Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo & Google keeps redirecting


  • This topic is locked This topic is locked
14 replies to this topic

#1 pbutler0359

pbutler0359

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 20 March 2012 - 05:23 PM

I removed a virus with Malwarebytes and now my searches in Yahoo & Google keep getting redirected. Below is what Malwarebytes found. I get an error when I run GMER. [LoadDrive("C:\User\PaulButl\AppData\Local\Temp\uxryapow.sys") error 0xC000010E: An instance of the service is already running.]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.07

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
PaulButl :: LAPTOP32 [administrator]

3/20/2012 2:50:05 PM
mbam-log-2012-03-20 (14-50-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 437472
Time elapsed: 43 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qnXjXprRiiiIx.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\qnXjXprRiiiIx.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\qnXjXprRiiiIx.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\ProgramData\nR0L9KifghwiKM.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.2.1
Run by PaulButl at 17:55:57 on 2012-03-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1771 [GMT -4:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\RioMSC.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://companyweb
uDefault_Page_URL = hxxp://companyweb
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll
uRun: [Greenshot] "c:\program files\greenshot\Greenshot.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe
mRun: [Classic Start Menu] c:\program files\classic shell\ClassicStartMenu.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\sbeagent\SBAMTray.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
Trusted Zone: fenetwork.com
Trusted Zone: firstenergycorp.com
Trusted Zone: solarvalleysolutions.com\upport
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn04.firstenergycorp.com/+CSCOL+/relayp.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://contractors.firstenergycorp.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.250.253
TCP: Interfaces\{75455F5B-C3C8-41E3-B76B-3BA140F7A911} : DhcpNameServer = 192.168.250.253
TCP: Interfaces\{80D98FA8-EFAB-4D9A-8CAF-4A13462F91FE} : DhcpNameServer = 4.2.2.2
TCP: Interfaces\{80D98FA8-EFAB-4D9A-8CAF-4A13462F91FE}\0596C6F64702759664960233 : DhcpNameServer = 10.1.0.1
TCP: Interfaces\{80D98FA8-EFAB-4D9A-8CAF-4A13462F91FE}\07265747C65627 : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{80D98FA8-EFAB-4D9A-8CAF-4A13462F91FE}\7516475627C6F6F6024456C696 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{80D98FA8-EFAB-4D9A-8CAF-4A13462F91FE}\C696E6B6379737F5355435F52343737363 : DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks enterprise solutions 11.0\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paulbutl\appdata\roaming\mozilla\firefox\profiles\uvgvxaqq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - http:www.netvibes.com/#General
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2011-1-25 17072]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-2-7 78936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-1-25 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2011-1-25 60928]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-12-23 59904]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\sunbelt software\sbeagent\SBAMSvc.exe [2011-6-23 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-6-10 74200]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\sbeagent\SBPIMSvc.exe [2011-6-23 181584]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-29 2358656]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-2 2923392]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2011-5-23 465872]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-1-25 42672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-25 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-12-23 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-12-23 224424]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-12-23 125696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-23 68200]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-7 136176]
S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2011-5-23 77968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-12-23 274472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-25 33320]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2011-1-25 134144]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-7 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-12-23 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-12-23 38912]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-27 52224]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-2-17 33712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-8 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-1-26 81920]
S4 LTService;Solar Valley Solutions Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2011-2-15 3085840]
S4 LTSvcMon;Solar Valley Solutions Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2011-2-15 90128]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-20 18:48:28 -------- d-----w- c:\users\paulbutl\appdata\roaming\Malwarebytes
2012-03-20 18:48:20 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 18:48:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-20 13:19:02 -------- d-----w- c:\users\paulbutl\appdata\local\{1EDA03F1-AEB4-4513-9909-482F05AAD0F8}
2012-03-20 13:18:51 -------- d-----w- c:\users\paulbutl\appdata\local\{14149A55-0224-4EE8-BC95-71500BA9B6E3}
2012-03-20 07:00:36 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 07:00:36 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 12:32:50 -------- d-----w- c:\users\paulbutl\appdata\local\{C9D258B8-3CCD-4FC3-8EA9-DAFBDACD54FA}
2012-03-19 12:32:39 -------- d-----w- c:\users\paulbutl\appdata\local\{2D94E699-899B-4DDC-AB42-F8F32CC1B52C}
2012-03-19 11:24:05 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 11:24:05 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-19 11:24:04 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-19 11:24:04 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-19 11:24:04 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-19 11:24:03 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-19 11:24:03 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-19 11:24:03 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 02:12:40 -------- d-----w- c:\users\paulbutl\appdata\local\QuickPar
2012-03-15 02:11:44 -------- d-----w- c:\program files\QuickPar
2012-03-13 12:06:18 -------- d-----w- c:\users\paulbutl\appdata\local\{C8D7D35A-E42D-4356-B280-BBD160875EF1}
2012-03-13 12:06:07 -------- d-----w- c:\users\paulbutl\appdata\local\{D0933E18-82E9-43A9-9E0B-A5C2B6E3A1B5}
2012-03-07 20:09:30 -------- d-----w- c:\users\paulbutl\appdata\local\{3A4E4629-4A75-4D69-93F0-A785BBDA37EC}
2012-03-07 20:09:19 -------- d-----w- c:\users\paulbutl\appdata\local\{3DF4FA3E-01E4-4573-8DFC-6CB174704BDD}
2012-03-07 18:37:03 -------- d-----w- c:\users\paulbutl\appdata\roaming\EDrawings
2012-03-07 18:36:20 -------- d-----w- c:\program files\common files\eDrawings2012
2012-03-06 11:55:53 162664 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10140.bin
2012-02-22 21:18:04 -------- d-----w- c:\users\paulbutl\appdata\local\{CCB6C819-5FEE-4A9C-B9C8-9D82DC4ED0D9}
2012-02-22 21:17:53 -------- d-----w- c:\users\paulbutl\appdata\local\{AE2C1B71-57F1-425A-B47C-FC37071C4FC5}
2012-02-20 17:33:00 -------- d-----w- c:\users\paulbutl\appdata\local\{4904A84C-75EB-4960-A9E2-D2C4EEE5925B}
2012-02-20 17:32:49 -------- d-----w- c:\users\paulbutl\appdata\local\{08329031-3F5E-48FD-A5EB-8833B86EF440}
2012-02-20 16:53:41 -------- d-----w- c:\users\paulbutl\appdata\local\Deployment
.
