Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another google redirect problem.


  • This topic is locked This topic is locked
30 replies to this topic

#1 thepandoraeffect

thepandoraeffect

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 March 2012 - 11:01 PM

This started about two days ago, after I got the System Check malware (which was removed thanks to Malware Bytes and Ad-Aware). Basically speaking, what happens is that I use Google, and the suggestions list doesn't show up, and when I do a hard search, I have to click on links a few times to get them to go through; otherwise, it just refreshes the page. I can see it -trying- to redirect me to another random search page, and when it first started happening, those went through, but now, all it does is redirect. This problem is very frustrating, so I appreciate any help you can give me on the situation.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 15 March 2012 - 02:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 March 2012 - 03:11 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Arden at 2:46:25 on 2012-03-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.3195 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\ASUS\AI Manager\AIManager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
F:\steam\Steam.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Arden\AppData\Local\Apps\2.0\NDB270D2.WMZ\0G2JCB22.YKV\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\ASUS\AASP\1.00.97\aaCenter.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mumble\mumble.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
F:\RIFT Game\rift.exe
F:\RIFT Game\rifterrorhandler.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wowhead.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Steam] "F:\steam\Steam.exe" -silent
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Arden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Arden\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{13DCC42D-73E2-424B-961E-61597FB3D3D7} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Arden\AppData\Roaming\Mozilla\Firefox\Profiles\q7skxldj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2009-11-13 196608]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-8 2358656]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-15 17152]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-14 652360]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\E206.tmp --> C:\Windows\system32\E206.tmp [?]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-15 03:50:01 388096 ----a-r- C:\Users\Arden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-15 03:50:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-03-15 03:45:52 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2012-03-15 03:16:56 6144 ------w- C:\Windows\System32\E206.tmp
2012-03-15 03:15:50 6144 ------w- C:\Windows\System32\DF76.tmp
2012-03-15 03:15:40 -------- d-----w- C:\Program Files (x86)\Sophos
2012-03-15 01:10:07 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-15 01:01:36 -------- d-----w- C:\ComboFix
2012-03-14 23:28:06 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2012-03-14 18:02:02 -------- d-----w- C:\Users\Arden\AppData\Roaming\RotMG.Production
2012-03-14 17:48:49 -------- d-----w- C:\Users\Arden\AppData\Roaming\SUPERAntiSpyware.com
2012-03-14 17:48:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-13 17:20:37 -------- d-----w- C:\Users\Arden\AppData\Roaming\Malwarebytes
2012-03-13 17:20:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-13 17:20:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-10 16:18:29 -------- d-----w- C:\Users\Arden\AppData\Roaming\calibre
2012-03-10 16:18:10 -------- d-----w- C:\Program Files (x86)\Calibre2
2012-03-07 14:06:40 53248 ----a-r- C:\Users\Arden\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-07 14:06:32 -------- d-----w- C:\Users\Arden\AppData\Local\Logishrd
2012-03-07 14:01:03 -------- d-----w- C:\Users\Arden\AppData\Roaming\Logishrd
2012-03-07 13:51:12 93696 ----a-w- C:\Windows\System32\Lycosa.cpl
2012-03-07 13:51:12 6656 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys
2012-03-07 13:51:11 65536 ----a-w- C:\Windows\SysWow64\Lycosa.cpl
2012-03-07 13:51:11 28928 ----a-w- C:\Windows\System32\drivers\Lycosa.sys
2012-03-07 13:51:11 13312 ----a-w- C:\Windows\System32\drivers\VKbms.sys
2012-03-07 13:47:26 -------- d-----w- C:\Users\Arden\AppData\Local\Razer
2012-03-02 23:00:40 -------- d-----w- C:\Windows\SysWow64\directx
2012-03-02 23:00:25 -------- d-----w- C:\Users\Arden\AppData\Roaming\RIFT
.
==================== Find3M ====================
.
2012-03-15 01:09:55 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-12 15:34:24 74240 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2012-01-11 04:43:30 167704 ----a-w- C:\Windows\System32\igfxtray.exe
2012-01-11 04:43:28 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-01-11 04:43:26 417560 ----a-w- C:\Windows\System32\igfxpers.exe
2012-01-11 04:43:20 239896 ----a-w- C:\Windows\System32\igfxext.exe
2012-01-11 04:43:08 4379416 ----a-w- C:\Windows\System32\GfxUI.exe
2012-01-11 04:43:08 392984 ----a-w- C:\Windows\System32\hkcmd.exe
2012-01-11 04:43:06 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-01-11 04:37:38 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2622.dll
2012-01-11 04:28:32 8313856 ----a-w- C:\Windows\System32\igdumd64.dll
2012-01-11 04:28:18 12311904 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-01-11 04:18:36 6323712 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-01-11 04:12:26 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2012-01-11 04:06:22 9528832 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-01-11 03:55:08 7988224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-01-11 03:42:26 18653696 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-01-11 03:29:54 13904384 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-01-11 03:19:58 378368 ----a-w- C:\Windows\System32\igfxTMM.dll
2012-01-11 03:19:52 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-01-11 03:19:42 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-01-11 03:19:14 110080 ----a-w- C:\Windows\System32\hccutils.dll
2012-01-11 03:19:06 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-01-11 03:19:06 390656 ----a-w- C:\Windows\System32\igfxdev.dll
2012-01-11 03:19:06 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-01-11 03:18:36 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-01-11 03:18:32 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2012-01-11 03:18:32 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-01-11 03:15:16 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-01-11 03:14:34 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-01-11 03:12:12 2177536 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-01-11 03:12:12 171520 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12:12 1663488 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12:12 148480 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2011-12-29 22:48:48 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-29 22:48:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
.
============= FINISH: 2:54:33.17 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2010 11:14:57 PM
System Uptime: 3/14/2012 10:47:14 PM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CG5275
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | LGA1156 |

3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 373 GiB total, 221.806 GiB free.
D: is FIXED (NTFS) - 551 GiB total, 550.78 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 100.491 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP296: 3/13/2012 8:35:27 AM - Installed Java™ 6 Update 31
RP297: 3/13/2012 12:53:21 PM - avast! Internet Security Setup
RP298: 3/14/2012 10:52:02 AM - Windows Update
RP299: 3/14/2012 3:53:42 PM - Restore Operation
RP300: 3/14/2012 8:09:04 PM - Installed Java™ 6 Update 31
RP301: 3/14/2012 9:48:42 PM - avast! Internet Security Setup
RP302: 3/14/2012 10:49:24 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
AI Manager
AIM 7
Apple Application Support
Apple Software Update
ASUSUpdate
Bandisoft MPEG-1 Decoder
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
calibre
CamStudio OSS Desktop Recorder
CMUD 2.37
Curse Client
DAEMON Tools Lite
Diagnostic Utility
DivX Setup
Download Updater (AOL LLC)
eMule
EPU-4 Engine
eReg
Free FLV Converter V 6.98.0
Google Update Helper
Gtk+ Runtime Environment 2.12.9-2
GTK2-Runtime
HiJackThis
Intel® Control Center
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
jZip
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
Mumble 1.2.3
MUSHclient (remove only)
Nexon Game Manager
Octoshape add-in for Adobe Flash Player
QuickTime
Razer Lycosa
Razer Naga
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
RIFT
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit

Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-

Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-

Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
Sophos Anti-Rootkit 1.5.20
Steam
Super Mario Bros. X version 1.3
System Requirements Lab
TeamViewer 6
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Veoh Web Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
zeldascreen Screen Saver
zMUD 7.21.0.0
.
==== Event Viewer Messages From Past Week ========
.
3/14/2012 9:46:01 PM, Error: Service Control Manager [7009] - A

timeout was reached (30000 milliseconds) while waiting for the Steam

Client Service service to connect.
3/14/2012 9:46:01 PM, Error: Service Control Manager [7000] - The

Steam Client Service service failed to start due to the following

error: The service did not respond to the start or control request in

a timely fashion.
3/14/2012 9:45:58 PM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: aswSnx
3/14/2012 9:45:50 PM, Error: Service Control Manager [7022] - The

avast! Antivirus service hung on starting.
3/14/2012 9:28:38 PM, Error: Service Control Manager [7001] - The

Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: The

dependency service or group failed to start.
3/14/2012 9:28:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]

- DCOM got error "1084" attempting to start the service WSearch with

arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-

505054503030}
3/14/2012 9:28:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]

- DCOM got error "1084" attempting to start the service WSearch with

arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-

5C22C517CE39}
3/14/2012 9:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]

- DCOM got error "1068" attempting to start the service netprofm with

arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-

001185AD2B89}
3/14/2012 9:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]

- DCOM got error "1068" attempting to start the service netman with

arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-

00805FC1270E}
3/14/2012 9:28:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]

- DCOM got error "1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-

B726-00C04FB926AF}
3/14/2012 9:28:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]

- DCOM got error "1084" attempting to start the service

ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
3/14/2012 9:28:21 PM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: AFD

AsIO AsUpIO aswFW aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS

NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
3/14/2012 9:28:21 PM, Error: Service Control Manager [7001] - The

Workstation service depends on the Network Store Interface Service

service which failed to start because of the following error: The

dependency service or group failed to start.
3/14/2012 9:28:21 PM, Error: Service Control Manager [7001] - The SMB

MiniRedirector Wrapper and Engine service depends on the Redirected

Buffering Sub Sysytem service which failed to start because of the

following error: A device attached to the system is not functioning.
3/14/2012 9:28:21 PM, Error: Service Control Manager [7001] - The SMB

2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper

and Engine service which failed to start because of the following

error: The dependency service or group failed to start.
3/14/2012 9:28:21 PM, Error: Service Control Manager [7001] - The SMB

1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper

and Engine service which failed to start because of the following

error: The dependency service or group failed to start.
3/14/2012 9:28:21 PM, Error: Service Control Manager [7001] - The

Network Location Awareness service depends on the Network Store

Interface Service service which failed to start because of the

following error: The dependency service or group failed to start.
3/14/2012 9:28:21 PM, Error: Service Control Manager [7001] - The IP

Helper service depends on the Network Store Interface Service service

which failed to start because of the following error: The dependency

service or group failed to start.
3/14/2012 9:28:17 PM, Error: Service Control Manager [7001] - The

TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver

for Winsock service which failed to start because of the following

error: A device attached to the system is not functioning.
3/14/2012 9:28:17 PM, Error: Service Control Manager [7001] - The

Network Store Interface Service service depends on the NSI proxy

service driver. service which failed to start because of the following

error: A device attached to the system is not functioning.
3/14/2012 9:28:17 PM, Error: Service Control Manager [7001] - The DNS

Client service depends on the NetIO Legacy TDI Support Driver service

which failed to start because of the following error: A device

attached to the system is not functioning.
3/14/2012 9:28:17 PM, Error: Service Control Manager [7001] - The

DHCP Client service depends on the Ancillary Function Driver for

Winsock service which failed to start because of the following error:

A device attached to the system is not functioning.
3/14/2012 9:23:50 PM, Error: Disk [11] - The driver detected a

controller error on \Device\Harddisk1\DR1.
3/14/2012 7:58:47 PM, Error: Service Control Manager [7001] - The

Computer Browser service depends on the Server service which failed to

start because of the following error: The dependency service or group

failed to start.
3/14/2012 6:58:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]

- DCOM got error "1084" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-

DB1CBF673334}
3/14/2012 6:45:55 PM, Error: Service Control Manager [7001] - The

HomeGroup Provider service depends on the Function Discovery Provider

Host service which failed to start because of the following error:

The dependency service or group failed to start.
3/14/2012 6:45:29 PM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: AsIO

AsUpIO aswSnx aswSP aswTdi discache spldr Wanarpv6
3/14/2012 6:40:31 PM, Error: Service Control Manager [7000] - The

Apple Mobile Device service failed to start due to the following

error: The pipe has been ended.
3/14/2012 6:40:27 PM, Error: Service Control Manager [7038] - The

Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the

currently configured password due to the following error: The request

is not supported. To ensure that the service is configured properly,

use the Services snap-in in Microsoft Management Console (MMC).
3/14/2012 6:40:27 PM, Error: Service Control Manager [7038] - The

LanmanWorkstation service was unable to log on as NT AUTHORITY

\NetworkService with the currently configured password due to the

following error: The request is not supported. To ensure that the

service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).
3/14/2012 6:40:27 PM, Error: Service Control Manager [7038] - The BFE

service was unable to log on as NT AUTHORITY\LocalService with the

currently configured password due to the following error: The request

is not supported. To ensure that the service is configured properly,

use the Services snap-in in Microsoft Management Console (MMC).
3/14/2012 6:40:27 PM, Error: Service Control Manager [7001] - The

Windows Firewall service depends on the Base Filtering Engine service

which failed to start because of the following error: The service did

not start due to a logon failure.
3/14/2012 6:40:27 PM, Error: Service Control Manager [7000] - The

Workstation service failed to start due to the following error: The

service did not start due to a logon failure.
3/14/2012 6:40:27 PM, Error: Service Control Manager [7000] - The

Task Scheduler service failed to start due to the following error: A

system shutdown is in progress.
3/14/2012 6:40:27 PM, Error: Service Control Manager [7000] - The

Print Spooler service failed to start due to the following error: The

service did not start due to a logon failure.
3/14/2012 6:40:27 PM, Error: Service Control Manager [7000] - The

Base Filtering Engine service failed to start due to the following

error: The service did not start due to a logon failure.
3/14/2012 6:40:20 PM, Error: Service Control Manager [7043] - The

Group Policy Client service did not shut down properly after receiving

a preshutdown control.
3/14/2012 3:55:05 PM, Error: Service Control Manager [7023] - The

Peer Name Resolution Protocol service terminated with the following

error: Access is denied.
3/14/2012 3:55:05 PM, Error: Service Control Manager [7001] - The

Peer Networking Grouping service depends on the Peer Name Resolution

Protocol service which failed to start because of the following error:

Access is denied.
3/14/2012 3:55:05 PM, Error: Microsoft-Windows-PNRPSvc [102] - The

Peer Name Resolution Protocol cloud did not start because the creation

of the default identity failed with error code: 0x80070005.
3/14/2012 10:50:07 PM, Error: Service Control Manager [7001] - The

MBAMService service depends on the MBAMProtector service which failed

to start because of the following error: The system cannot find the

file specified.
3/14/2012 10:50:07 PM, Error: Service Control Manager [7000] - The

MBAMProtector service failed to start due to the following error: The

system cannot find the file specified.
3/14/2012 10:48:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14346]

- A new media server was not initialized because

RegisterRunningDevice() encountered error '0x80070005'. Restart your

computer, and then restart the WMPNetworkSvc service.
3/14/2012 10:47:57 PM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load:

SAVRKBootTasks
3/14/2012 10:47:50 PM, Error: Service Control Manager [7023] - The

