Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/sirefef.er doesn't go away :(


  • This topic is locked This topic is locked
19 replies to this topic

#1 napio

napio

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 12 March 2012 - 11:31 PM

I acquired this virus today and although it's not popping up all the time, AVG pops up every now and again with a "threat detected" message and also I am concerned over the security of my PC.

I have already ran TDSSkiller, AVG Rootkit scan and MalwareBytes. The latter come back clean, AVG Rootkit detected threats but hasn't really sorted the problem out...

Help?

BC AdBot (Login to Remove)

 


#2 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 13 March 2012 - 12:49 AM

Forgot to attach DDS log...


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Matt at 4:21:23 on 2012-03-13
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2974.1175 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\IDrive\IDriveE Service.exe
C:\IDrive\IDriveWebM.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [IDriveE Startup] "c:\idrive\IDrvieEStartup.exe" Hide
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [<NO NAME>]
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNDc0OTgyOTM5LUJBKzEtS1YzKzctWEwrMS1UMi1GUDkyKzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwQysxLUxJQys3"&"prod=90"&"ver=10.0.1209
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\matt\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idrive\IDriveEReg2ini.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{52029D9B-B174-4A31-9A6F-BFB61693AC8D} : NameServer = 192.168.0.1
TCP: Interfaces\{E1670AE0-F04C-4C45-AD6E-C67D9EC41EB9} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-17 64512]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 38616]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2010-6-13 148936]
R2 IDriveWebM;IDrive WebManager;c:\idrive\IDriveWebM.exe [2010-6-13 267720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-12 652360]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-1-29 90112]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-24 365952]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-15 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-12 20464]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-29 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca0d2ff068934c;Google Update Service (gupdate1ca0d2ff068934c);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-24 222512]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-4-22 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-6-13 9472]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-3-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-3-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-3-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-3-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-3-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-3-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-3-25 109864]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-6-8 155344]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\tuneup utilities 2012\tuneuputilitiesservice32.exe" --> c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [?]
.
=============== Created Last 30 ================
.
2012-03-13 03:34:50 -------- d-----w- C:\sh4ldr
2012-03-13 03:34:50 -------- d-----w- c:\program files\Enigma Software Group
2012-03-13 03:33:25 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-13 03:33:24 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-12 23:37:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-12 21:46:32 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2012-03-12 21:46:20 -------- d-----w- c:\programdata\Malwarebytes
2012-03-12 21:46:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 21:46:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-12 19:23:45 -------- d--h--w- C:\$AVG
2012-03-12 19:02:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-12 18:58:44 -------- d-----w- c:\users\matt\appdata\local\iCoolsoft Studio
2012-03-12 18:58:05 -------- d-----w- c:\programdata\iCoolsoft Studio
2012-03-12 18:58:05 -------- d-----w- c:\program files\iCoolsoft Studio
2012-03-12 18:34:23 -------- d-----w- c:\program files\DSP-worx
2012-03-08 14:21:19 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-03-08 14:21:19 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-03-08 14:21:03 57800 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-03-08 14:21:03 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2012-03-08 14:21:03 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-03-08 14:21:03 120136 ----a-w- c:\windows\system32\ftbusui.dll
2012-03-05 23:31:08 -------- d-----w- c:\users\matt\{77a6c5bd-bb8b-4f28-a8af-ff1646d5108f}
2012-03-05 23:29:23 -------- d-----w- c:\users\matt\appdata\local\Linea Research
2012-03-05 23:28:32 -------- d-----w- c:\program files\Linea Research
2012-03-05 22:18:02 -------- d-----w- c:\users\matt\appdata\local\MetaGeek,_LLC
2012-03-05 21:53:04 -------- d-----w- c:\program files\MetaGeek
2012-02-23 21:23:38 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-14 13:55:40 -------- d-----w- c:\program files\Conduit
2012-02-14 13:55:37 -------- d-----w- c:\users\matt\appdata\local\Conduit
2012-02-14 13:55:28 -------- d-----w- c:\program files\uTorrent
2012-02-14 13:54:53 -------- d-----w- c:\users\matt\appdata\roaming\uTorrent
2012-02-14 02:15:53 -------- d-----w- c:\program files\Perfect Uninstaller
2012-02-14 00:14:12 -------- d-----w- c:\users\matt\appdata\roaming\AVI ReComp
2012-02-13 23:55:59 -------- d-----w- c:\program files\Xvid
2012-02-13 23:55:17 -------- d-----w- c:\program files\AVI ReComp
2012-02-13 23:12:22 -------- d-----w- c:\users\matt\appdata\local\Seven Zip
2012-02-13 22:09:50 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-13 21:29:22 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-13 21:29:21 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-13 21:28:48 -------- d-----w- c:\users\matt\appdata\roaming\TuneUp Software
2012-02-13 21:28:21 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-02-13 21:27:17 -------- d-----w- c:\programdata\TuneUp Software
2012-02-13 21:27:11 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-13 19:27:07 -------- dc-h--w- c:\programdata\~1
2012-02-13 19:20:21 -------- dc-h--w- c:\programdata\~0
2012-02-13 19:19:59 -------- d-----w- c:\users\matt\appdata\local\PackageAware
.
==================== Find3M ====================
.
2012-03-11 21:13:28 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13:26 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13:19 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-09 15:20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-25 10:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
============= FINISH: 4:22:44.10 ===============

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:12 AM

Posted 13 March 2012 - 01:17 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 13 March 2012 - 09:51 AM

Hi gringo!

Thanks a lot for your help.

I ran Combofix and when it was done I did get the message "Illegal operation attempted on a registery key that has been marked for deletion". But I restarted and everything seems to be OK so far... Although it's not even been 10 minutes yet.


==================================================================
Combofix log:


ComboFix 12-03-12.03 - Matt 13/03/2012 14:00:28.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2974.1656 [GMT 0:00]
Running from: c:\users\Matt\Documents\programs\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe649B.dll
c:\windows\$NtUninstallKB62280$\3519773209
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\L\ogejidap
c:\windows\$NtUninstallKB62280$\485945278\oemid
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\485945278\version
c:\windows\security\Database\tmp.edb
c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\avgtdix.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 14:14 . 2012-03-13 14:17 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-03-13 14:14 . 2012-03-13 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 03:34 . 2012-03-13 04:18 -------- d-----w- C:\sh4ldr
2012-03-13 03:34 . 2012-03-13 03:34 -------- d-----w- c:\program files\Enigma Software Group
2012-03-13 03:33 . 2012-03-13 04:18 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-13 03:33 . 2012-03-13 03:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-12 23:37 . 2012-03-13 03:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-12 21:46 . 2012-03-12 21:46 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-03-12 21:46 . 2012-03-12 21:46 -------- d-----w- c:\programdata\Malwarebytes
2012-03-12 21:46 . 2012-03-12 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-12 21:46 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 19:23 . 2012-03-12 19:23 -------- d-----w- C:\$AVG
2012-03-12 19:02 . 2012-03-13 13:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-12 18:58 . 2012-03-12 18:58 -------- d-----w- c:\users\Matt\AppData\Local\iCoolsoft Studio
2012-03-12 18:58 . 2012-03-12 18:58 -------- d-----w- c:\programdata\iCoolsoft Studio
2012-03-12 18:58 . 2012-03-12 18:58 -------- d-----w- c:\program files\iCoolsoft Studio
2012-03-12 18:34 . 2012-03-12 18:34 -------- d-----w- c:\program files\DSP-worx
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-09 15:21 . 2012-03-09 15:21 -------- d-----w- c:\program files\Common Files\Java
2012-03-08 14:21 . 2012-03-08 14:21 -------- d-----w- c:\program files\DIFX
2012-03-08 14:21 . 2012-03-05 23:30 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-03-08 14:21 . 2012-03-05 23:30 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-03-08 14:21 . 2012-03-05 23:30 57800 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-03-08 14:21 . 2012-03-05 23:30 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-03-08 14:21 . 2012-03-05 23:30 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2012-03-08 14:21 . 2012-03-05 23:30 120136 ----a-w- c:\windows\system32\ftbusui.dll
2012-03-05 23:31 . 2012-03-05 23:31 -------- d-----w- c:\users\Matt\{77a6c5bd-bb8b-4f28-a8af-ff1646d5108f}
2012-03-05 23:29 . 2012-03-05 23:29 -------- d-----w- c:\users\Matt\AppData\Local\Linea Research
2012-03-05 23:28 . 2012-03-05 23:28 -------- d-----w- c:\program files\Linea Research
2012-03-05 22:18 . 2012-03-05 22:18 -------- d-----w- c:\users\Matt\AppData\Local\MetaGeek,_LLC
2012-03-05 21:53 . 2012-03-05 21:53 -------- d-----w- c:\program files\MetaGeek
2012-02-23 21:23 . 2012-02-23 21:23 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-14 13:55 . 2012-02-14 13:55 -------- d-----w- c:\program files\Conduit
2012-02-14 13:55 . 2012-02-27 14:55 -------- d-----w- c:\users\Matt\AppData\Local\Conduit
2012-02-14 13:55 . 2012-02-14 13:55 -------- d-----w- c:\program files\uTorrent
2012-02-14 13:54 . 2012-02-14 14:13 -------- d-----w- c:\users\Matt\AppData\Roaming\uTorrent
2012-02-14 02:15 . 2012-03-09 11:14 -------- d-----w- c:\program files\Perfect Uninstaller
2012-02-14 00:14 . 2012-03-05 11:20 -------- d-----w- c:\users\Matt\AppData\Roaming\AVI ReComp
2012-02-13 23:55 . 2012-02-13 23:56 -------- d-----w- c:\program files\Xvid
2012-02-13 23:55 . 2012-02-13 23:56 -------- d-----w- c:\program files\AVI ReComp
2012-02-13 23:21 . 2012-02-13 23:21 -------- d-----w- c:\programdata\Sony
2012-02-13 23:12 . 2012-02-13 23:12 -------- d-----w- c:\users\Matt\AppData\Local\Seven Zip
2012-02-13 22:09 . 2012-02-13 22:09 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-13 21:29 . 2012-02-09 14:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-13 21:29 . 2012-02-09 14:13 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-13 21:28 . 2012-02-13 21:28 -------- d-----w- c:\users\Matt\AppData\Roaming\TuneUp Software
2012-02-13 21:28 . 2012-02-27 14:12 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-02-13 21:27 . 2012-02-13 21:29 -------- d-----w- c:\programdata\TuneUp Software
2012-02-13 21:27 . 2012-02-13 21:27 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-13 19:27 . 2012-02-13 22:17 -------- dc-h--w- c:\programdata\~1
2012-02-13 19:20 . 2012-02-13 20:31 -------- dc-h--w- c:\programdata\~0
2012-02-13 19:19 . 2012-02-13 19:19 -------- d-----w- c:\users\Matt\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2010-06-01 18:00 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2010-06-01 18:00 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2010-06-04 10:55 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2010-06-01 18:00 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-05 00:18 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-06-01 18:00 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-09 15:20 . 2010-05-03 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2010-04-22 177608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNDc0OTgyOTM5LUJBKzEtS1YzKzctWEwrMS1UMi1GUDkyKzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwQysxLUxJQys3&prod=90&ver=10.0.1209" [?]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2010-6-13 292296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-08-19 13:41 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-16 15:29 137536 ----atw- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-10-10 20:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-07-25 11:41 433360 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-25 13:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2007-05-07 18:28 589824 ----a-w- c:\program files\TightVNC\WinVNC.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RapportIaso
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
pdlnepkt
tcpipBM
aksfridge
CTSBLFX.DLL
kl1
SPFDRV
lvprcsrv
BCMTPM
upperdev
flashcomadmin
CdaC15BA
ood2000
SRS_SSCFilter
SiS7018
btnhnd
slave
gdrv
tosrfbd
SE26mgmt
AppnApi
neokdss
dpfusmgr
viairda
ccs
nvlddmkm
ppa3
SaiH040B
usbmate
wpshelper
oracle_load_balancer_60_client-forms6i
transcode360
symantecantibotshim
MSMQ
MRESP50a64
dlcq_device
sbpci
hnmsvc
wm
amdk77
i81x
vulfntrs
bc_filter
LUsbFilt
racsvc
ssm_mdfl
NPDriver
rsvp
PSDNServ
roxmediadb
NxSysMon
eloggersvc6
WUSB54Gv4SVC
Intels51
se2Cnd5
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
ezSharedSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000Core.job
- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 15:29]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000UA.job
- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 15:29]
.
2012-03-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-01 03:58]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 13:57]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 13:57]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-25 17:43]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-25 17:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DME-N Network Driver - c:\windows\system32\DME-N Network Driver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 14:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2137038764-2401171817-2744998963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*µŘ ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2137038764-2401171817-2744998963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*µŘ \OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2137038764-2401171817-2744998963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*µŘ ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4d,61,74,74,5c,44,6f,63,75,6d,65,6e,74,73,
5c,44,6f,77,6e,6c,6f,61,64,73,5c,50,69,6e,6b,56,69,73,75,61,6c,50,61,73,73,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4260)
c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\idrive\IDriveE Service.exe
c:\idrive\IDriveWebM.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-03-13 14:30:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 14:29
.
Pre-Run: 31,619,305,472 bytes free
Post-Run: 31,970,467,840 bytes free
.
- - End Of File - - 74B7B5A46098F2C978988E5FFF10211D


==================================================================


If I don't see any more threat pop-ups, can I assume my computer is safe? Can I go back to using my passwords etc? At one point during this ordeal I saw a file being removed by AVG that had "keylogger" as part of the filename. Is there a way of checking if there is one? I'm paranoid now!

I shall report if anything else goes wrong.

I really appreciate the help you have given me so far. Thank you thank you!

napio

#5 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 13 March 2012 - 12:33 PM

One thing that has happened is that my Xbox360 does not list my PC anymore... I have had this problem before but I was able to solve it pretty easily, now nothing works :(

Still no threat pop-ups though :)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:12 AM

Posted 13 March 2012 - 03:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 14 March 2012 - 08:22 AM

Thanks.

TDSSKiller report:


12:43:36.0905 4864 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
12:43:38.0908 4864 ============================================================
12:43:38.0908 4864 Current date / time: 2012/03/14 12:43:38.0908
12:43:38.0908 4864 SystemInfo:
12:43:38.0908 4864
12:43:38.0909 4864 OS Version: 6.0.6002 ServicePack: 2.0
12:43:38.0909 4864 Product type: Workstation
12:43:38.0909 4864 ComputerName: NAPIO-LAPTOP
12:43:38.0909 4864 UserName: Matt
12:43:38.0909 4864 Windows directory: C:\Windows
12:43:38.0909 4864 System windows directory: C:\Windows
12:43:38.0909 4864 Processor architecture: Intel x86
12:43:38.0909 4864 Number of processors: 2
12:43:38.0909 4864 Page size: 0x1000
12:43:38.0909 4864 Boot type: Normal boot
12:43:38.0909 4864 ============================================================
12:43:41.0340 4864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:43:41.0343 4864 \Device\Harddisk0\DR0:
12:43:41.0344 4864 MBR used
12:43:41.0344 4864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BDCA7F0
12:43:41.0344 4864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BDCB000, BlocksNum 0x13F9000
12:43:41.0409 4864 Initialize success
12:43:41.0409 4864 ============================================================
12:43:49.0572 5892 ============================================================
12:43:49.0572 5892 Scan started
12:43:49.0572 5892 Mode: Manual;
12:43:49.0572 5892 ============================================================
12:43:51.0900 5892 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:43:51.0914 5892 ACPI - ok
12:43:52.0014 5892 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:43:52.0036 5892 adp94xx - ok
12:43:52.0073 5892 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:43:52.0083 5892 adpahci - ok
12:43:52.0113 5892 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:43:52.0116 5892 adpu160m - ok
12:43:52.0129 5892 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:43:52.0136 5892 adpu320 - ok
12:43:52.0220 5892 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:43:52.0225 5892 AFD - ok
12:43:52.0262 5892 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:43:52.0287 5892 agp440 - ok
12:43:52.0333 5892 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:43:52.0336 5892 aic78xx - ok
12:43:52.0363 5892 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
12:43:52.0381 5892 aliide - ok
12:43:52.0420 5892 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:43:52.0422 5892 amdagp - ok
12:43:52.0452 5892 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
12:43:52.0454 5892 amdide - ok
12:43:52.0483 5892 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:43:52.0485 5892 AmdK7 - ok
12:43:52.0525 5892 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:43:52.0536 5892 AmdK8 - ok
12:43:52.0792 5892 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:43:52.0823 5892 arc - ok
12:43:52.0886 5892 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:43:52.0889 5892 arcsas - ok
12:43:52.0944 5892 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:43:52.0947 5892 AsyncMac - ok
12:43:52.0988 5892 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:43:52.0989 5892 atapi - ok
12:43:53.0049 5892 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
12:43:53.0084 5892 athr - ok
12:43:53.0205 5892 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:43:53.0209 5892 AVGIDSDriver - ok
12:43:53.0288 5892 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:43:53.0290 5892 AVGIDSEH - ok
12:43:53.0394 5892 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:43:53.0396 5892 AVGIDSFilter - ok
12:43:53.0432 5892 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
12:43:53.0434 5892 AVGIDSShim - ok
12:43:53.0482 5892 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
12:43:53.0488 5892 Avgldx86 - ok
12:43:53.0525 5892 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
12:43:53.0527 5892 Avgmfx86 - ok
12:43:53.0610 5892 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
12:43:53.0612 5892 Avgrkx86 - ok
12:43:53.0702 5892 Avgtdix (b67f4a0f9a174d1687c36a39329f5ad5) C:\Windows\system32\DRIVERS\avgtdix.sys
12:43:54.0124 5892 Avgtdix - ok
12:43:54.0457 5892 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:43:54.0459 5892 Beep - ok
12:43:54.0690 5892 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:43:54.0693 5892 blbdrive - ok
12:43:54.0809 5892 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:43:54.0812 5892 bowser - ok
12:43:54.0852 5892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:43:54.0855 5892 BrFiltLo - ok
12:43:54.0894 5892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:43:54.0896 5892 BrFiltUp - ok
12:43:54.0982 5892 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:43:54.0986 5892 Brserid - ok
12:43:55.0021 5892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:43:55.0024 5892 BrSerWdm - ok
12:43:55.0101 5892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:43:55.0103 5892 BrUsbMdm - ok
12:43:55.0197 5892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:43:55.0200 5892 BrUsbSer - ok
12:43:55.0251 5892 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:43:55.0254 5892 BTHMODEM - ok
12:43:55.0368 5892 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
12:43:55.0696 5892 BVRPMPR5 - ok
12:43:55.0742 5892 catchme - ok
12:43:55.0866 5892 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:43:55.0869 5892 cdfs - ok
12:43:55.0946 5892 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:43:55.0949 5892 cdrom - ok
12:43:55.0992 5892 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:43:55.0994 5892 circlass - ok
12:43:56.0043 5892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:43:56.0049 5892 CLFS - ok
12:43:56.0101 5892 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:43:56.0104 5892 CmBatt - ok
12:43:56.0198 5892 cmdGuard (22d54351b7a2c94814d00faa502ff381) C:\Windows\system32\DRIVERS\cmdguard.sys
12:43:56.0202 5892 cmdGuard - ok
12:43:56.0247 5892 cmdHlp (ffb59cad4be8c317624d40959a48a5db) C:\Windows\system32\DRIVERS\cmdhlp.sys
12:43:56.0249 5892 cmdHlp - ok
12:43:56.0275 5892 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
12:43:56.0277 5892 cmdide - ok
12:43:56.0314 5892 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:43:56.0319 5892 Compbatt - ok
12:43:56.0349 5892 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:43:56.0352 5892 crcdisk - ok
12:43:56.0379 5892 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:43:56.0381 5892 Crusoe - ok
12:43:56.0467 5892 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:43:56.0470 5892 DfsC - ok
12:43:56.0556 5892 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:43:56.0559 5892 disk - ok
12:43:56.0636 5892 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:43:56.0638 5892 drmkaud - ok
12:43:56.0733 5892 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:43:56.0744 5892 DXGKrnl - ok
12:43:56.0864 5892 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:43:56.0868 5892 E1G60 - ok
12:43:57.0072 5892 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:43:57.0076 5892 Ecache - ok
12:43:57.0203 5892 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:43:57.0256 5892 elxstor - ok
12:43:57.0375 5892 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:43:57.0378 5892 ErrDev - ok
12:43:57.0535 5892 esgiguard - ok
12:43:57.0643 5892 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:43:57.0648 5892 exfat - ok
12:43:57.0730 5892 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:43:57.0742 5892 fastfat - ok
12:43:57.0780 5892 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:43:57.0783 5892 fdc - ok
12:43:57.0849 5892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:43:57.0886 5892 FileInfo - ok
12:43:58.0045 5892 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:43:58.0049 5892 Filetrace - ok
12:43:58.0315 5892 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:43:58.0332 5892 flpydisk - ok
12:43:58.0474 5892 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:43:58.0546 5892 FltMgr - ok
12:43:58.0799 5892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:43:58.0802 5892 Fs_Rec - ok
12:43:58.0907 5892 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\ftdibus.sys
12:43:58.0910 5892 FTDIBUS - ok
12:43:58.0946 5892 FTSER2K (596d31583ce332b5514520d74837f434) C:\Windows\system32\drivers\ftser2k.sys
12:43:58.0955 5892 FTSER2K - ok
12:43:59.0002 5892 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:43:59.0005 5892 gagp30kx - ok
12:43:59.0076 5892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:43:59.0076 5892 GEARAspiWDM - ok
12:43:59.0136 5892 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
12:43:59.0140 5892 ggflt - ok
12:43:59.0180 5892 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
12:43:59.0182 5892 ggsemc - ok
12:43:59.0263 5892 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:43:59.0268 5892 HdAudAddService - ok
12:43:59.0321 5892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:43:59.0344 5892 HDAudBus - ok
12:43:59.0395 5892 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:43:59.0397 5892 HidBth - ok
12:43:59.0454 5892 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:43:59.0456 5892 HidIr - ok
12:43:59.0536 5892 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
12:43:59.0539 5892 HidUsb - ok
12:43:59.0643 5892 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:43:59.0663 5892 HpCISSs - ok
12:43:59.0729 5892 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:43:59.0732 5892 HpqKbFiltr - ok
12:43:59.0823 5892 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
12:43:59.0832 5892 HTTP - ok
12:43:59.0890 5892 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:43:59.0893 5892 i2omp - ok
12:43:59.0926 5892 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:43:59.0929 5892 i8042prt - ok
12:43:59.0995 5892 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:44:00.0001 5892 iaStorV - ok