==================== Find3M ====================
.
2012-03-09 18:26:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 12:08:35 83 ----a-w- C:\MemStickBackup.bat
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
1997-07-22 00:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll
1997-06-23 08:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 17:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 17:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 17:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x886A0FA9]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; XOR EDX, EDX; CMP [0x886a8d34], EDX; PUSH EDI; MOV EDI, [EBX+0x60]; JZ 0x187; MOV EAX, [EBP+0x8]; }
1 ntkrnlpa!IofCallDriver[0x8327855A] -> \Device\Harddisk0\DR0[0x88680030]
3 CLASSPNP[0x8BDB759E] -> ntkrnlpa!IofCallDriver[0x8327855A] -> [0x8867F788]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; PUSH CS; POP DS; PUSH CS; POP ES; PUSHAD ; MOV [0x7e00], DL; MOV BYTE [0x7e04], 0x1e; MOV AH, 0x48; MOV SI, 0x7e04; INT 0x13; MOV AL, 0x50; JB 0x196; SUB WORD [0x413], 0x14; }
user != kernel MBR !!!
sectors 625142431 (+240): user != kernel
.
============= FINISH: 18:02:32.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 21 March 2012 - 12:29 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pbutler0359

pbutler0359
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 March 2012 - 06:59 AM

I did not run into any errors when running combofix but my search results are still getting redirected. Here is my combofix log file.

ComboFix 12-03-20.02 - PaulButl 03/21/2012 6:40.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1854 [GMT -4:00]
Running from: c:\users\PaulButl\Desktop\TechSupport\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~nR0L9KifghwiKM
c:\programdata\~nR0L9KifghwiKMr
c:\programdata\nR0L9KifghwiKM
c:\users\PaulButl\AppData\Local\assembly\tmp
c:\users\pbutler.SIGMA\AppData\Local\assembly\tmp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\SET9067.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 11:20 . 2012-03-21 11:20 -------- d-----w- c:\users\SVSAdmin\AppData\Local\temp
2012-03-21 11:20 . 2012-03-21 11:20 -------- d-----w- c:\users\pbutler.SIGMA\AppData\Local\temp
2012-03-21 11:20 . 2012-03-21 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-21 11:20 . 2012-03-21 11:20 -------- d-----w- c:\users\pbutler\AppData\Local\temp
2012-03-20 18:48 . 2012-03-20 18:48 -------- d-----w- c:\users\PaulButl\AppData\Roaming\Malwarebytes
2012-03-20 18:48 . 2012-03-20 18:48 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 18:48 . 2012-03-20 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-20 07:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 07:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 11:24 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-19 11:24 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 11:24 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-19 11:24 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-19 11:24 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-19 11:24 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-19 11:24 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 11:24 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-15 02:12 . 2012-03-15 02:18 -------- d-----w- c:\users\PaulButl\AppData\Local\QuickPar
2012-03-15 02:11 . 2012-03-15 02:11 -------- d-----w- c:\program files\QuickPar
2012-03-07 18:37 . 2012-03-07 18:37 -------- d-----w- c:\users\PaulButl\AppData\Roaming\EDrawings
2012-03-07 18:36 . 2012-03-07 18:36 -------- d-----w- c:\program files\Common Files\eDrawings2012
2012-03-06 11:55 . 2012-03-06 11:55 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-20 16:53 . 2012-02-20 16:54 -------- d-----w- c:\users\PaulButl\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 10:25 . 2011-05-10 16:52 0 ----a-w- c:\users\PaulButl\AppData\Local\WavXMapDrive.bat
2012-03-09 18:26 . 2011-05-19 10:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 12:08 . 2011-02-07 18:56 83 ----a-w- C:\MemStickBackup.bat
2012-01-04 08:58 . 2012-02-14 19:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-14 19:41 478720 ----a-w- c:\windows\system32\timedate.cpl
1997-07-22 00:30 1045776 --sha-w- c:\windows\System32\Msjet35.dll
1997-06-23 08:00 123664 --sha-w- c:\windows\System32\Msjint35.dll
1997-06-23 17:06 24848 --sha-w- c:\windows\System32\Msjter35.dll
1997-06-23 17:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll
1997-06-23 17:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-02-05 01:41 497664 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-12 288112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13838952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-04-17 92776]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-01 5249024]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-13 160768]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-02-05 91648]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2011-06-23 1336656]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-9-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2792646074-1188336934-1903499489-1156\Scripts\Logon\0\0]
"Script"=\\sbsserver\netlogon\NemLogon1.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2792646074-1188336934-1903499489-1208\Scripts\Logon\0\0]
"Script"=\\sbsserver\netlogon\NemLogon1.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-04-15 05:20 1657448 ------w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PFO Check Settings]
2005-04-17 19:58 57344 ----a-w- c:\windows\pfochk.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [2011-06-23 2804280]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2011-06-23 181584]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-05-23 77968]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-12-18 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 174720]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgusbgps.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 111152]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-02-17 33712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-25 81920]
R4 LTService;Solar Valley Solutions Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-02-15 3085840]
R4 LTSvcMon;Solar Valley Solutions Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-02-15 90128]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 160560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 44784]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-06-10 74200]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2010-08-20 33832]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 45288]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-27 68200]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 122032]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:27]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://companyweb
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: fenetwork.com
Trusted Zone: firstenergycorp.com
Trusted Zone: solarvalleysolutions.com\upport
TCP: DhcpNameServer = 4.2.2.2
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://contractors.firstenergycorp.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\PaulButl\AppData\Roaming\Mozilla\Firefox\Profiles\uvgvxaqq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - http:www.netvibes.com/#General
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Akamai NetSession Interface - c:\users\PaulButl\AppData\Local\Akamai\netsession_win.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 625142431 (+240): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\wvauth.DLL
.