Windows Defender service terminated with the following error: The

specified module could not be found.
3/14/2012 10:45:04 PM, Error: Service Control Manager [7000] - The

MEMSWEEP2 service failed to start due to the following error: This

driver has been blocked from loading
3/14/2012 10:45:04 PM, Error: Application Popup [1060] - \??\C:

\Windows\system32\E206.tmp has been blocked from loading due to

incompatibility with this system. Please contact your software vendor

for a compatible version of the driver.
3/14/2012 10:29:26 PM, Error: Disk [11] - The driver detected a

controller error on \Device\Harddisk2\DR2.
3/14/2012 10:15:50 PM, Error: Application Popup [1060] - \??\C:

\Windows\system32\DF76.tmp has been blocked from loading due to

incompatibility with this system. Please contact your software vendor

for a compatible version of the driver.
3/13/2012 8:29:24 AM, Error: Microsoft-Windows-WER-

SystemErrorReporting [1001] - The computer has rebooted from a

bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003,

0xfffffa8007006a00, 0xfffff80000b9c518, 0xfffffa8007498390). A dump

was saved in: C:\Windows\MEMORY.DMP. Report Id: 031312-19032-01.
3/13/2012 1:42:43 PM, Error: Service Control Manager [7030] - The

PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This

service may not function properly.
3/13/2012 1:38:53 PM, Error: Application Popup [1060] - \??\C:

\ComboFix\catchme.sys has been blocked from loading due to

incompatibility with this system. Please contact your software vendor

for a compatible version of the driver.
.
==== End Of File ===========================




I'm pretty sure I did that right. If not, let me know and I'll try again.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 15 March 2012 - 03:19 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 March 2012 - 09:55 AM

ComboFix 12-03-14.01 - Arden 03/15/2012 5:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.6056 [GMT -5:00]
Running from: c:\users\Arden\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Arden\AppData\Local\djyh.exe
c:\users\Arden\AppData\Local\gxri.exe
c:\users\Arden\AppData\Local\jfwj.exe
c:\users\Arden\AppData\Local\rwkl.exe
c:\windows\SysWow64\config.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 10:42 . 2012-03-15 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-15 10:42 . 2012-03-15 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 03:50 . 2012-03-15 03:50 388096 ----a-r- c:\users\Arden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-15 03:50 . 2012-03-15 03:50 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-15 03:45 . 2011-05-12 19:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-03-15 03:16 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\E206.tmp
2012-03-15 03:15 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\DF76.tmp
2012-03-15 03:15 . 2012-03-15 03:15 -------- d-----w- c:\program files (x86)\Sophos
2012-03-15 01:10 . 2012-03-15 01:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-15 01:10 . 2012-03-15 01:09 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-14 23:28 . 2012-03-14 23:28 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-03-14 18:02 . 2012-03-14 18:02 -------- d-----w- c:\users\Arden\AppData\Roaming\RotMG.Production
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- c:\users\Arden\AppData\Roaming\SUPERAntiSpyware.com
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-13 17:20 . 2012-03-13 17:20 -------- d-----w- c:\users\Arden\AppData\Roaming\Malwarebytes
2012-03-13 17:20 . 2012-03-14 23:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 17:20 . 2012-03-13 17:20 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 16:18 . 2012-03-10 16:18 -------- d-----w- c:\users\Arden\AppData\Roaming\calibre
2012-03-10 16:18 . 2012-03-14 21:15 -------- d-----w- c:\program files (x86)\Calibre2
2012-03-07 14:06 . 2012-03-14 21:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-07 14:06 . 2012-03-07 14:06 53248 ----a-r- c:\users\Arden\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-07 14:06 . 2012-03-07 14:06 -------- d-----w- c:\users\Arden\AppData\Roaming\Leadertech
2012-03-07 14:06 . 2012-03-07 14:06 -------- d-----w- c:\users\Arden\AppData\Local\Logishrd
2012-03-07 14:05 . 2012-03-14 21:02 -------- d-----w- c:\programdata\Logishrd
2012-03-07 14:05 . 2012-03-07 14:07 -------- d-----w- c:\program files\Common Files\Logishrd
2012-03-07 14:01 . 2012-03-07 14:01 -------- d-----w- c:\users\Arden\AppData\Roaming\Logishrd
2012-03-07 13:51 . 2010-09-30 02:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2012-03-07 13:51 . 2007-09-28 00:07 93696 ----a-w- c:\windows\system32\Lycosa.cpl
2012-03-07 13:51 . 2010-10-01 06:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2012-03-07 13:51 . 2010-09-08 17:01 28928 ----a-w- c:\windows\system32\drivers\Lycosa.sys
2012-03-07 13:51 . 2007-09-28 01:44 65536 ----a-w- c:\windows\SysWow64\Lycosa.cpl
2012-03-07 13:50 . 2012-03-07 13:50 -------- d-----w- c:\users\Arden\AppData\Roaming\InstallShield
2012-03-07 13:47 . 2012-03-14 21:02 -------- d-----w- c:\programdata\Razer
2012-03-07 13:47 . 2012-03-07 13:58 -------- d-----w- c:\users\Arden\AppData\Local\Razer
2012-03-02 23:00 . 2012-03-14 21:16 -------- d-----w- c:\users\Arden\AppData\Roaming\RIFT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 01:09 . 2011-07-04 21:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-14 23:20 . 2012-01-14 23:20 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-01-14 23:20 . 2012-01-14 23:20 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-14 23:20 . 2012-01-14 23:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-12 15:34 . 2012-01-12 15:34 74240 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-01-11 04:43 . 2012-01-11 04:43 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-01-11 04:43 . 2012-01-11 04:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-01-11 04:43 . 2012-01-11 04:43 417560 ----a-w- c:\windows\system32\igfxpers.exe
2012-01-11 04:43 . 2012-01-11 04:43 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-01-11 04:43 . 2012-01-11 04:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-01-11 04:43 . 2012-01-11 04:43 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-01-11 04:43 . 2012-01-11 04:43 184600 ----a-w- c:\windows\system32\difx64.exe
2012-01-11 04:37 . 2012-01-11 04:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2012-01-11 04:28 . 2011-09-01 01:53 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-01-11 04:28 . 2012-01-11 04:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-01-11 04:18 . 2009-11-13 17:54 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-01-11 04:12 . 2009-11-13 17:54 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-01-11 04:06 . 2009-11-13 17:54 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-01-11 03:55 . 2011-09-01 01:37 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-01-11 03:42 . 2012-01-11 03:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-01-11 03:29 . 2012-01-11 03:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-01-11 03:20 . 2012-01-11 03:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-01-11 03:20 . 2012-01-11 03:20 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-01-11 03:19 . 2012-01-11 03:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-01-11 03:19 . 2012-01-11 03:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-01-11 03:19 . 2009-11-13 17:54 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-01-11 03:19 . 2009-11-13 17:54 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-01-11 03:19 . 2012-01-11 03:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-01-11 03:19 . 2012-01-11 03:19 390656 ----a-w- c:\windows\system32\igfxdev.dll
2012-01-11 03:19 . 2012-01-11 03:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-01-11 03:18 . 2012-01-11 03:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-01-11 03:18 . 2012-01-11 03:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-01-11 03:18 . 2009-11-13 17:54 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-01-11 03:15 . 2012-01-11 03:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-01-11 03:14 . 2012-01-11 03:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-01-11 03:12 . 2012-01-11 03:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-01-11 03:12 . 2012-01-11 03:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12 . 2012-01-11 03:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12 . 2012-01-11 03:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
2011-12-29 22:48 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-29 22:48 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\steam\Steam.exe" [2012-03-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-08-20 225280]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Arden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-8 0]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E206.tmp [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-08-20 196608]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-16 2152152]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 07:18]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:28]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.wowhead.com/
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Arden\AppData\Roaming\Mozilla\Firefox\Profiles\q7skxldj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E206.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\06\0c\00:$?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-15 06:03:54
ComboFix-quarantined-files.txt 2012-03-15 11:03
ComboFix2.txt 2012-03-13 19:03
.
Pre-Run: 238,059,761,664 bytes free
Post-Run: 238,089,195,520 bytes free
.
- - End Of File - - 3DDB37ACCEA67AB5B7CAC51570252AD9



The redirect and annoying windows are still appearing, so the problem remains after ComboFix was run.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 15 March 2012 - 01:04 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 March 2012 - 02:56 PM

Neither of those programs will run. I can download them fine, but when I try to run them, nothing happens. I tried renaming them to different things, too, but it's still not running.