12:44:00.0149 5892 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:44:00.0259 5892 igfx - ok
12:44:00.0344 5892 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:44:00.0347 5892 iirsp - ok
12:44:00.0429 5892 inspect (d9f7411dbc673dbcdf517192301c8530) C:\Windows\system32\DRIVERS\inspect.sys
12:44:00.0430 5892 inspect - ok
12:44:00.0472 5892 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
12:44:00.0476 5892 IntcHdmiAddService - ok
12:44:00.0505 5892 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
12:44:00.0508 5892 intelide - ok
12:44:00.0553 5892 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:44:00.0555 5892 intelppm - ok
12:44:00.0669 5892 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:44:00.0672 5892 IpFilterDriver - ok
12:44:00.0740 5892 IpInIp - ok
12:44:00.0788 5892 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:44:00.0791 5892 IPMIDRV - ok
12:44:00.0858 5892 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:44:00.0861 5892 IPNAT - ok
12:44:00.0897 5892 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:44:00.0899 5892 IRENUM - ok
12:44:00.0950 5892 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:44:00.0953 5892 isapnp - ok
12:44:01.0018 5892 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:44:01.0022 5892 iScsiPrt - ok
12:44:01.0075 5892 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:44:01.0078 5892 iteatapi - ok
12:44:01.0098 5892 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:44:01.0100 5892 iteraid - ok
12:44:01.0157 5892 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:44:01.0159 5892 kbdclass - ok
12:44:01.0223 5892 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:44:01.0239 5892 kbdhid - ok
12:44:01.0291 5892 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:44:01.0347 5892 KSecDD - ok
12:44:01.0503 5892 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
12:44:01.0506 5892 Lbd - ok
12:44:01.0565 5892 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:44:01.0568 5892 lltdio - ok
12:44:01.0662 5892 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:44:01.0665 5892 LSI_FC - ok
12:44:01.0703 5892 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:44:01.0706 5892 LSI_SAS - ok
12:44:01.0765 5892 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:44:01.0768 5892 LSI_SCSI - ok
12:44:01.0829 5892 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:44:01.0835 5892 luafv - ok
12:44:02.0002 5892 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
12:44:02.0004 5892 MBAMProtector - ok
12:44:02.0048 5892 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:44:02.0050 5892 megasas - ok
12:44:02.0074 5892 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:44:02.0085 5892 MegaSR - ok
12:44:02.0147 5892 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:44:02.0151 5892 Modem - ok
12:44:02.0186 5892 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:44:02.0188 5892 monitor - ok
12:44:02.0212 5892 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:44:02.0214 5892 mouclass - ok
12:44:02.0272 5892 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:44:02.0275 5892 mouhid - ok
12:44:02.0328 5892 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:44:02.0338 5892 MountMgr - ok
12:44:02.0349 5892 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:44:02.0349 5892 mpio - ok
12:44:02.0388 5892 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:44:02.0391 5892 mpsdrv - ok
12:44:02.0467 5892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:44:02.0469 5892 Mraid35x - ok
12:44:02.0528 5892 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:44:02.0532 5892 MRxDAV - ok
12:44:02.0603 5892 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:44:02.0614 5892 mrxsmb - ok
12:44:02.0661 5892 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:44:02.0666 5892 mrxsmb10 - ok
12:44:02.0687 5892 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:44:02.0712 5892 mrxsmb20 - ok
12:44:02.0760 5892 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
12:44:02.0762 5892 msahci - ok
12:44:02.0816 5892 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:44:02.0820 5892 msdsm - ok
12:44:02.0873 5892 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:44:02.0875 5892 Msfs - ok
12:44:02.0902 5892 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:44:02.0904 5892 msisadrv - ok
12:44:02.0986 5892 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:44:02.0989 5892 MSKSSRV - ok
12:44:03.0050 5892 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:44:03.0053 5892 MSPCLOCK - ok
12:44:03.0104 5892 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:44:03.0106 5892 MSPQM - ok
12:44:03.0172 5892 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:44:03.0177 5892 MsRPC - ok
12:44:03.0229 5892 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:44:03.0231 5892 mssmbios - ok
12:44:03.0274 5892 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:44:03.0277 5892 MSTEE - ok
12:44:03.0442 5892 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:44:03.0445 5892 Mup - ok
12:44:03.0506 5892 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:44:03.0510 5892 NativeWifiP - ok
12:44:03.0612 5892 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:44:03.0621 5892 NDIS - ok
12:44:03.0680 5892 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:44:03.0683 5892 NdisTapi - ok
12:44:03.0718 5892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:44:03.0720 5892 Ndisuio - ok
12:44:03.0841 5892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:44:03.0844 5892 NdisWan - ok
12:44:03.0893 5892 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:44:03.0896 5892 NDProxy - ok
12:44:03.0940 5892 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:44:03.0942 5892 NetBIOS - ok
12:44:04.0026 5892 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:44:04.0031 5892 netbt - ok
12:44:04.0311 5892 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
12:44:04.0389 5892 NETw3v32 - ok
12:44:04.0474 5892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:44:04.0474 5892 nfrd960 - ok
12:44:04.0570 5892 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:44:04.0573 5892 Npfs - ok
12:44:04.0623 5892 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:44:04.0625 5892 nsiproxy - ok
12:44:04.0709 5892 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:44:04.0764 5892 Ntfs - ok
12:44:04.0804 5892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:44:04.0806 5892 ntrigdigi - ok
12:44:04.0934 5892 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:44:04.0936 5892 Null - ok
12:44:05.0056 5892 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:44:05.0059 5892 nvraid - ok
12:44:05.0101 5892 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:44:05.0103 5892 nvstor - ok
12:44:05.0200 5892 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:44:05.0204 5892 nv_agp - ok
12:44:05.0241 5892 NwlnkFlt - ok
12:44:05.0280 5892 NwlnkFwd - ok
12:44:05.0386 5892 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
12:44:05.0389 5892 ohci1394 - ok
12:44:05.0536 5892 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:44:05.0539 5892 Parport - ok
12:44:05.0676 5892 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:44:05.0678 5892 partmgr - ok
12:44:05.0778 5892 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:44:05.0780 5892 Parvdm - ok
12:44:05.0993 5892 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:44:05.0997 5892 pci - ok
12:44:06.0220 5892 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
12:44:06.0253 5892 pciide - ok
12:44:06.0543 5892 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:44:06.0548 5892 pcmcia - ok
12:44:06.0894 5892 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:44:06.0949 5892 PEAUTH - ok
12:44:07.0144 5892 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
12:44:07.0632 5892 pnetmdm - ok
12:44:07.0835 5892 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:44:07.0856 5892 PptpMiniport - ok
12:44:07.0950 5892 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:44:07.0952 5892 Processor - ok
12:44:08.0221 5892 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:44:08.0224 5892 PSched - ok
12:44:08.0760 5892 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
12:44:08.0803 5892 PxHelp20 - ok
12:44:09.0827 5892 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:44:11.0057 5892 ql2300 - ok
12:44:11.0167 5892 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:44:11.0184 5892 ql40xx - ok
12:44:11.0610 5892 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:44:11.0631 5892 QWAVEdrv - ok
12:44:14.0027 5892 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
12:44:14.0149 5892 RapportCerberus_34302 - ok
12:44:14.0424 5892 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
12:44:14.0427 5892 RapportEI - ok
12:44:14.0593 5892 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
12:44:14.0595 5892 RapportIaso - ok
12:44:15.0295 5892 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
12:44:15.0322 5892 RapportKELL - ok
12:44:15.0490 5892 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
12:44:15.0494 5892 RapportPG - ok
12:44:15.0681 5892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:44:15.0683 5892 RasAcd - ok
12:44:15.0800 5892 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:44:15.0824 5892 Rasl2tp - ok
12:44:16.0372 5892 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:44:16.0375 5892 RasPppoe - ok
12:44:16.0484 5892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:44:16.0487 5892 RasSstp - ok
12:44:16.0995 5892 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:44:17.0093 5892 rdbss - ok
12:44:17.0753 5892 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:44:17.0775 5892 RDPCDD - ok
12:44:17.0860 5892 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:44:17.0892 5892 rdpdr - ok
12:44:17.0986 5892 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:44:18.0009 5892 RDPENCDD - ok
12:44:18.0344 5892 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:44:18.0349 5892 RDPWD - ok