Completion time: 2012-03-21 07:40:55
ComboFix-quarantined-files.txt 2012-03-21 11:40
.
Pre-Run: 153,507,184,640 bytes free
Post-Run: 152,689,807,360 bytes free
.
- - End Of File - - 0961D48B2BD20F199E2650C30136D567

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 21 March 2012 - 07:16 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pbutler0359

pbutler0359
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 March 2012 - 07:55 AM

I ran both TDSSKiller & aswMBR with no problems. My web searches are not redirecting anymore. Thank you for all your help so far.

08:25:06.0707 5676 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
08:25:07.0051 5676 ============================================================
08:25:07.0051 5676 Current date / time: 2012/03/21 08:25:07.0051
08:25:07.0051 5676 SystemInfo:
08:25:07.0051 5676
08:25:07.0051 5676 OS Version: 6.1.7601 ServicePack: 1.0
08:25:07.0051 5676 Product type: Workstation
08:25:07.0051 5676 ComputerName: LAPTOP32
08:25:07.0051 5676 UserName: PaulButl
08:25:07.0051 5676 Windows directory: C:\Windows
08:25:07.0051 5676 System windows directory: C:\Windows
08:25:07.0051 5676 Processor architecture: Intel x86
08:25:07.0051 5676 Number of processors: 4
08:25:07.0051 5676 Page size: 0x1000
08:25:07.0051 5676 Boot type: Normal boot
08:25:07.0051 5676 ============================================================
08:25:08.0049 5676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:25:08.0049 5676 \Device\Harddisk0\DR0:
08:25:08.0049 5676 MBR used
08:25:08.0049 5676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x13986
08:25:08.0049 5676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
08:25:08.0049 5676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x232CE2B0
08:25:08.0080 5676 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x25030800, BlocksNum 0x3F92B0
08:25:08.0189 5676 Initialize success
08:25:08.0189 5676 ============================================================
08:25:12.0152 3628 ============================================================
08:25:12.0152 3628 Scan started
08:25:12.0152 3628 Mode: Manual;
08:25:12.0152 3628 ============================================================
08:25:12.0979 3628 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:25:12.0979 3628 1394ohci - ok
08:25:13.0025 3628 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
08:25:13.0025 3628 Acceler - ok
08:25:13.0041 3628 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:25:13.0041 3628 ACPI - ok
08:25:13.0072 3628 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:25:13.0072 3628 AcpiPmi - ok
08:25:13.0135 3628 acsock (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys
08:25:13.0135 3628 acsock - ok
08:25:13.0181 3628 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:25:13.0181 3628 adp94xx - ok
08:25:13.0213 3628 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:25:13.0228 3628 adpahci - ok
08:25:13.0244 3628 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:25:13.0244 3628 adpu320 - ok
08:25:13.0322 3628 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:25:13.0322 3628 AFD - ok
08:25:13.0353 3628 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:25:13.0353 3628 agp440 - ok
08:25:13.0400 3628 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:25:13.0400 3628 aic78xx - ok
08:25:13.0447 3628 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:25:13.0447 3628 aliide - ok
08:25:13.0462 3628 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:25:13.0478 3628 amdagp - ok
08:25:13.0493 3628 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:25:13.0493 3628 amdide - ok
08:25:13.0509 3628 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:25:13.0509 3628 AmdK8 - ok
08:25:13.0540 3628 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:25:13.0540 3628 AmdPPM - ok
08:25:13.0571 3628 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:25:13.0587 3628 amdsata - ok
08:25:13.0603 3628 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:25:13.0603 3628 amdsbs - ok
08:25:13.0634 3628 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:25:13.0634 3628 amdxata - ok
08:25:13.0681 3628 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:25:13.0681 3628 ApfiltrService - ok
08:25:13.0727 3628 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:25:13.0727 3628 AppID - ok
08:25:13.0759 3628 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:25:13.0759 3628 arc - ok
08:25:13.0790 3628 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:25:13.0790 3628 arcsas - ok
08:25:13.0837 3628 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:25:13.0837 3628 AsyncMac - ok
08:25:13.0868 3628 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:25:13.0868 3628 atapi - ok
08:25:13.0930 3628 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:25:13.0946 3628 b06bdrv - ok
08:25:13.0961 3628 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:25:13.0961 3628 b57nd60x - ok
08:25:13.0993 3628 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
08:25:13.0993 3628 BCM42RLY - ok
08:25:14.0071 3628 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:25:14.0086 3628 BCM43XX - ok
08:25:14.0102 3628 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:25:14.0102 3628 Beep - ok
08:25:14.0133 3628 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:25:14.0133 3628 blbdrive - ok
08:25:14.0180 3628 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:25:14.0180 3628 bowser - ok
08:25:14.0195 3628 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:25:14.0195 3628 BrFiltLo - ok
08:25:14.0211 3628 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:25:14.0211 3628 BrFiltUp - ok
08:25:14.0258 3628 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
08:25:14.0258 3628 BridgeMP - ok
08:25:14.0305 3628 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:25:14.0305 3628 Brserid - ok
08:25:14.0336 3628 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:25:14.0336 3628 BrSerWdm - ok
08:25:14.0351 3628 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:25:14.0351 3628 BrUsbMdm - ok