#8 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 March 2012 - 03:46 PM

Also, explorer.exe has stopped responding and needed to be restarted a few times now. Not sure if it's a symptom, but I'm fairly sure it is, so letting you know in any case. Thanks for the time you're putting in helping me with this, by the way. It's extremely appreciated.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 15 March 2012 - 06:31 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 March 2012 - 06:56 PM

fixTDSS said it repaired the infected MBR, I restarted like you said, then I was able to run TDSSKiller, which said there were no threats found. Here's the log:

18:55:46.0298 4924 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:55:46.0610 4924 ============================================================
18:55:46.0610 4924 Current date / time: 2012/03/15 18:55:46.0610
18:55:46.0626 4924 SystemInfo:
18:55:46.0626 4924
18:55:46.0626 4924 OS Version: 6.1.7601 ServicePack: 1.0
18:55:46.0626 4924 Product type: Workstation
18:55:46.0626 4924 ComputerName: ARDEN-PC
18:55:46.0626 4924 UserName: Arden
18:55:46.0626 4924 Windows directory: C:\Windows
18:55:46.0626 4924 System windows directory: C:\Windows
18:55:46.0626 4924 Running under WOW64
18:55:46.0626 4924 Processor architecture: Intel x64
18:55:46.0626 4924 Number of processors: 4
18:55:46.0626 4924 Page size: 0x1000
18:55:46.0626 4924 Boot type: Normal boot
18:55:46.0626 4924 ============================================================
18:55:47.0312 4924 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:55:47.0312 4924 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:55:51.0010 4924 \Device\Harddisk0\DR0:
18:55:51.0010 4924 MBR used
18:55:51.0010 4924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x2E937CC1
18:55:51.0010 4924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F93A696, BlocksNum 0x44DC771A
18:55:51.0010 4924 \Device\Harddisk1\DR1:
18:55:51.0025 4924 MBR used
18:55:51.0025 4924 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
18:55:51.0088 4924 Initialize success
18:55:51.0088 4924 ============================================================
18:56:02.0756 4796 ============================================================
18:56:02.0756 4796 Scan started
18:56:02.0756 4796 Mode: Manual;
18:56:02.0756 4796 ============================================================
18:56:03.0630 4796 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:56:03.0630 4796 1394ohci - ok
18:56:03.0677 4796 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:56:03.0677 4796 ACPI - ok
18:56:03.0708 4796 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:56:03.0708 4796 AcpiPmi - ok
18:56:03.0770 4796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:56:03.0770 4796 adp94xx - ok
18:56:03.0786 4796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:56:03.0802 4796 adpahci - ok
18:56:03.0864 4796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:56:03.0864 4796 adpu320 - ok
18:56:03.0895 4796 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:56:03.0895 4796 AFD - ok
18:56:03.0926 4796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:56:03.0942 4796 agp440 - ok
18:56:03.0973 4796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:56:03.0973 4796 aliide - ok
18:56:04.0020 4796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:56:04.0020 4796 amdide - ok
18:56:04.0036 4796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:56:04.0036 4796 AmdK8 - ok
18:56:04.0036 4796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:56:04.0036 4796 AmdPPM - ok
18:56:04.0051 4796 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:56:04.0051 4796 amdsata - ok
18:56:04.0114 4796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:56:04.0114 4796 amdsbs - ok
18:56:04.0114 4796 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:56:04.0114 4796 amdxata - ok
18:56:04.0160 4796 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:56:04.0160 4796 AppID - ok
18:56:04.0223 4796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:56:04.0223 4796 arc - ok
18:56:04.0270 4796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:56:04.0270 4796 arcsas - ok
18:56:04.0332 4796 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
18:56:04.0332 4796 ASInsHelp - ok
18:56:04.0348 4796 AsIO - ok
18:56:04.0379 4796 AsUpIO - ok
18:56:04.0441 4796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:04.0441 4796 AsyncMac - ok
18:56:04.0472 4796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:56:04.0472 4796 atapi - ok
18:56:04.0535 4796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:56:04.0535 4796 b06bdrv - ok
18:56:04.0597 4796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:56:04.0597 4796 b57nd60a - ok
18:56:04.0628 4796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:56:04.0628 4796 Beep - ok
18:56:04.0675 4796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:56:04.0675 4796 blbdrive - ok
18:56:04.0753 4796 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:56:04.0753 4796 bowser - ok
18:56:04.0816 4796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:56:04.0816 4796 BrFiltLo - ok
18:56:04.0816 4796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:56:04.0831 4796 BrFiltUp - ok
18:56:04.0862 4796 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:56:04.0862 4796 BridgeMP - ok
18:56:04.0894 4796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:56:04.0894 4796 Brserid - ok
18:56:04.0909 4796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:56:04.0909 4796 BrSerWdm - ok
18:56:04.0909 4796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:56:04.0909 4796 BrUsbMdm - ok
18:56:04.0925 4796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:56:04.0925 4796 BrUsbSer - ok
18:56:05.0003 4796 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:56:05.0003 4796 BthEnum - ok
18:56:05.0050 4796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:56:05.0050 4796 BTHMODEM - ok
18:56:05.0050 4796 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:56:05.0050 4796 BthPan - ok
18:56:05.0096 4796 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:56:05.0096 4796 BTHPORT - ok
18:56:05.0159 4796 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:56:05.0159 4796 BTHUSB - ok
18:56:05.0206 4796 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
18:56:05.0206 4796 btusbflt - ok
18:56:05.0221 4796 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
18:56:05.0221 4796 BTWAMPFL - ok
18:56:05.0221 4796 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
18:56:05.0221 4796 btwaudio - ok
18:56:05.0237 4796 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
18:56:05.0237 4796 btwavdt - ok
18:56:05.0252 4796 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:56:05.0252 4796 btwl2cap - ok
18:56:05.0268 4796 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
18:56:05.0268 4796 btwrchid - ok
18:56:05.0377 4796 catchme - ok
18:56:05.0455 4796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:05.0455 4796 cdfs - ok
18:56:05.0502 4796 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:56:05.0502 4796 cdrom - ok
18:56:05.0564 4796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:56:05.0564 4796 circlass - ok
18:56:05.0642 4796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:56:05.0642 4796 CLFS - ok
18:56:05.0705 4796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:56:05.0705 4796 CmBatt - ok
18:56:05.0752 4796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:56:05.0752 4796 cmdide - ok
18:56:05.0798 4796 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:56:05.0798 4796 CNG - ok
18:56:05.0798 4796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:56:05.0798 4796 Compbatt - ok