12:44:18.0599 5892 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
12:44:18.0615 5892 ROOTMODEM - ok
12:44:18.0747 5892 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:44:18.0782 5892 rspndr - ok
12:44:19.0029 5892 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
12:44:19.0044 5892 RTL8169 - ok
12:44:19.0122 5892 RTSTOR (2b7da5a2d2c4aae01098d910007edac5) C:\Windows\system32\drivers\RTSTOR.SYS
12:44:19.0138 5892 RTSTOR - ok
12:44:19.0216 5892 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
12:44:19.0226 5892 s1018bus - ok
12:44:19.0276 5892 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
12:44:19.0276 5892 s1018mdfl - ok
12:44:20.0116 5892 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
12:44:20.0180 5892 s1018mdm - ok
12:44:20.0870 5892 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
12:44:20.0963 5892 s1018mgmt - ok
12:44:21.0444 5892 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
12:44:21.0493 5892 s1018nd5 - ok
12:44:22.0135 5892 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
12:44:22.0200 5892 s1018obex - ok
12:44:23.0176 5892 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
12:44:23.0195 5892 s1018unic - ok
12:44:24.0183 5892 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:44:24.0215 5892 sbp2port - ok
12:44:24.0674 5892 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
12:44:24.0725 5892 sdbus - ok
12:44:25.0037 5892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:44:25.0062 5892 secdrv - ok
12:44:25.0147 5892 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
12:44:25.0149 5892 seehcri - ok
12:44:25.0256 5892 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
12:44:25.0277 5892 Serenum - ok
12:44:25.0347 5892 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:44:25.0400 5892 Serial - ok
12:44:25.0509 5892 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:44:25.0528 5892 sermouse - ok
12:44:25.0643 5892 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:44:25.0667 5892 sffdisk - ok
12:44:25.0715 5892 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:44:25.0735 5892 sffp_mmc - ok
12:44:25.0792 5892 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:44:25.0798 5892 sffp_sd - ok
12:44:25.0840 5892 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:44:25.0879 5892 sfloppy - ok
12:44:25.0964 5892 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:44:25.0967 5892 sisagp - ok
12:44:26.0025 5892 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:44:26.0028 5892 SiSRaid2 - ok
12:44:26.0103 5892 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:44:26.0124 5892 SiSRaid4 - ok
12:44:26.0260 5892 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:44:26.0266 5892 Smb - ok
12:44:26.0666 5892 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:44:26.0670 5892 spldr - ok
12:44:26.0858 5892 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
12:44:26.0859 5892 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
12:44:26.0896 5892 sptd ( LockedFile.Multi.Generic ) - warning
12:44:26.0896 5892 sptd - detected LockedFile.Multi.Generic (1)
12:44:27.0203 5892 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:44:27.0256 5892 srv - ok
12:44:27.0569 5892 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:44:27.0610 5892 srv2 - ok
12:44:28.0597 5892 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:44:28.0615 5892 srvnet - ok
12:44:29.0415 5892 STHDA (e3c50b029bd08a35fc6a5f0b1cf5d300) C:\Windows\system32\DRIVERS\stwrt.sys
12:44:30.0101 5892 STHDA - ok
12:44:30.0627 5892 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:44:30.0646 5892 swenum - ok
12:44:30.0768 5892 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:44:30.0823 5892 Symc8xx - ok
12:44:31.0348 5892 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:44:31.0382 5892 Sym_hi - ok
12:44:31.0559 5892 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:44:31.0577 5892 Sym_u3 - ok
12:44:31.0768 5892 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
12:44:31.0845 5892 SynTP - ok
12:44:32.0932 5892 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:44:33.0562 5892 Tcpip - ok
12:44:33.0973 5892 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:44:33.0979 5892 Tcpip6 - ok
12:44:34.0553 5892 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:44:34.0553 5892 tcpipreg - ok
12:44:34.0924 5892 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:44:34.0952 5892 TDPIPE - ok
12:44:35.0253 5892 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:44:35.0289 5892 TDTCP - ok
12:44:35.0547 5892 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:44:35.0567 5892 tdx - ok
12:44:35.0695 5892 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:44:35.0717 5892 TermDD - ok
12:44:36.0111 5892 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:44:36.0173 5892 tssecsrv - ok
12:44:36.0548 5892 TuneUpUtilitiesDrv - ok
12:44:37.0133 5892 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:44:37.0164 5892 tunmp - ok
12:44:37.0300 5892 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:44:37.0421 5892 tunnel - ok
12:44:37.0479 5892 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:44:37.0499 5892 uagp35 - ok
12:44:37.0566 5892 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:44:37.0574 5892 udfs - ok
12:44:38.0312 5892 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:44:38.0341 5892 uliagpkx - ok
12:44:38.0562 5892 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:44:38.0608 5892 uliahci - ok
12:44:39.0143 5892 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:44:39.0195 5892 UlSata - ok
12:44:39.0575 5892 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:44:39.0600 5892 ulsata2 - ok
12:44:40.0030 5892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:44:40.0054 5892 umbus - ok
12:44:40.0509 5892 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:44:40.0555 5892 USBAAPL - ok
12:44:40.0900 5892 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:44:40.0920 5892 usbccgp - ok
12:44:41.0332 5892 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:44:41.0349 5892 usbcir - ok
12:44:42.0130 5892 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:44:42.0150 5892 usbehci - ok
12:44:42.0721 5892 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:44:42.0810 5892 usbhub - ok
12:44:43.0337 5892 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:44:43.0362 5892 usbohci - ok
12:44:43.0836 5892 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
12:44:43.0939 5892 usbprint - ok
12:44:44.0460 5892 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:44:44.0487 5892 USBSTOR - ok
12:44:44.0900 5892 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:44:44.0918 5892 usbuhci - ok
12:44:45.0293 5892 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:44:45.0308 5892 usbvideo - ok
12:44:45.0678 5892 USB_RNDIS (830d5d8456b822c1247c1e59b4c464fa) C:\Windows\system32\DRIVERS\usb8023.sys
12:44:45.0697 5892 USB_RNDIS - ok
12:44:46.0133 5892 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:44:46.0222 5892 vga - ok
12:44:46.0614 5892 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:44:46.0632 5892 VgaSave - ok
12:44:47.0239 5892 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:44:47.0260 5892 viaagp - ok
12:44:47.0591 5892 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:44:47.0634 5892 ViaC7 - ok
12:44:48.0320 5892 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
12:44:48.0363 5892 viaide - ok
12:44:49.0032 5892 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:44:49.0051 5892 volmgr - ok
12:44:49.0552 5892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:44:49.0843 5892 volmgrx - ok
12:44:50.0387 5892 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:44:50.0444 5892 volsnap - ok
12:44:50.0935 5892 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:44:50.0982 5892 vsmraid - ok
12:44:51.0527 5892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:44:51.0548 5892 WacomPen - ok
12:44:51.0890 5892 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:44:51.0913 5892 Wanarp - ok
12:44:51.0939 5892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:44:51.0941 5892 Wanarpv6 - ok
12:44:52.0456 5892 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:44:52.0502 5892 Wd - ok
12:44:53.0091 5892 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:44:53.0479 5892 Wdf01000 - ok
12:44:54.0479 5892 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
12:44:54.0488 5892 WinUSB - ok
12:44:54.0970 5892 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:44:54.0972 5892 WmiAcpi - ok
12:44:55.0753 5892 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:44:55.0788 5892 WpdUsb - ok
12:44:56.0236 5892 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:44:56.0268 5892 ws2ifsl - ok
12:44:56.0549 5892 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:44:56.0569 5892 WSDPrintDevice - ok
12:44:56.0937 5892 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:44:57.0190 5892 WUDFRd - ok
12:44:57.0891 5892 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
12:44:58.0113 5892 yukonwlh - ok
12:44:58.0248 5892 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
12:44:58.0319 5892 \Device\Harddisk0\DR0 - ok
12:44:58.0342 5892 Boot (0x1200) (2a67f60c7afe2140065037501e02ca07) \Device\Harddisk0\DR0\Partition0
12:44:58.0366 5892 \Device\Harddisk0\DR0\Partition0 - ok
12:44:58.0403 5892 Boot (0x1200) (611e90a878e7cb0ff8fd1c9e9540686c) \Device\Harddisk0\DR0\Partition1
12:44:58.0433 5892 \Device\Harddisk0\DR0\Partition1 - ok
12:44:58.0436 5892 ============================================================
12:44:58.0436 5892 Scan finished
12:44:58.0436 5892 ============================================================
12:44:58.0449 2988 Detected object count: 1
12:44:58.0449 2988 Actual detected object count: 1
12:45:16.0520 2988 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:45:16.0520 2988 sptd ( LockedFile.Multi.Generic ) - User select action: Skip