08:25:14.0383 3628 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:25:14.0383 3628 BrUsbSer - ok
08:25:14.0429 3628 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
08:25:14.0429 3628 BthEnum - ok
08:25:14.0445 3628 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:25:14.0445 3628 BTHMODEM - ok
08:25:14.0476 3628 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
08:25:14.0476 3628 BthPan - ok
08:25:14.0507 3628 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
08:25:14.0507 3628 BTHPORT - ok
08:25:14.0554 3628 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
08:25:14.0554 3628 BTHUSB - ok
08:25:14.0585 3628 btwampfl (f73511fdef84bdccc1bcec4b0cddf03c) C:\Windows\system32\drivers\btwampfl.sys
08:25:14.0585 3628 btwampfl - ok
08:25:14.0632 3628 btwaudio (81ece570471e0589bf488e4b11e6357b) C:\Windows\system32\drivers\btwaudio.sys
08:25:14.0632 3628 btwaudio - ok
08:25:14.0663 3628 btwavdt (c770311b74599378990228e6d732c718) C:\Windows\system32\DRIVERS\btwavdt.sys
08:25:14.0663 3628 btwavdt - ok
08:25:14.0679 3628 btwl2cap (4ddbb2a4d11ebe70da3db4f98e1a0344) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:25:14.0679 3628 btwl2cap - ok
08:25:14.0710 3628 btwrchid (0634f4b7e3f4507c0c49a512ce4d93ff) C:\Windows\system32\DRIVERS\btwrchid.sys
08:25:14.0710 3628 btwrchid - ok
08:25:14.0819 3628 catchme - ok
08:25:14.0866 3628 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:25:14.0866 3628 cdfs - ok
08:25:14.0929 3628 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:25:14.0929 3628 cdrom - ok
08:25:14.0960 3628 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:25:14.0960 3628 circlass - ok
08:25:15.0007 3628 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:25:15.0007 3628 CLFS - ok
08:25:15.0038 3628 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:25:15.0038 3628 CmBatt - ok
08:25:15.0085 3628 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:25:15.0085 3628 cmdide - ok
08:25:15.0131 3628 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
08:25:15.0131 3628 CNG - ok
08:25:15.0147 3628 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:25:15.0147 3628 Compbatt - ok
08:25:15.0209 3628 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:25:15.0209 3628 CompositeBus - ok
08:25:15.0225 3628 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:25:15.0225 3628 crcdisk - ok
08:25:15.0287 3628 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:25:15.0303 3628 CSC - ok
08:25:15.0350 3628 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
08:25:15.0350 3628 CtAudDrv - ok
08:25:15.0381 3628 CtClsFlt (aa52c0b88c46d5037809d05dd826c61e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:25:15.0381 3628 CtClsFlt - ok
08:25:15.0428 3628 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
08:25:15.0428 3628 CVirtA - ok
08:25:15.0475 3628 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
08:25:15.0475 3628 CVPNDRVA - ok
08:25:15.0506 3628 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\Windows\system32\Drivers\cvusbdrv.sys
08:25:15.0506 3628 cvusbdrv - ok
08:25:15.0568 3628 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows\system32\DRIVERS\dc3d.sys
08:25:15.0568 3628 dc3d - ok
08:25:15.0615 3628 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:25:15.0615 3628 DfsC - ok
08:25:15.0631 3628 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:25:15.0631 3628 discache - ok
08:25:15.0677 3628 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:25:15.0677 3628 Disk - ok
08:25:15.0724 3628 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
08:25:15.0724 3628 DNE - ok
08:25:15.0755 3628 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:25:15.0755 3628 drmkaud - ok
08:25:15.0833 3628 DVMIO (7797f0cc249709001819e29dab170eed) D:\Program Files\Dell\Reader 2.1\dvmio.sys
08:25:15.0833 3628 DVMIO - ok
08:25:15.0880 3628 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:25:15.0880 3628 DXGKrnl - ok
08:25:15.0927 3628 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
08:25:15.0927 3628 e1kexpress - ok
08:25:15.0989 3628 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:25:16.0052 3628 ebdrv - ok
08:25:16.0114 3628 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
08:25:16.0114 3628 ElbyCDIO - ok
08:25:16.0130 3628 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:25:16.0145 3628 elxstor - ok
08:25:16.0177 3628 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:25:16.0177 3628 ErrDev - ok
08:25:16.0223 3628 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:25:16.0223 3628 exfat - ok
08:25:16.0255 3628 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:25:16.0270 3628 fastfat - ok
08:25:16.0301 3628 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:25:16.0301 3628 fdc - ok
08:25:16.0317 3628 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:25:16.0317 3628 FileInfo - ok
08:25:16.0348 3628 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:25:16.0348 3628 Filetrace - ok
08:25:16.0379 3628 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:25:16.0379 3628 flpydisk - ok
08:25:16.0395 3628 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:25:16.0395 3628 FltMgr - ok
08:25:16.0426 3628 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:25:16.0426 3628 FsDepends - ok
08:25:16.0442 3628 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:25:16.0442 3628 Fs_Rec - ok
08:25:16.0489 3628 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:25:16.0489 3628 fvevol - ok
08:25:16.0504 3628 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:25:16.0520 3628 gagp30kx - ok
08:25:16.0551 3628 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:25:16.0551 3628 hcw85cir - ok
08:25:16.0598 3628 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:25:16.0598 3628 HDAudBus - ok
08:25:16.0613 3628 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:25:16.0613 3628 HidBatt - ok
08:25:16.0645 3628 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:25:16.0645 3628 HidBth - ok
08:25:16.0660 3628 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:25:16.0660 3628 HidIr - ok