18:56:05.0861 4796 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:56:05.0861 4796 CompositeBus - ok
18:56:05.0923 4796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:56:05.0923 4796 crcdisk - ok
18:56:06.0017 4796 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:56:06.0017 4796 DfsC - ok
18:56:06.0079 4796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:56:06.0079 4796 discache - ok
18:56:06.0142 4796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:56:06.0142 4796 Disk - ok
18:56:06.0220 4796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:56:06.0220 4796 drmkaud - ok
18:56:06.0266 4796 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:56:06.0266 4796 dtsoftbus01 - ok
18:56:06.0329 4796 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:06.0329 4796 DXGKrnl - ok
18:56:06.0422 4796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:56:06.0438 4796 ebdrv - ok
18:56:06.0500 4796 EIO64 - ok
18:56:06.0547 4796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:56:06.0547 4796 elxstor - ok
18:56:06.0578 4796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:56:06.0578 4796 ErrDev - ok
18:56:06.0610 4796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:56:06.0610 4796 exfat - ok
18:56:06.0672 4796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:56:06.0672 4796 fastfat - ok
18:56:06.0703 4796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:56:06.0719 4796 fdc - ok
18:56:06.0734 4796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:56:06.0734 4796 FileInfo - ok
18:56:06.0766 4796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:56:06.0766 4796 Filetrace - ok
18:56:06.0812 4796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:06.0812 4796 flpydisk - ok
18:56:06.0828 4796 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:56:06.0844 4796 FltMgr - ok
18:56:06.0859 4796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:56:06.0859 4796 FsDepends - ok
18:56:06.0890 4796 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
18:56:06.0890 4796 fssfltr - ok
18:56:06.0922 4796 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:56:06.0922 4796 Fs_Rec - ok
18:56:07.0015 4796 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:56:07.0015 4796 fvevol - ok
18:56:07.0062 4796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:56:07.0062 4796 gagp30kx - ok
18:56:07.0078 4796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:56:07.0078 4796 GEARAspiWDM - ok
18:56:07.0187 4796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:56:07.0187 4796 hcw85cir - ok
18:56:07.0234 4796 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:56:07.0234 4796 HdAudAddService - ok
18:56:07.0265 4796 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:56:07.0265 4796 HDAudBus - ok
18:56:07.0312 4796 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:56:07.0312 4796 HECIx64 - ok
18:56:07.0358 4796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:56:07.0358 4796 HidBatt - ok
18:56:07.0374 4796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:56:07.0374 4796 HidBth - ok
18:56:07.0405 4796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:56:07.0405 4796 HidIr - ok
18:56:07.0436 4796 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:56:07.0436 4796 HidUsb - ok
18:56:07.0483 4796 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:56:07.0483 4796 HpSAMD - ok
18:56:07.0499 4796 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:56:07.0514 4796 HTTP - ok
18:56:07.0561 4796 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:56:07.0577 4796 hwpolicy - ok
18:56:07.0592 4796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:56:07.0592 4796 i8042prt - ok
18:56:07.0655 4796 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:56:07.0655 4796 iaStorV - ok
18:56:07.0889 4796 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:56:07.0920 4796 igfx - ok
18:56:07.0998 4796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:56:07.0998 4796 iirsp - ok
18:56:08.0060 4796 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
18:56:08.0076 4796 IntcAzAudAddService - ok
18:56:08.0170 4796 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:56:08.0170 4796 IntcDAud - ok
18:56:08.0201 4796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:56:08.0201 4796 intelide - ok
18:56:08.0232 4796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:08.0232 4796 intelppm - ok
18:56:08.0263 4796 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:08.0263 4796 IpFilterDriver - ok
18:56:08.0341 4796 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:56:08.0341 4796 IPMIDRV - ok
18:56:08.0357 4796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:56:08.0357 4796 IPNAT - ok
18:56:08.0388 4796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:56:08.0388 4796 IRENUM - ok
18:56:08.0419 4796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:56:08.0419 4796 isapnp - ok
18:56:08.0482 4796 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:56:08.0482 4796 iScsiPrt - ok
18:56:08.0528 4796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:56:08.0528 4796 kbdclass - ok
18:56:08.0544 4796 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:56:08.0544 4796 kbdhid - ok
18:56:08.0575 4796 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:56:08.0575 4796 KSecDD - ok
18:56:08.0638 4796 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:56:08.0638 4796 KSecPkg - ok
18:56:08.0669 4796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:56:08.0669 4796 ksthunk - ok
18:56:08.0762 4796 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
18:56:08.0762 4796 Lavasoft Kernexplorer - ok
18:56:08.0856 4796 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
18:56:08.0856 4796 Lbd - ok
18:56:08.0872 4796 LHidFilt (2ab5199d61f6c2bbdcaf21acb9276845) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:56:08.0872 4796 LHidFilt - ok
18:56:08.0903 4796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:56:08.0903 4796 lltdio - ok
18:56:09.0012 4796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:56:09.0012 4796 LSI_FC - ok
18:56:09.0012 4796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:56:09.0028 4796 LSI_SAS - ok
18:56:09.0028 4796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:56:09.0028 4796 LSI_SAS2 - ok
18:56:09.0043 4796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:56:09.0043 4796 LSI_SCSI - ok
18:56:09.0059 4796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:56:09.0059 4796 luafv - ok
18:56:09.0074 4796 LUsbFilt (f425622cff9eec074be8787e74d2b6f5) C:\Windows\system32\Drivers\LUsbFilt.Sys
18:56:09.0074 4796 LUsbFilt - ok
18:56:09.0074 4796 Lycosa (beb897ce49f7c991845d3aea0d298e53) C:\Windows\system32\drivers\Lycosa.sys
18:56:09.0074 4796 Lycosa - ok
18:56:09.0152 4796 MBAMProtector - ok
18:56:09.0184 4796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:56:09.0184 4796 megasas - ok
18:56:09.0199 4796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:56:09.0199 4796 MegaSR - ok
18:56:09.0262 4796 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\E206.tmp
18:56:09.0262 4796 MEMSWEEP2 - ok
18:56:09.0340 4796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:56:09.0340 4796 Modem - ok
18:56:09.0340 4796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:56:09.0340 4796 monitor - ok
18:56:09.0386 4796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:56:09.0386 4796 mouclass - ok
18:56:09.0480 4796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:56:09.0480 4796 mouhid - ok
18:56:09.0496 4796 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:56:09.0496 4796 mountmgr - ok
18:56:09.0511 4796 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:56:09.0511 4796 mpio - ok
18:56:09.0527 4796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:56:09.0527 4796 mpsdrv - ok