-------------------------------------------------------------------------------------------------------------------




aswMBR log:




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-14 13:12:49
-----------------------------
13:12:49.997 OS Version: Windows 6.0.6002 Service Pack 2
13:12:49.997 Number of processors: 2 586 0x170A
13:12:49.998 ComputerName: NAPIO-LAPTOP UserName: Matt
13:12:54.115 Initialize success
13:20:13.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:20:13.037 Disk 0 Vendor: ST9250827AS 3.AHC Size: 238475MB BusType: 3
13:20:13.068 Disk 0 MBR read successfully
13:20:13.068 Disk 0 MBR scan
13:20:13.084 Disk 0 unknown MBR code
13:20:13.084 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228244 MB offset 2048
13:20:13.094 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10226 MB offset 467447808
13:20:13.099 Disk 0 scanning sectors +488390656
13:20:13.140 Disk 0 scanning C:\Windows\system32\drivers
13:20:22.142 Service scanning
13:20:36.237 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:20:41.263 Modules scanning
13:21:06.462 Disk 0 trace - called modules:
13:21:06.487 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x88c8c1f8]<<
13:21:06.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f71418]
13:21:06.497 3 CLASSPNP.SYS[8650c8b3] -> nt!IofCallDriver -> [0x88d92c10]
13:21:06.502 5 acpi.sys[853b96bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x88cfab98]
13:21:06.506 \Driver\atapi[0x88d3e570] -> IRP_MJ_CREATE -> 0x88c8c1f8
13:21:06.511 Scan finished successfully
13:21:26.015 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
13:21:26.021 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBRlog.txt"


Thank you.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:12 AM

Posted 14 March 2012 - 08:28 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files\Conduit
c:\users\Matt\AppData\Local\Conduit