08:25:16.0754 3628 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:25:16.0754 3628 HidUsb - ok
08:25:16.0957 3628 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:25:16.0957 3628 HpSAMD - ok
08:25:16.0988 3628 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:25:16.0988 3628 HTTP - ok
08:25:17.0035 3628 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:25:17.0035 3628 hwpolicy - ok
08:25:17.0050 3628 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:25:17.0050 3628 i8042prt - ok
08:25:17.0113 3628 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
08:25:17.0113 3628 iaStor - ok
08:25:17.0144 3628 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:25:17.0159 3628 iaStorV - ok
08:25:17.0175 3628 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:25:17.0175 3628 iirsp - ok
08:25:17.0206 3628 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys
08:25:17.0222 3628 Impcd - ok
08:25:17.0284 3628 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:25:17.0284 3628 intelide - ok
08:25:17.0315 3628 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:25:17.0315 3628 intelppm - ok
08:25:17.0347 3628 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:25:17.0347 3628 IpFilterDriver - ok
08:25:17.0378 3628 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:25:17.0378 3628 IPMIDRV - ok
08:25:17.0393 3628 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:25:17.0393 3628 IPNAT - ok
08:25:17.0425 3628 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:25:17.0425 3628 IRENUM - ok
08:25:17.0440 3628 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:25:17.0456 3628 isapnp - ok
08:25:17.0471 3628 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:25:17.0471 3628 iScsiPrt - ok
08:25:17.0503 3628 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:25:17.0503 3628 kbdclass - ok
08:25:17.0549 3628 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
08:25:17.0549 3628 kbdhid - ok
08:25:17.0596 3628 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
08:25:17.0596 3628 KSecDD - ok
08:25:17.0612 3628 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
08:25:17.0627 3628 KSecPkg - ok
08:25:17.0659 3628 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:25:17.0659 3628 lltdio - ok
08:25:17.0674 3628 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:25:17.0690 3628 LSI_FC - ok
08:25:17.0705 3628 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:25:17.0705 3628 LSI_SAS - ok
08:25:17.0737 3628 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:25:17.0737 3628 LSI_SAS2 - ok
08:25:17.0752 3628 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:25:17.0752 3628 LSI_SCSI - ok
08:25:17.0799 3628 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:25:17.0799 3628 luafv - ok
08:25:17.0830 3628 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:25:17.0830 3628 megasas - ok
08:25:17.0846 3628 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:25:17.0846 3628 MegaSR - ok
08:25:17.0877 3628 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:25:17.0877 3628 Modem - ok
08:25:17.0908 3628 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:25:17.0908 3628 monitor - ok
08:25:17.0939 3628 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:25:17.0939 3628 mouclass - ok
08:25:17.0971 3628 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:25:17.0971 3628 mouhid - ok
08:25:18.0017 3628 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:25:18.0017 3628 mountmgr - ok
08:25:18.0064 3628 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:25:18.0064 3628 mpio - ok
08:25:18.0080 3628 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:25:18.0095 3628 mpsdrv - ok
08:25:18.0127 3628 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:25:18.0127 3628 MRxDAV - ok
08:25:18.0173 3628 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:25:18.0173 3628 mrxsmb - ok
08:25:18.0220 3628 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:25:18.0220 3628 mrxsmb10 - ok
08:25:18.0236 3628 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:25:18.0236 3628 mrxsmb20 - ok
08:25:18.0267 3628 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:25:18.0267 3628 msahci - ok
08:25:18.0283 3628 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:25:18.0298 3628 msdsm - ok
08:25:18.0329 3628 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:25:18.0329 3628 Msfs - ok
08:25:18.0345 3628 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:25:18.0345 3628 mshidkmdf - ok
08:25:18.0361 3628 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:25:18.0361 3628 msisadrv - ok
08:25:18.0376 3628 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:25:18.0376 3628 MSKSSRV - ok
08:25:18.0392 3628 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:25:18.0392 3628 MSPCLOCK - ok
08:25:18.0407 3628 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:25:18.0407 3628 MSPQM - ok
08:25:18.0423 3628 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:25:18.0423 3628 MsRPC - ok
08:25:18.0439 3628 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:25:18.0439 3628 mssmbios - ok
08:25:18.0454 3628 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:25:18.0454 3628 MSTEE - ok
08:25:18.0470 3628 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:25:18.0470 3628 MTConfig - ok
08:25:18.0501 3628 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:25:18.0501 3628 Mup - ok
08:25:18.0563 3628 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:25:18.0563 3628 NativeWifiP - ok
08:25:18.0610 3628 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:25:18.0626 3628 NDIS - ok
08:25:18.0641 3628 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:25:18.0641 3628 NdisCap - ok
08:25:18.0673 3628 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:25:18.0673 3628 NdisTapi - ok
08:25:18.0719 3628 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:25:18.0719 3628 Ndisuio - ok
08:25:18.0766 3628 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:25:18.0766 3628 NdisWan - ok