18:56:09.0605 4796 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:56:09.0605 4796 MRxDAV - ok
18:56:09.0620 4796 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:09.0620 4796 mrxsmb - ok
18:56:09.0636 4796 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:09.0636 4796 mrxsmb10 - ok
18:56:09.0667 4796 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:09.0667 4796 mrxsmb20 - ok
18:56:09.0730 4796 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:56:09.0730 4796 msahci - ok
18:56:09.0761 4796 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:56:09.0761 4796 msdsm - ok
18:56:09.0792 4796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:56:09.0792 4796 Msfs - ok
18:56:09.0870 4796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:56:09.0870 4796 mshidkmdf - ok
18:56:09.0886 4796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:56:09.0901 4796 msisadrv - ok
18:56:09.0932 4796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:56:09.0932 4796 MSKSSRV - ok
18:56:09.0948 4796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:09.0948 4796 MSPCLOCK - ok
18:56:10.0010 4796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:56:10.0010 4796 MSPQM - ok
18:56:10.0042 4796 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:56:10.0042 4796 MsRPC - ok
18:56:10.0073 4796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:56:10.0073 4796 mssmbios - ok
18:56:10.0088 4796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:56:10.0088 4796 MSTEE - ok
18:56:10.0104 4796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:56:10.0104 4796 MTConfig - ok
18:56:10.0182 4796 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
18:56:10.0182 4796 MTsensor - ok
18:56:10.0198 4796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:56:10.0198 4796 Mup - ok
18:56:10.0260 4796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:56:10.0260 4796 NativeWifiP - ok
18:56:10.0354 4796 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:56:10.0354 4796 NDIS - ok
18:56:10.0385 4796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:56:10.0385 4796 NdisCap - ok
18:56:10.0416 4796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:10.0416 4796 NdisTapi - ok
18:56:10.0494 4796 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:10.0494 4796 Ndisuio - ok
18:56:10.0510 4796 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:10.0510 4796 NdisWan - ok
18:56:10.0556 4796 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:56:10.0556 4796 NDProxy - ok
18:56:10.0634 4796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:56:10.0634 4796 NetBIOS - ok
18:56:10.0666 4796 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:56:10.0666 4796 NetBT - ok
18:56:10.0759 4796 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
18:56:10.0759 4796 netr28x - ok
18:56:10.0806 4796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:56:10.0806 4796 nfrd960 - ok
18:56:10.0853 4796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:56:10.0853 4796 Npfs - ok
18:56:10.0868 4796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:56:10.0884 4796 nsiproxy - ok
18:56:10.0931 4796 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:56:10.0931 4796 Ntfs - ok
18:56:11.0009 4796 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:56:11.0009 4796 NuidFltr - ok
18:56:11.0040 4796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:56:11.0040 4796 Null - ok
18:56:11.0071 4796 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:56:11.0071 4796 nvraid - ok
18:56:11.0102 4796 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:56:11.0102 4796 nvstor - ok
18:56:11.0102 4796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:56:11.0102 4796 nv_agp - ok
18:56:11.0134 4796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:56:11.0134 4796 ohci1394 - ok
18:56:11.0180 4796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:56:11.0180 4796 Parport - ok
18:56:11.0227 4796 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:56:11.0227 4796 partmgr - ok
18:56:11.0258 4796 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:56:11.0258 4796 pci - ok
18:56:11.0274 4796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:56:11.0274 4796 pciide - ok
18:56:11.0290 4796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:56:11.0290 4796 pcmcia - ok
18:56:11.0336 4796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:56:11.0336 4796 pcw - ok
18:56:11.0383 4796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:56:11.0383 4796 PEAUTH - ok
18:56:11.0446 4796 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:56:11.0446 4796 PptpMiniport - ok
18:56:11.0492 4796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:56:11.0492 4796 Processor - ok
18:56:11.0555 4796 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:56:11.0555 4796 Psched - ok
18:56:11.0602 4796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:56:11.0602 4796 ql2300 - ok
18:56:11.0633 4796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:56:11.0633 4796 ql40xx - ok
18:56:11.0648 4796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:56:11.0648 4796 QWAVEdrv - ok
18:56:11.0680 4796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:56:11.0680 4796 RasAcd - ok
18:56:11.0742 4796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:56:11.0742 4796 RasAgileVpn - ok
18:56:11.0758 4796 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:11.0758 4796 Rasl2tp - ok
18:56:11.0804 4796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:11.0804 4796 RasPppoe - ok
18:56:11.0804 4796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:56:11.0804 4796 RasSstp - ok
18:56:11.0836 4796 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:56:11.0836 4796 rdbss - ok
18:56:11.0898 4796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:56:11.0898 4796 rdpbus - ok
18:56:11.0945 4796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:11.0945 4796 RDPCDD - ok
18:56:11.0945 4796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:56:11.0945 4796 RDPENCDD - ok
18:56:11.0960 4796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:56:11.0960 4796 RDPREFMP - ok
18:56:11.0992 4796 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:56:11.0992 4796 RDPWD - ok
18:56:12.0054 4796 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:56:12.0070 4796 rdyboost - ok
18:56:12.0132 4796 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:56:12.0132 4796 RFCOMM - ok
18:56:12.0179 4796 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:56:12.0179 4796 RimUsb - ok
18:56:12.0210 4796 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:56:12.0210 4796 RimVSerPort - ok
18:56:12.0241 4796 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:56:12.0241 4796 ROOTMODEM - ok
18:56:12.0288 4796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:56:12.0288 4796 rspndr - ok
18:56:12.0335 4796 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:56:12.0335 4796 RTL8167 - ok
18:56:12.0397 4796 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
18:56:12.0397 4796 RtNdPt60 - ok
18:56:12.0397 4796 RTTEAMPT (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
18:56:12.0397 4796 RTTEAMPT - ok
18:56:12.0413 4796 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
18:56:12.0413 4796 RTVLANPT - ok
18:56:12.0444 4796 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
18:56:12.0444 4796 RzSynapse - ok
18:56:12.0475 4796 rzudd (1542f66d82be5a0afb366cc115a8e8e5) C:\Windows\system32\DRIVERS\rzudd.sys
18:56:12.0475 4796 rzudd - ok
18:56:12.0491 4796 SAVRKBootTasks - ok
18:56:12.0506 4796 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:56:12.0506 4796 sbp2port - ok
18:56:12.0538 4796 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:56:12.0538 4796 scfilter - ok
