eCopy\PaperWorks\Bin\InboxMonitor.exe" [2009-05-18 73728]
"eCopyPWPrntHlpr"="c:\program files\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe" [2009-05-18 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Ricohcfn"="c:\windows\system32\drivers\lchkfn.exe" [2010-11-05 310297]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-15 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-15 177176]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-15 178200]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-12-07 536668]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"IBM Lotus Notes Preloader"="c:\lotus\Notes\nntspreld.exe" [2010-08-11 20360]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-09 115560]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2011-05-04 267688]
"EmsService"="EmsServiceHelper.exe" [2011-05-04 2053544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PrinterSwitcher.lnk - c:\program files\PrinterSwitcher\PrinterSwitcher.exe [2011-7-22 668984]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2011-7-22 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2010-03-02 14336]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 CmgHiber;CmgHiber;c:\windows\system32\DRIVERS\CmgHiber.sys [2011-05-04 101544]
S0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\DRIVERS\CMGShCEF.sys [2011-05-04 303784]
S0 CMGShieldReg;CMGShieldReg;c:\windows\system32\DRIVERS\CmgShREG.sys [2011-05-04 22696]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 17648]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentagent.exe [2009-11-10 155648]
S2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2011-05-04 2762152]
S2 EMS;EMS;EMSService.exe [x]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [2010-03-22 139264]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\Notes\nsd.exe [2011-03-23 3417480]
S2 Printer Switcher Service;Printer Switcher Service;c:\program files\PrinterSwitcher\PSS.exe [2009-09-17 240440]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [2010-05-20 385024]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 43888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2010-03-02 5120]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2010-03-02 6144]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRxp.sys [2011-01-04 61728]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjxp.sys [2011-01-04 63136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 27168361
*NewlyCreated* - ASWMBR
*Deregistered* - 27168361
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: bigmachines.com
Trusted Zone: ca02ntas02
Trusted Zone: documentmall.com
Trusted Zone: ikon.net
Trusted Zone: ikon.org
Trusted Zone: intuit.com\ttlc
Trusted Zone: isuiteonline.com
Trusted Zone: lanier.com
Trusted Zone: madisonpg.com\infocenter
Trusted Zone: nj02ldesk01
Trusted Zone: ricoh
Trusted Zone: ricoh-la.com\www1
Trusted Zone: ricoh-usa.com
Trusted Zone: ricoh.com
Trusted Zone: ricoh.com\*.wc
Trusted Zone: ricoh.com\rcg.support
Trusted Zone: ricoh.ds\*.us
Trusted Zone: salesforce.com
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
TCP: DhcpNameServer = 192.168.1.254
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxp://mgamac04.us.ricoh.ds/dwa85W.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://ssl2.ricoh-usa.com/+CSCOL+/csvrloader32.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://ssl1.ricoh-usa.com/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\svnk8lv1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-13 22:18:43
ComboFix-quarantined-files.txt 2012-03-14 03:18
ComboFix2.txt 2012-03-13 18:38
ComboFix3.txt 2012-03-12 13:51
ComboFix4.txt 2012-02-16 20:49
ComboFix5.txt 2012-03-14 02:58
.
Pre-Run: 216,309,436,416 bytes free
Post-Run: 216,314,716,160 bytes free
.
- - End Of File - - 3D118BE518BA6ECA44831CC6B8B781D8

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 AM

Posted 13 March 2012 - 11:18 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.6
Java™ 6 Update 21
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 14 March 2012 - 09:07 AM

Gringo, here is the logs from both mbam & hijack this. Mbam did not find anything malicious for what it's worth. I did notice that while installing java, it couldn't create a restore point. Not sure if this is normal..

MBam log..............



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
VISHERRILL :: FCNLKQ1 [administrator]

3/14/2012 8:37:34 AM
mbam-log-2012-03-14 (08-37-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200109
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Hijackthis log..........

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:21 AM, on 3/14/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe
C:\Windows\system32\drivers\chkfn.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\CmgShieldUI.exe
C:\Windows\System32\EmsServiceHelper.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PrinterSwitcher\PrinterSwitcher.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [eCopy Scan Inbox Monitor] "C:\Program Files\eCopy\PaperWorks\Bin\InboxMonitor.exe" -run
O4 - HKLM\..\Run: [eCopyPWPrntHlpr] "C:\Program Files\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe"
O4 - HKLM\..\Run: [Ricohcfn] "c:\windows\system32\drivers\lchkfn.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IBM Lotus Notes Preloader] "C:\Lotus\Notes\nntspreld.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CmgShieldUI] C:\Windows\System32\CMGShieldUI.exe
O4 - HKLM\..\Run: [EmsService] EmsServiceHelper.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: PrinterSwitcher.lnk = C:\Program Files\PrinterSwitcher\PrinterSwitcher.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: *.bigmachines.com
O15 - Trusted Zone: http://*.ca02ntas02
O15 - Trusted Zone: *.ikon.net
O15 - Trusted Zone: *.ikon.org
O15 - Trusted Zone: *.isuiteonline.com
O15 - Trusted Zone: *.lanier.com
O15 - Trusted Zone: http://infocenter.madisonpg.com
O15 - Trusted Zone: http://*.nj02ldesk01
O15 - Trusted Zone: http://*.ricoh
O15 - Trusted Zone: http://www1.ricoh-la.com
O15 - Trusted Zone: *.ricoh-usa.com
O15 - Trusted Zone: *.wc.ricoh.com
O15 - Trusted Zone: *.ricoh.com
O15 - Trusted Zone: *.us.ricoh.ds
O15 - Trusted Zone: *.salesforce.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillwsa.com
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - http://mgamac04.us.ricoh.ds/dwa85W.cab
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://ssl2.ricoh-usa.com/+CSCOL+/csvrloader32.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://ssl2.ricoh-usa.com/CACHE/sdesktop/install/binaries/instweb.cab
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://mgamac04.us.ricoh.ds/dwa85W.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} (CSD ActiveX Installer) - https://ssl1.ricoh-usa.com/CACHE/sdesktop/install/binaries/instweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.ricoh.ds
O17 - HKLM\Software\..\Telephony: DomainName = us.ricoh.ds
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.ricoh.ds
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.ricoh.ds
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CMGShield - CREDANT Technologies, Inc. - C:\Windows\system32\CmgShieldSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EMS - CREDANT Technologies, Inc. - C:\Windows\SYSTEM32\EMSService.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Lotus\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: Printer Switcher Service - RICOH COMPANY, LTD. - C:\Program Files\PrinterSwitcher\PSS.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 9518 bytes

#15 Vinson

Vinson
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 14 March 2012 - 02:21 PM

Gringo, after doing some searching through google, I noticed that about an average of 1 out of 10 searches get redirected. It's running much better, but I thought this is something you might want to know. The redirected website was ww.gimmeanswers.org...

Thanks for all of you help thus far Sir.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users