08:25:18.0829 3628 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:25:18.0829 3628 NDProxy - ok
08:25:18.0860 3628 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:25:18.0860 3628 NetBIOS - ok
08:25:18.0907 3628 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:25:18.0907 3628 NetBT - ok
08:25:18.0969 3628 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:25:18.0969 3628 nfrd960 - ok
08:25:19.0000 3628 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:25:19.0000 3628 Npfs - ok
08:25:19.0016 3628 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:25:19.0016 3628 nsiproxy - ok
08:25:19.0063 3628 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:25:19.0094 3628 Ntfs - ok
08:25:19.0109 3628 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:25:19.0109 3628 Null - ok
08:25:19.0156 3628 NVHDA (79e97cdae5449a59a4798fc5b006c58f) C:\Windows\system32\drivers\nvhda32v.sys
08:25:19.0156 3628 NVHDA - ok
08:25:19.0328 3628 nvlddmkm (cb6e5b5a946c6a4fca80978080add429) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:25:19.0375 3628 nvlddmkm - ok
08:25:19.0437 3628 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:25:19.0453 3628 nvraid - ok
08:25:19.0484 3628 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:25:19.0499 3628 nvstor - ok
08:25:19.0531 3628 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:25:19.0531 3628 nv_agp - ok
08:25:19.0593 3628 NWADI (fc2a8aaa0f3321f41231ede0af1968ae) C:\Windows\system32\DRIVERS\NWADIenum.sys
08:25:19.0593 3628 NWADI - ok
08:25:19.0655 3628 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
08:25:19.0655 3628 NWUSBCDFIL - ok
08:25:19.0702 3628 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
08:25:19.0702 3628 NWUSBModem - ok
08:25:19.0733 3628 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
08:25:19.0733 3628 NWUSBPort - ok
08:25:19.0765 3628 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys
08:25:19.0780 3628 NWUSBPort2 - ok
08:25:19.0827 3628 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:25:19.0827 3628 ohci1394 - ok
08:25:19.0889 3628 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:25:19.0905 3628 Parport - ok
08:25:19.0936 3628 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:25:19.0936 3628 partmgr - ok
08:25:19.0967 3628 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:25:19.0967 3628 Parvdm - ok
08:25:19.0999 3628 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
08:25:19.0999 3628 PBADRV - ok
08:25:20.0030 3628 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:25:20.0045 3628 pci - ok
08:25:20.0077 3628 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:25:20.0077 3628 pciide - ok
08:25:20.0108 3628 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:25:20.0108 3628 pcmcia - ok
08:25:20.0123 3628 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:25:20.0123 3628 pcw - ok
08:25:20.0155 3628 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:25:20.0170 3628 PEAUTH - ok
08:25:20.0233 3628 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
08:25:20.0233 3628 Point32 - ok
08:25:20.0264 3628 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:25:20.0279 3628 PptpMiniport - ok
08:25:20.0295 3628 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:25:20.0295 3628 Processor - ok
08:25:20.0326 3628 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:25:20.0326 3628 Psched - ok
08:25:20.0373 3628 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:25:20.0389 3628 ql2300 - ok
08:25:20.0420 3628 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:25:20.0420 3628 ql40xx - ok
08:25:20.0435 3628 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:25:20.0435 3628 QWAVEdrv - ok
08:25:20.0467 3628 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:25:20.0482 3628 RasAcd - ok
08:25:20.0513 3628 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:25:20.0513 3628 RasAgileVpn - ok
08:25:20.0529 3628 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:25:20.0529 3628 Rasl2tp - ok
08:25:20.0545 3628 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:25:20.0545 3628 RasPppoe - ok
08:25:20.0560 3628 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:25:20.0560 3628 RasSstp - ok
08:25:20.0607 3628 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:25:20.0623 3628 rdbss - ok
08:25:20.0638 3628 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:25:20.0638 3628 rdpbus - ok
08:25:20.0685 3628 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:25:20.0685 3628 RDPCDD - ok
08:25:20.0732 3628 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:25:20.0732 3628 RDPDR - ok
08:25:20.0747 3628 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:25:20.0763 3628 RDPENCDD - ok
08:25:20.0779 3628 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:25:20.0779 3628 RDPREFMP - ok
08:25:20.0810 3628 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
08:25:20.0825 3628 RDPWD - ok
08:25:20.0872 3628 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:25:20.0872 3628 rdyboost - ok
08:25:20.0903 3628 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
08:25:20.0919 3628 RFCOMM - ok
08:25:20.0950 3628 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
08:25:20.0966 3628 rimspci - ok
08:25:20.0981 3628 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys
08:25:20.0981 3628 risdpcie - ok
08:25:20.0997 3628 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys
08:25:20.0997 3628 rixdpcie - ok
08:25:21.0028 3628 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:25:21.0028 3628 rspndr - ok
08:25:21.0059 3628 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:25:21.0059 3628 s3cap - ok
08:25:21.0122 3628 sbapifs (76dddc213e8259b74978733640703ec1) C:\Windows\system32\DRIVERS\sbapifs.sys
08:25:21.0122 3628 sbapifs - ok
08:25:21.0169 3628 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:25:21.0169 3628 sbp2port - ok
08:25:21.0215 3628 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
08:25:21.0215 3628 SBRE - ok
08:25:21.0262 3628 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