18:56:12.0600 4796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:56:12.0600 4796 secdrv - ok
18:56:12.0631 4796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:56:12.0631 4796 Serenum - ok
18:56:12.0647 4796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:56:12.0647 4796 Serial - ok
18:56:12.0694 4796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:56:12.0694 4796 sermouse - ok
18:56:12.0740 4796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:56:12.0740 4796 sffdisk - ok
18:56:12.0772 4796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:12.0772 4796 sffp_mmc - ok
18:56:12.0787 4796 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:56:12.0787 4796 sffp_sd - ok
18:56:12.0818 4796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:56:12.0818 4796 sfloppy - ok
18:56:12.0865 4796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:56:12.0865 4796 SiSRaid2 - ok
18:56:12.0865 4796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:56:12.0865 4796 SiSRaid4 - ok
18:56:12.0912 4796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:56:12.0912 4796 Smb - ok
18:56:12.0959 4796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:56:12.0959 4796 spldr - ok
18:56:12.0990 4796 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:56:13.0006 4796 srv - ok
18:56:13.0037 4796 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:56:13.0037 4796 srv2 - ok
18:56:13.0068 4796 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:13.0068 4796 srvnet - ok
18:56:13.0177 4796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:56:13.0177 4796 stexstor - ok
18:56:13.0208 4796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:56:13.0208 4796 swenum - ok
18:56:13.0286 4796 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:56:13.0302 4796 Tcpip - ok
18:56:13.0364 4796 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:13.0380 4796 TCPIP6 - ok
18:56:13.0411 4796 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:56:13.0411 4796 tcpipreg - ok
18:56:13.0458 4796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:56:13.0458 4796 TDPIPE - ok
18:56:13.0489 4796 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:56:13.0489 4796 TDTCP - ok
18:56:13.0552 4796 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:56:13.0552 4796 tdx - ok
18:56:13.0598 4796 TEAM (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
18:56:13.0598 4796 TEAM - ok
18:56:13.0630 4796 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:56:13.0630 4796 TermDD - ok
18:56:13.0692 4796 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:13.0692 4796 tssecsrv - ok
18:56:13.0754 4796 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:56:13.0754 4796 TsUsbFlt - ok
18:56:13.0801 4796 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:13.0801 4796 tunnel - ok
18:56:13.0879 4796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:56:13.0879 4796 uagp35 - ok
18:56:13.0910 4796 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:56:13.0910 4796 udfs - ok
18:56:13.0926 4796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:56:13.0926 4796 uliagpkx - ok
18:56:13.0957 4796 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:56:13.0957 4796 umbus - ok
18:56:14.0020 4796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:56:14.0020 4796 UmPass - ok
18:56:14.0051 4796 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:56:14.0051 4796 USBAAPL64 - ok
18:56:14.0082 4796 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:56:14.0082 4796 usbaudio - ok
18:56:14.0098 4796 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:14.0098 4796 usbccgp - ok
18:56:14.0129 4796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:56:14.0129 4796 usbcir - ok
18:56:14.0144 4796 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:56:14.0144 4796 usbehci - ok
18:56:14.0176 4796 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:14.0176 4796 usbhub - ok
18:56:14.0191 4796 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:56:14.0191 4796 usbohci - ok
18:56:14.0254 4796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:14.0254 4796 usbprint - ok
18:56:14.0285 4796 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:14.0285 4796 USBSTOR - ok
18:56:14.0300 4796 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:56:14.0300 4796 usbuhci - ok
18:56:14.0347 4796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:56:14.0347 4796 vdrvroot - ok
18:56:14.0425 4796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:14.0425 4796 vga - ok
18:56:14.0441 4796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:56:14.0441 4796 VgaSave - ok
18:56:14.0472 4796 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:56:14.0472 4796 vhdmp - ok
18:56:14.0503 4796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:56:14.0503 4796 viaide - ok
18:56:14.0566 4796 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
18:56:14.0566 4796 VKbms - ok
18:56:14.0612 4796 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:56:14.0612 4796 volmgr - ok
18:56:14.0628 4796 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:56:14.0628 4796 volmgrx - ok
18:56:14.0659 4796 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:56:14.0659 4796 volsnap - ok
18:56:14.0690 4796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:56:14.0690 4796 vsmraid - ok
18:56:14.0706 4796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:56:14.0706 4796 vwifibus - ok
18:56:14.0768 4796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:56:14.0768 4796 vwififlt - ok
18:56:14.0784 4796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:56:14.0784 4796 WacomPen - ok
18:56:14.0831 4796 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:14.0831 4796 WANARP - ok
18:56:14.0831 4796 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:14.0831 4796 Wanarpv6 - ok
18:56:14.0893 4796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:56:14.0893 4796 Wd - ok
18:56:14.0940 4796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:56:14.0956 4796 Wdf01000 - ok
18:56:15.0003 4796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:56:15.0003 4796 WfpLwf - ok
18:56:15.0018 4796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:56:15.0018 4796 WIMMount - ok
18:56:15.0159 4796 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:56:15.0159 4796 WinUsb - ok
18:56:15.0190 4796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:56:15.0190 4796 WmiAcpi - ok
18:56:15.0237 4796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:15.0237 4796 ws2ifsl - ok
18:56:15.0315 4796 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:56:15.0315 4796 WudfPf - ok
18:56:15.0361 4796 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:15.0361 4796 WUDFRd - ok
18:56:15.0393 4796 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk0\DR0
18:56:15.0549 4796 \Device\Harddisk0\DR0 - ok
18:56:15.0549 4796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:56:15.0549 4796 \Device\Harddisk1\DR1 - ok
18:56:15.0564 4796 Boot (0x1200) (52ee4036ca85ce0c68810cfa5856c564) \Device\Harddisk0\DR0\Partition0
18:56:15.0564 4796 \Device\Harddisk0\DR0\Partition0 - ok
18:56:15.0580 4796 Boot (0x1200) (1763cd2b92dc801dcef47484c7237fc6) \Device\Harddisk0\DR0\Partition1
18:56:15.0580 4796 \Device\Harddisk0\DR0\Partition1 - ok
18:56:15.0580 4796 Boot (0x1200) (2f1d8f6c35ba89125b8e39f5d8ed6735) \Device\Harddisk1\DR1\Partition0
18:56:15.0580 4796 \Device\Harddisk1\DR1\Partition0 - ok
18:56:15.0580 4796 ============================================================
18:56:15.0580 4796 Scan finished
18:56:15.0580 4796 ============================================================
18:56:15.0595 4988 Detected object count: 0
18:56:15.0595 4988 Actual detected object count: 0