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 14 March 2012 - 11:35 AM

ComboFix 12-03-12.03 - Matt 14/03/2012 15:57:11.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2974.1910 [GMT 0:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\users\Matt\AppData\Local\Conduit
c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 16:10 . 2012-03-14 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 18:05 . 2012-03-13 18:05 -------- d-----w- c:\programdata\FixIt_62716EBA-D8BD-426C-B986-5069CEFB90D5
2012-03-13 17:57 . 2012-03-13 17:57 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2012-03-13 17:57 . 2012-03-13 17:57 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
2012-03-13 17:57 . 2012-03-13 17:57 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID
2012-03-13 17:57 . 2012-03-13 17:57 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
2012-03-13 17:57 . 2012-03-13 17:57 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO
2012-03-13 17:55 . 2012-03-13 17:57 -------- d-----w- c:\program files\Zune
2012-03-13 14:30 . 2012-03-14 16:15 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-03-13 03:34 . 2012-03-13 04:18 -------- d-----w- C:\sh4ldr
2012-03-13 03:34 . 2012-03-13 03:34 -------- d-----w- c:\program files\Enigma Software Group
2012-03-13 03:33 . 2012-03-13 04:18 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-13 03:33 . 2012-03-13 03:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-12 23:37 . 2012-03-13 03:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-12 21:46 . 2012-03-12 21:46 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-03-12 21:46 . 2012-03-12 21:46 -------- d-----w- c:\programdata\Malwarebytes
2012-03-12 21:46 . 2012-03-12 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-12 21:46 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 19:23 . 2012-03-12 19:23 -------- d-----w- C:\$AVG
2012-03-12 19:02 . 2012-03-13 13:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-12 18:58 . 2012-03-12 18:58 -------- d-----w- c:\users\Matt\AppData\Local\iCoolsoft Studio
2012-03-12 18:58 . 2012-03-12 18:58 -------- d-----w- c:\programdata\iCoolsoft Studio
2012-03-12 18:58 . 2012-03-12 18:58 -------- d-----w- c:\program files\iCoolsoft Studio
2012-03-12 18:34 . 2012-03-12 18:34 -------- d-----w- c:\program files\DSP-worx
2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-10 01:32 . 2012-03-10 01:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-09 15:21 . 2012-03-09 15:21 -------- d-----w- c:\program files\Common Files\Java
2012-03-08 14:21 . 2012-03-08 14:21 -------- d-----w- c:\program files\DIFX
2012-03-08 14:21 . 2012-03-05 23:30 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-03-08 14:21 . 2012-03-05 23:30 52552 ----a-w- c:\windows\system32\ftserui2.dll
2012-03-08 14:21 . 2012-03-05 23:30 57800 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-03-08 14:21 . 2012-03-05 23:30 197952 ----a-w- c:\windows\system32\FTLang.dll
2012-03-08 14:21 . 2012-03-05 23:30 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2012-03-08 14:21 . 2012-03-05 23:30 120136 ----a-w- c:\windows\system32\ftbusui.dll
2012-03-05 23:31 . 2012-03-05 23:31 -------- d-----w- c:\users\Matt\{77a6c5bd-bb8b-4f28-a8af-ff1646d5108f}
2012-03-05 23:29 . 2012-03-05 23:29 -------- d-----w- c:\users\Matt\AppData\Local\Linea Research
2012-03-05 23:28 . 2012-03-05 23:28 -------- d-----w- c:\program files\Linea Research
2012-03-05 22:18 . 2012-03-05 22:18 -------- d-----w- c:\users\Matt\AppData\Local\MetaGeek,_LLC
2012-03-05 21:53 . 2012-03-05 21:53 -------- d-----w- c:\program files\MetaGeek
2012-02-14 13:55 . 2012-02-14 13:55 -------- d-----w- c:\program files\uTorrent
2012-02-14 13:54 . 2012-02-14 14:13 -------- d-----w- c:\users\Matt\AppData\Roaming\uTorrent
2012-02-14 02:15 . 2012-03-09 11:14 -------- d-----w- c:\program files\Perfect Uninstaller
2012-02-14 00:14 . 2012-03-05 11:20 -------- d-----w- c:\users\Matt\AppData\Roaming\AVI ReComp
2012-02-13 23:55 . 2012-02-13 23:56 -------- d-----w- c:\program files\Xvid
2012-02-13 23:55 . 2012-02-13 23:56 -------- d-----w- c:\program files\AVI ReComp
2012-02-13 23:21 . 2012-02-13 23:21 -------- d-----w- c:\programdata\Sony
2012-02-13 23:12 . 2012-02-13 23:12 -------- d-----w- c:\users\Matt\AppData\Local\Seven Zip
2012-02-13 22:09 . 2012-02-13 22:09 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-13 21:29 . 2012-02-09 14:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-13 21:29 . 2012-02-09 14:13 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-13 21:28 . 2012-02-13 21:28 -------- d-----w- c:\users\Matt\AppData\Roaming\TuneUp Software
2012-02-13 21:28 . 2012-02-27 14:12 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-02-13 21:27 . 2012-02-13 21:29 -------- d-----w- c:\programdata\TuneUp Software
2012-02-13 21:27 . 2012-02-13 21:27 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-13 19:27 . 2012-02-13 22:17 -------- dc-h--w- c:\programdata\~1
2012-02-13 19:20 . 2012-02-13 20:31 -------- dc-h--w- c:\programdata\~0
2012-02-13 19:19 . 2012-02-13 19:19 -------- d-----w- c:\users\Matt\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2010-06-01 18:00 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2010-06-01 18:00 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2010-06-04 10:55 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2010-06-01 18:00 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-05 00:18 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-06-01 18:00 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-09 15:20 . 2010-05-03 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2011-12-14 . 17AF64D727545F2804F6E6D998327E3F . 680448 . . [7.0.6002.18551] . . c:\windows\System32\msvcrt.dll
[-] 2011-12-14 . 17AF64D727545F2804F6E6D998327E3F . 680448 . . [7.0.6002.18551] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18551_none_d306a7e69c340115\msvcrt.dll
[-] 2011-12-14 . A807F65718C263442F0C3613F9BFD267 . 680448 . . [7.0.6002.22755] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.22755_none_d39447bfb54e0362\msvcrt.dll
[7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll
[7] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
.
[-] 2011-12-15 . 2F56B044E8ED4FAA812A19A8DF2115EE . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23286_none_e50b123ed0f991a8\wininet.dll
[-] 2011-12-15 . DA7C58952F082AECABF775C83F913C6F . 916992 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll
[-] 2011-12-15 . DA7C58952F082AECABF775C83F913C6F . 916992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19190_none_e470a3cbb7e975c5\wininet.dll
[7] 2011-11-03 . 406EEBC1B3FE188DE9D6B3AFB3834E84 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23266_none_e520b216d0e959c6\wininet.dll
[7] 2011-11-03 . 4E45F092670EEE0563AA9E1A7C8A1217 . 916992 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19170_none_e48643a3b7d93de3\wininet.dll
[7] 2011-09-30 . DA000DE8EB63D54DCC206AA0699B9A52 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23250_none_e5258046d0e6a5cb\wininet.dll
[7] 2011-09-30 . 18F17E90657528C232B1944DEB4EC160 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19154_none_e49fe4a3b7c56b5d\wininet.dll
[7] 2011-07-23 . D2BA28C2B3CB7F2DBB5A5F92851B3F3F . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23216_none_e556c1b2d0c0ce11\wininet.dll
[7] 2011-07-23 . 8419DAE7205374F2CAA4C9CDBD0999E6 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19120_none_e4bc533fb7b0b22e\wininet.dll
[7] 2011-05-28 . E1E66EB05099B9DDCA178A9A00FCFF74 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23181_none_e5060ee6d0fe15ce\wininet.dll
[7] 2011-05-28 . DE4685DE5130039FA63DA66C0F72F787 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19088_none_e4837421b7da2765\wininet.dll
[7] 2011-02-22 . B3A938D522F085171387FEF112AEECF5 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23143_none_e5334f2ad0dbd8b8\wininet.dll
[7] 2011-02-22 . 047CDEFF94B63F0A4791372B47427B60 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19048_none_e4aeb3d1b7b9b7a1\wininet.dll
[7] 2010-12-18 . 7D6AACE6BF60B5A1D572E082DEC9F0F0 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23111_none_e551be5ad0c55237\wininet.dll
[7] 2010-12-18 . 74BCC23D622F32DA0450D164735ACAB1 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19019_none_e4d023dfb7a07d25\wininet.dll
[7] 2010-11-02 . D364DEB34DB229A4C1EFB1BC68F505C4 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23091_none_e4fb3d14d1063498\wininet.dll
[7] 2010-11-02 . 5681261BF2572F8776E1344DCB090C0B . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18999_none_e479cc5db7e1296b\wininet.dll
[7] 2010-09-08 . 6D4B5C39BB00A8BD98462664E73AC403 . 919552 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23067_none_e521ae94d0e878cf\wininet.dll
[7] 2010-09-08 . 545264F1F3AC5BD57B159EBBDC4FDC58 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18975_none_e48b6b0db7d48c2d\wininet.dll
[7] 2010-06-26 . F60F99762FABCD7F4B53A4A0EBAE3505 . 919040 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\wininet.dll
[7] 2010-06-26 . 78D42E00B5AB233F34116C0EF07F1BC9 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\wininet.dll
[7] 2010-05-04 . 9DF755B063C647A1CAEB17F3E2FDDE1D . 919040 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23019_none_e559bec4d0be1fc8\wininet.dll
[7] 2010-05-04 . F317362AEB06140E7FB1B29331FDC038 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18928_none_e4c47b87b7a94c7d\wininet.dll
[7] 2010-02-23 . 24427C9C96556887A2F161800F00B2DE . 919040 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22995_none_e4ff661ad10266b2\wininet.dll
[7] 2010-02-23 . EC3B3E6071E3FCD4290BFD42676EE064 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18904_none_e4d61a37b79caf3f\wininet.dll
[7] 2010-01-02 . 1DC5E46312CBA5C1614B3D3359DB09C5 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22973_none_e513055ed0f3fc22\wininet.dll
[7] 2010-01-02 . 91B8712BDC74295DA14A08F519B70D65 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18882_none_e47d985db7df5ef2\wininet.dll
[7] 2009-11-21 . 0B603B1B76FF6CA2D88B658A9ECC40E8 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22956_none_e52ba614d0e11045\wininet.dll
[7] 2009-11-21 . DCB9E422810877D7C4115BACE54B084C . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18865_none_e4963913b7cc7315\wininet.dll
[7] 2009-08-27 . D0DD9439DB3C927209CFFE095AA1F097 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22918_none_e558e658d0bed32f\wininet.dll
[7] 2009-08-27 . E3AB6EBE520E1898663B011D2FC0DF11 . 916480 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56\wininet.dll
[7] 2009-07-22 . E48ADF567FE3EFCC2EB88A2BE5E020CB . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\wininet.dll
[7] 2009-07-21 . 6206A2BF9741B31C258ACC51972AFCAA . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\wininet.dll
[7] 2009-05-12 . 4BEDA2520729640D927E09A51AB916C4 . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
[7] 2009-05-09 . D78B62CC91F043CED52F23F0085E7FE2 . 915456 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
[7] 2009-04-24 . D94BDEEF2E47EB4A46B957253C697F01 . 827392 . . [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16851_none_ffcda951a4d4204f\wininet.dll
[7] 2009-04-24 . 64EAF7CF461A15DB4EAEB1D50A10E88E . 827904 . . [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\wininet.dll
[7] 2009-04-24 . E7D90AF9B0C7FA98DF353E022EE1C63E . 828928 . . [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21046_none_0066ef9cbde5561d\wininet.dll
[7] 2009-04-24 . 77C60DD61D21777734B1C945540473A4 . 828416 . . [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22418_none_026fc85ebaf18fce\wininet.dll
[7] 2009-04-24 . 07DBFC0759F61E95901AF2B2D4E83451 . 828416 . . [7.00.6002.22121] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22121_none_04446854b8264f82\wininet.dll
[7] 2009-04-23 . 24CBE22F35941FBFD6144A5C011EA999 . 828416 . . [7.00.6002.18024] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18024_none_03bdcc679f05fbbd\wininet.dll
[7] 2009-04-11 . 8777B44511D8BCCF47B5A7CBDC02DE11 . 828416 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
[7] 2009-02-24 . F18C1B151A0B18C35BF0919A9BA0FA0F . 826368 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
[7] 2009-02-24 . 622FE627D15DD920238A993021F0A4D1 . 827904 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
[7] 2009-02-24 . 8F89FFECF6989DD7D9ECCEC6D95D7419 . 827392 . . [7.00.6001.18157] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
[7] 2009-02-24 . 4944C9FFE8903A276590D4215F74B937 . 827904 . . [7.00.6001.22288] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
[7] 2009-02-24 . DAEED2799D4D19F955C3E90B22A1E91E . 826368 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
[7] 2009-02-24 . F7FF1E0D443788D6AE4CBCA593530099 . 827392 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
[7] 2009-02-24 . 482BCCBF1FCBB3378100FF97081438C1 . 826880 . . [7.00.6001.18023] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
[7] 2009-02-24 . 4E962B645608E6EDB7D31B75921D07FA . 826880 . . [7.00.6001.22120] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
[7] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2010-04-22 177608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNDc0OTgyOTM5LUJBKzEtS1YzKzctWEwrMS1UMi1GUDkyKzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwQysxLUxJQys3&prod=90&ver=10.0.1209" [?]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2010-6-13 292296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-08-19 13:41 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-16 15:29 137536 ----atw- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 15:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-10-10 20:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-07-25 11:41 433360 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-25 13:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
2007-05-07 18:28 589824 ----a-w- c:\program files\TightVNC\WinVNC.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
pdlnepkt
tcpipBM
aksfridge
CTSBLFX.DLL
kl1
SPFDRV
lvprcsrv
BCMTPM
upperdev
flashcomadmin
CdaC15BA
ood2000
SRS_SSCFilter
SiS7018
btnhnd
slave
gdrv
tosrfbd
SE26mgmt
AppnApi
neokdss
dpfusmgr
viairda
ccs
nvlddmkm
ppa3
SaiH040B
usbmate
wpshelper
oracle_load_balancer_60_client-forms6i
transcode360
symantecantibotshim
MSMQ
MRESP50a64
dlcq_device
sbpci
hnmsvc
wm
amdk77
i81x
vulfntrs
bc_filter
LUsbFilt
racsvc
ssm_mdfl
NPDriver
rsvp
PSDNServ
roxmediadb
NxSysMon
eloggersvc6
WUSB54Gv4SVC
Intels51
se2Cnd5
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
ezSharedSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000Core.job
- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 15:29]
.
2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000UA.job
- c:\users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 15:29]
.
2012-03-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-01 03:58]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 13:57]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 13:57]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-25 17:43]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2137038764-2401171817-2744998963-1000UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-25 17:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2137038764-2401171817-2744998963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*µŘ ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2137038764-2401171817-2744998963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*µŘ \OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2137038764-2401171817-2744998963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*µŘ ]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4d,61,74,74,5c,44,6f,63,75,6d,65,6e,74,73,
5c,44,6f,77,6e,6c,6f,61,64,73,5c,50,69,6e,6b,56,69,73,75,61,6c,50,61,73,73,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5244)
c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\idrive\IDriveE Service.exe
c:\idrive\IDriveWebM.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\idrive\IDriveETray.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\idrive\IDriveEBackground.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Completion time: 2012-03-14 16:26:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-14 16:26
ComboFix2.txt 2012-03-13 14:30
.
Pre-Run: 30,316,113,920 bytes free
Post-Run: 30,314,704,896 bytes free
.
- - End Of File - - F1ACD6A439BCEF5E746427D74BFFBA8D