08:25:21.0262 3628 SbTis - ok
08:25:21.0293 3628 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:25:21.0293 3628 scfilter - ok
08:25:21.0340 3628 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:25:21.0340 3628 secdrv - ok
08:25:21.0371 3628 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:25:21.0371 3628 Serenum - ok
08:25:21.0387 3628 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:25:21.0403 3628 Serial - ok
08:25:21.0418 3628 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:25:21.0418 3628 sermouse - ok
08:25:21.0465 3628 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:25:21.0465 3628 sffdisk - ok
08:25:21.0481 3628 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:25:21.0481 3628 sffp_mmc - ok
08:25:21.0512 3628 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:25:21.0512 3628 sffp_sd - ok
08:25:21.0527 3628 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:25:21.0527 3628 sfloppy - ok
08:25:21.0543 3628 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:25:21.0543 3628 sisagp - ok
08:25:21.0574 3628 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:25:21.0574 3628 SiSRaid2 - ok
08:25:21.0605 3628 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:25:21.0605 3628 SiSRaid4 - ok
08:25:21.0637 3628 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:25:21.0637 3628 Smb - ok
08:25:21.0730 3628 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
08:25:21.0730 3628 SMSIVZAM5 - ok
08:25:21.0761 3628 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:25:21.0761 3628 spldr - ok
08:25:21.0824 3628 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:25:21.0824 3628 srv - ok
08:25:21.0855 3628 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:25:21.0855 3628 srv2 - ok
08:25:21.0871 3628 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:25:21.0871 3628 srvnet - ok
08:25:21.0917 3628 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
08:25:21.0917 3628 sscdbus - ok
08:25:21.0949 3628 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
08:25:21.0949 3628 sscdmdfl - ok
08:25:21.0980 3628 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
08:25:21.0980 3628 sscdmdm - ok
08:25:22.0011 3628 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
08:25:22.0011 3628 sscdserd - ok
08:25:22.0073 3628 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\Windows\system32\DRIVERS\stdfltn.sys
08:25:22.0073 3628 stdflt - ok
08:25:22.0089 3628 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:25:22.0089 3628 stexstor - ok
08:25:22.0120 3628 STHDA (698e186ac2df982b2d26428428155de1) C:\Windows\system32\DRIVERS\stwrt.sys
08:25:22.0120 3628 STHDA - ok
08:25:22.0526 3628 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:25:22.0526 3628 storflt - ok
08:25:22.0557 3628 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:25:22.0557 3628 storvsc - ok
08:25:22.0573 3628 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:25:22.0573 3628 swenum - ok
08:25:22.0635 3628 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:25:22.0666 3628 Tcpip - ok
08:25:22.0697 3628 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:25:22.0697 3628 TCPIP6 - ok
08:25:22.0729 3628 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:25:22.0744 3628 tcpipreg - ok
08:25:22.0791 3628 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:25:22.0791 3628 TDPIPE - ok
08:25:22.0822 3628 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
08:25:22.0838 3628 TDTCP - ok
08:25:22.0869 3628 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:25:22.0869 3628 tdx - ok
08:25:22.0947 3628 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:25:22.0963 3628 TermDD - ok
08:25:22.0994 3628 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:25:23.0009 3628 tssecsrv - ok
08:25:23.0041 3628 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:25:23.0056 3628 TsUsbFlt - ok
08:25:23.0103 3628 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:25:23.0103 3628 tunnel - ok
08:25:23.0134 3628 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:25:23.0134 3628 uagp35 - ok
08:25:23.0197 3628 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:25:23.0197 3628 udfs - ok
08:25:23.0212 3628 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:25:23.0212 3628 uliagpkx - ok
08:25:23.0259 3628 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:25:23.0259 3628 umbus - ok
08:25:23.0290 3628 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:25:23.0290 3628 UmPass - ok
08:25:23.0321 3628 usbbus - ok
08:25:23.0353 3628 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:25:23.0353 3628 usbccgp - ok
08:25:23.0384 3628 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:25:23.0399 3628 usbcir - ok
08:25:23.0399 3628 UsbDiag - ok
08:25:23.0431 3628 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
08:25:23.0431 3628 usbehci - ok
08:25:23.0431 3628 UsbGps - ok
08:25:23.0462 3628 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:25:23.0462 3628 usbhub - ok
08:25:23.0477 3628 USBModem - ok
08:25:23.0509 3628 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:25:23.0509 3628 usbohci - ok
08:25:23.0540 3628 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:25:23.0540 3628 usbprint - ok
08:25:23.0555 3628 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:25:23.0555 3628 USBSTOR - ok
08:25:23.0587 3628 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
08:25:23.0587 3628 usbuhci - ok
08:25:23.0602 3628 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
08:25:23.0618 3628 usbvideo - ok
08:25:23.0649 3628 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
08:25:23.0649 3628 usb_rndisx - ok
08:25:23.0711 3628 VBoxDrv (f6d4e8be72d03a6b1a72c12790c51c48) C:\Windows\system32\DRIVERS\VBoxDrv.sys
08:25:23.0711 3628 VBoxDrv - ok
08:25:23.0758 3628 VBoxNetAdp (42934f05ba89f589a34a11e0661c233b) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
08:25:23.0758 3628 VBoxNetAdp - ok
08:25:23.0805 3628 VBoxNetFlt (cbb6f6d2f9a90853f830876967e514c6) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
08:25:23.0805 3628 VBoxNetFlt - ok