#11 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 15 March 2012 - 06:59 PM

Checking on the symptoms, Google no longer redirects me when attempting to search, and the auto-complete functionality of the website is restored as well. I assume there's more to do though, so giving you an update on the situation.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 15 March 2012 - 09:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::

Folder::
c:\program files (x86)\Vuze_Remote

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 16 March 2012 - 08:46 AM

ComboFix 12-03-14.01 - Arden 03/15/2012 23:38:57.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.6063 [GMT -5:00]
Running from: c:\users\Arden\Desktop\ComboFix.exe
Command switches used :: c:\users\Arden\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\GottenAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\ldrtbVuze.dll
c:\program files (x86)\Vuze_Remote\OtherAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
c:\program files (x86)\Vuze_Remote\SharedAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\ToolbarContextMenu.xml
c:\program files (x86)\Vuze_Remote\uninstall.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 04:43 . 2012-03-16 04:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-16 04:43 . 2012-03-16 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 23:48 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F50EF9DB-22E5-46E3-AF67-6A8D0560A9E8}\mpengine.dll
2012-03-15 03:50 . 2012-03-15 03:50 388096 ----a-r- c:\users\Arden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-15 03:50 . 2012-03-15 03:50 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-15 03:45 . 2011-05-12 19:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-03-15 03:16 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\E206.tmp
2012-03-15 03:15 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\DF76.tmp
2012-03-15 03:15 . 2012-03-15 03:15 -------- d-----w- c:\program files (x86)\Sophos
2012-03-15 01:10 . 2012-03-15 01:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-15 01:10 . 2012-03-15 01:09 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-14 23:28 . 2012-03-14 23:28 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-03-14 18:02 . 2012-03-14 18:02 -------- d-----w- c:\users\Arden\AppData\Roaming\RotMG.Production
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- c:\users\Arden\AppData\Roaming\SUPERAntiSpyware.com
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-13 17:20 . 2012-03-13 17:20 -------- d-----w- c:\users\Arden\AppData\Roaming\Malwarebytes
2012-03-13 17:20 . 2012-03-14 23:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 17:20 . 2012-03-13 17:20 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 16:18 . 2012-03-10 16:18 -------- d-----w- c:\users\Arden\AppData\Roaming\calibre
2012-03-10 16:18 . 2012-03-14 21:15 -------- d-----w- c:\program files (x86)\Calibre2
2012-03-07 14:06 . 2012-03-14 21:15 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-03-07 14:06 . 2012-03-07 14:06 53248 ----a-r- c:\users\Arden\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-07 14:06 . 2012-03-07 14:06 -------- d-----w- c:\users\Arden\AppData\Roaming\Leadertech
2012-03-07 14:06 . 2012-03-07 14:06 -------- d-----w- c:\users\Arden\AppData\Local\Logishrd
2012-03-07 14:05 . 2012-03-14 21:02 -------- d-----w- c:\programdata\Logishrd
2012-03-07 14:05 . 2012-03-07 14:07 -------- d-----w- c:\program files\Common Files\Logishrd
2012-03-07 14:01 . 2012-03-07 14:01 -------- d-----w- c:\users\Arden\AppData\Roaming\Logishrd
2012-03-07 13:51 . 2010-09-30 02:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2012-03-07 13:51 . 2007-09-28 00:07 93696 ----a-w- c:\windows\system32\Lycosa.cpl
2012-03-07 13:51 . 2010-10-01 06:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2012-03-07 13:51 . 2010-09-08 17:01 28928 ----a-w- c:\windows\system32\drivers\Lycosa.sys
2012-03-07 13:51 . 2007-09-28 01:44 65536 ----a-w- c:\windows\SysWow64\Lycosa.cpl
2012-03-07 13:50 . 2012-03-07 13:50 -------- d-----w- c:\users\Arden\AppData\Roaming\InstallShield
2012-03-07 13:47 . 2012-03-14 21:02 -------- d-----w- c:\programdata\Razer
2012-03-07 13:47 . 2012-03-07 13:58 -------- d-----w- c:\users\Arden\AppData\Local\Razer
2012-03-02 23:00 . 2012-03-16 02:08 -------- d-----w- c:\users\Arden\AppData\Roaming\RIFT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 01:09 . 2011-07-04 21:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-14 23:20 . 2012-01-14 23:20 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-01-14 23:20 . 2012-01-14 23:20 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-14 23:20 . 2012-01-14 23:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-12 15:34 . 2012-01-12 15:34 74240 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-01-11 04:43 . 2012-01-11 04:43 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-01-11 04:43 . 2012-01-11 04:43 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-01-11 04:43 . 2012-01-11 04:43 417560 ----a-w- c:\windows\system32\igfxpers.exe
2012-01-11 04:43 . 2012-01-11 04:43 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-01-11 04:43 . 2012-01-11 04:43 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-01-11 04:43 . 2012-01-11 04:43 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-01-11 04:43 . 2012-01-11 04:43 184600 ----a-w- c:\windows\system32\difx64.exe
2012-01-11 04:37 . 2012-01-11 04:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2622.dll
2012-01-11 04:28 . 2011-09-01 01:53 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-01-11 04:28 . 2012-01-11 04:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-01-11 04:18 . 2009-11-13 17:54 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-01-11 04:12 . 2009-11-13 17:54 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-01-11 04:06 . 2009-11-13 17:54 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2012-01-11 03:55 . 2011-09-01 01:37 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-01-11 03:42 . 2012-01-11 03:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-01-11 03:29 . 2012-01-11 03:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-01-11 03:20 . 2012-01-11 03:20 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-01-11 03:20 . 2012-01-11 03:20 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-01-11 03:20 . 2012-01-11 03:20 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-01-11 03:20 . 2012-01-11 03:20 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-01-11 03:20 . 2012-01-11 03:20 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-01-11 03:20 . 2012-01-11 03:20 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-01-11 03:20 . 2012-01-11 03:20 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-01-11 03:19 . 2012-01-11 03:19 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-01-11 03:19 . 2012-01-11 03:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-01-11 03:19 . 2009-11-13 17:54 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-01-11 03:19 . 2009-11-13 17:54 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-01-11 03:19 . 2012-01-11 03:19 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-01-11 03:19 . 2012-01-11 03:19 390656 ----a-w- c:\windows\system32\igfxdev.dll
2012-01-11 03:19 . 2012-01-11 03:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-01-11 03:18 . 2012-01-11 03:18 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-01-11 03:18 . 2012-01-11 03:18 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-01-11 03:18 . 2009-11-13 17:54 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-01-11 03:15 . 2012-01-11 03:15 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-01-11 03:14 . 2012-01-11 03:14 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-01-11 03:12 . 2012-01-11 03:12 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-01-11 03:12 . 2012-01-11 03:12 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-01-11 03:12 . 2012-01-11 03:12 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-01-11 03:12 . 2012-01-11 03:12 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll
2011-12-29 22:48 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-29 22:48 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-15_10.45.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-14 08:49 . 2012-03-15 23:50 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-14 08:49 . 2012-03-15 03:47 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-14 08:49 . 2012-03-15 23:50 16384 c:\windows\temp\History\History.IE5\index.dat
- 2012-03-14 08:49 . 2012-03-15 03:47 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-03-14 08:49 . 2012-03-15 23:50 16384 c:\windows\temp\Cookies\index.dat
- 2012-03-14 08:49 . 2012-03-15 03:47 16384 c:\windows\temp\Cookies\index.dat
- 2010-04-08 02:34 . 2012-03-15 03:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-08 02:34 . 2012-03-15 23:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-08 02:34 . 2012-03-15 23:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-08 02:34 . 2012-03-15 03:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-08 02:34 . 2012-03-15 03:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-08 02:34 . 2012-03-15 23:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-08 02:34 . 2012-03-16 04:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-08 02:34 . 2012-03-15 10:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-08 02:34 . 2012-03-15 10:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-08 02:34 . 2012-03-16 04:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-16 04:44 . 2012-03-16 04:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-15 03:47 . 2012-03-15 03:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-15 03:47 . 2012-03-15 03:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-16 04:44 . 2012-03-16 04:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-15 23:58 668692 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-15 03:54 668692 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-15 03:54 124878 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-15 23:58 124878 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-03-15 03:54 668692 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-15 23:58 668692 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-15 23:58 124878 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-15 03:54 124878 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\steam\Steam.exe" [2012-03-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-08-20 225280]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Arden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-8 0]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E206.tmp [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-08-20 196608]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-16 2152152]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 07:18]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:28]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 19:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.wowhead.com/
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Arden\AppData\Roaming\Mozilla\Firefox\Profiles\q7skxldj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-Locked - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Vuze_Remote Toolbar - c:\program files (x86)\Vuze_Remote\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E206.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\06\0c\00:$?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\ASUS\AI Manager\AIManager.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-03-15 23:48:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 04:48
ComboFix2.txt 2012-03-15 11:04
ComboFix3.txt 2012-03-13 19:03
.
Pre-Run: 238,200,295,424 bytes free
Post-Run: 237,920,030,720 bytes free
.
- - End Of File - - 780B9F07905032149065DDC36120BF46


It seems to be running fine now, still a bit slow, but I just need to clean out a bunch of programs and files.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 16 March 2012 - 12:43 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 thepandoraeffect

thepandoraeffect
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 16 March 2012 - 06:15 PM

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
AI Manager
AIM 7
AIM for Windows
Apple Application Support
Apple Software Update
ASUSUpdate
Bandisoft MPEG-1 Decoder
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
calibre
CamStudio OSS Desktop Recorder
CMUD 2.37
Curse Client
DAEMON Tools Lite
Diagnostic Utility
DivX Setup
Download Updater (AOL LLC)
eMule
EPU-4 Engine
eReg
Free FLV Converter V 6.98.0
Google Update Helper
Gtk+ Runtime Environment 2.12.9-2
GTK2-Runtime
HiJackThis
Intel® Control Center
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
jZip
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Codec Pack 3.9.6
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
Mumble 1.2.3
MUSHclient (remove only)
Nexon Game Manager
Octoshape add-in for Adobe Flash Player
QuickTime
Razer Lycosa
Razer Naga
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
RIFT
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
Sophos Anti-Rootkit 1.5.20
Steam
Super Mario Bros. X version 1.3
System Requirements Lab
TeamViewer 6
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Veoh Web Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
zeldascreen Screen Saver
zMUD 7.21.0.0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users