I had a crypt virus threat detected whilst combofix was running, but that was before any reboots so don't know if it's a separate incident or if it was combofix doing something...

Thanks.

#10 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 14 March 2012 - 02:07 PM

Oh, and the computer seems to be running fine but my Xbox still doesn't see the computer. All the necessary services are running and both are connected to the same network...

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:12 AM

Posted 14 March 2012 - 04:36 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 14 March 2012 - 04:43 PM

Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Atheros Driver Installation Program
Avanquest update
AVG 2012
AVI ReComp 1.5.3
AviSynth 2.5
Band Manager
BBC iPlayer Desktop
BitTorrent
Brother HL-5370DW
Chronotron Plug-in for Winamp/WMP 9 (remove only)
Clone2Go Video Converter Professional 1.9.1
COMODO Internet Security
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
DC-Bass Source 1.1.1
Dropbox
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
EASE Focus 2
ESU for Microsoft Vista
Facebook Video Calling 1.1.1.1
Free CD Music Converter 10
Free Download Manager 3.0
Google Chrome
Google Talk Plugin
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 M1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0138
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
iCoolsoft Total Video Converter 5.0.6
ID3-TagIT 3
IDrive version 3.3.3 June 02, 2010
IDT Audio
inSSIDer
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 31
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.60.1.1000
Media Go
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Picasa 3
PlayStation®Network Downloader
PlayStation®Store
PodWare
Power2Go
PowerDirector
PrimoPDF -- by Nitro PDF Software
QuickTime
Rapport
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
REAPER
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SIA SmaartLive v5.4.0.0
Skype™ 5.5
SonicStage 4.3
Sony Ericsson PC Companion 2.01.231
Sony Ericsson PC Suite 6.009.00
Sony Ericsson Update Engine
SoulSeek 157 NS 13e
Spotify
Synaptics Pointing Device Driver
TightVNC 1.3.9
TuneUp Utilities Language Pack (en-US)
UltraVNC Viewer
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC 9.0 Runtime
VENUE D-Show
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
VobSub 2.23
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Sync
Windows Live Upload Tool
Windows Mobile Device Updater Component
WinRAR archiver
Xvid 1.3.0
Yamaha LS9 Editor
Yamaha M7CL V3 Editor
Yamaha Studio Manager
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:12 AM

Posted 14 March 2012 - 05:08 PM

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 napio

napio
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 14 March 2012 - 06:03 PM

mbam log:


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Matt :: NAPIO-LAPTOP [administrator]

Protection: Disabled

14/03/2012 22:32:46
mbam-log-2012-03-14 (22-32-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201143
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


-------------------------------------------------------------

HijackThis log:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:00:27, on 14/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19190)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\IDrive\IDriveETray.exe
C:\IDrive\IDriveEBackground.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\IDrive\IDriveEClsClient.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNDc0OTgyOTM5LUJBKzEtS1YzKzctWEwrMS1UMi1GUDkyKzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwQysxLUxJQys3"&"prod=90"&"ver=10.0.1209
O4 - HKCU\..\Run: [IDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS10\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS11\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS12\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS13\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS14\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS15\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS16\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS17\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS18\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS19\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS20\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS21\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS28\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS29\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS30\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS31\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS33\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS35\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS36\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS37\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS38\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS39\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS40\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS41\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS42\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS43\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS44\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS45\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS46\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS47\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS48\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS49\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS50\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS51\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS53\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS54\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS55\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS56\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS57\Services\Tcpip\..\{52029D9B-B174-4A31-9A6F-BFB61693AC8D}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate1ca0d2ff068934c) (gupdate1ca0d2ff068934c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\IDrive\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IDrive WebManager (IDriveWebM) - Pro-Softnet - C:\IDrive\IDriveWebM.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 16195 bytes


------------------------------------------------------

When I tried to install HijackThis I got a BSOD when it finished. Rebooted then installed again and was fine.

Computer works fine but still not discoverable on Xbox...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:12 AM

Posted 14 March 2012 - 10:34 PM

Greetings

The problem with the XBox most likely you will have to ask in the network forum

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)



NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users