08:25:23.0852 3628 VBoxUSB (91981259f50fcb7b19805592429145c3) C:\Windows\system32\Drivers\VBoxUSB.sys
08:25:23.0852 3628 VBoxUSB - ok
08:25:23.0899 3628 VBoxUSBMon (0115e38f398dd71830b522ba28c1b2c5) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
08:25:23.0899 3628 VBoxUSBMon - ok
08:25:23.0930 3628 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
08:25:23.0930 3628 VClone - ok
08:25:23.0977 3628 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:25:23.0977 3628 vdrvroot - ok
08:25:24.0008 3628 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:25:24.0008 3628 vga - ok
08:25:24.0023 3628 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:25:24.0023 3628 VgaSave - ok
08:25:24.0070 3628 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:25:24.0070 3628 vhdmp - ok
08:25:24.0101 3628 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:25:24.0101 3628 viaagp - ok
08:25:24.0117 3628 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:25:24.0133 3628 ViaC7 - ok
08:25:24.0148 3628 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:25:24.0148 3628 viaide - ok
08:25:24.0164 3628 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:25:24.0164 3628 vmbus - ok
08:25:24.0179 3628 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:25:24.0179 3628 VMBusHID - ok
08:25:24.0211 3628 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:25:24.0211 3628 volmgr - ok
08:25:24.0226 3628 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:25:24.0226 3628 volmgrx - ok
08:25:24.0257 3628 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:25:24.0257 3628 volsnap - ok
08:25:24.0304 3628 vpnva (0d8df4058901616a4e716ab67d472581) C:\Windows\system32\DRIVERS\vpnva.sys
08:25:24.0304 3628 vpnva - ok
08:25:24.0320 3628 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:25:24.0335 3628 vsmraid - ok
08:25:24.0351 3628 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
08:25:24.0351 3628 vwifibus - ok
08:25:24.0382 3628 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
08:25:24.0382 3628 vwififlt - ok
08:25:24.0398 3628 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
08:25:24.0398 3628 vwifimp - ok
08:25:24.0429 3628 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:25:24.0429 3628 WacomPen - ok
08:25:24.0476 3628 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:25:24.0476 3628 WANARP - ok
08:25:24.0476 3628 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:25:24.0491 3628 Wanarpv6 - ok
08:25:24.0507 3628 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys
08:25:24.0523 3628 WavxDMgr - ok
08:25:24.0554 3628 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:25:24.0554 3628 Wd - ok
08:25:24.0585 3628 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
08:25:24.0585 3628 WDC_SAM - ok
08:25:24.0601 3628 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:25:24.0601 3628 Wdf01000 - ok
08:25:24.0679 3628 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:25:24.0679 3628 WfpLwf - ok
08:25:24.0694 3628 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:25:24.0694 3628 WIMMount - ok
08:25:24.0772 3628 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:25:24.0772 3628 WinUsb - ok
08:25:24.0819 3628 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:25:24.0819 3628 WmiAcpi - ok
08:25:24.0850 3628 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:25:24.0850 3628 ws2ifsl - ok
08:25:24.0881 3628 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:25:24.0897 3628 WSDPrintDevice - ok
08:25:24.0944 3628 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:25:24.0944 3628 WudfPf - ok
08:25:24.0959 3628 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:25:24.0959 3628 WUDFRd - ok
08:25:25.0006 3628 MBR (0x1B8) (1068d7876c1520e01d21b1b3d7092449) \Device\Harddisk0\DR0
08:25:25.0053 3628 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
08:25:25.0053 3628 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
08:25:25.0053 3628 Boot (0x1200) (64c90ff99073876decf4a85ef2911764) \Device\Harddisk0\DR0\Partition0
08:25:25.0053 3628 \Device\Harddisk0\DR0\Partition0 - ok
08:25:25.0084 3628 Boot (0x1200) (394dcdcad840b70160b9fef6b7076356) \Device\Harddisk0\DR0\Partition1
08:25:25.0084 3628 \Device\Harddisk0\DR0\Partition1 - ok
08:25:25.0100 3628 Boot (0x1200) (a5db428e4f6c5ff59fa48f87c09f7a7a) \Device\Harddisk0\DR0\Partition2
08:25:25.0100 3628 \Device\Harddisk0\DR0\Partition2 - ok
08:25:25.0131 3628 Boot (0x1200) (e2cd7ced5b86d9f633b70d928bf7416a) \Device\Harddisk0\DR0\Partition3
08:25:25.0131 3628 \Device\Harddisk0\DR0\Partition3 - ok
08:25:25.0131 3628 ============================================================
08:25:25.0131 3628 Scan finished
08:25:25.0131 3628 ============================================================
08:25:25.0147 5772 Detected object count: 1
08:25:25.0147 5772 Actual detected object count: 1
08:25:43.0508 5772 \Device\Harddisk0\DR0\# - copied to quarantine
08:25:43.0508 5772 \Device\Harddisk0\DR0 - copied to quarantine
08:25:43.0586 5772 \Device\Harddisk0\DR0 - processing error
08:25:57.0033 5772 \Device\Harddisk0\DR0 - will be restored on reboot
08:25:57.0049 5772 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
08:26:00.0605 5524 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 08:38:28
-----------------------------
08:38:28.686 OS Version: Windows 6.1.7601 Service Pack 1
08:38:28.686 Number of processors: 4 586 0x2505
08:38:28.702 ComputerName: LAPTOP32 UserName: PaulButl
08:38:44.114 Initialize success
08:42:14.075 AVAST engine defs: 12032000
08:42:24.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:42:24.371 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
08:42:24.496 Disk 0 MBR read successfully
08:42:24.496 Disk 0 MBR scan
08:42:24.496 Disk 0 Windows XP default MBR code
08:42:24.496 Disk 0 Partition 1 00 06 FAT16 Dell 8.0 39 MB offset 63
08:42:24.512 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
08:42:24.527 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288156 MB offset 30801920
08:42:24.527 Disk 0 Partition - 00 0F Extended LBA 2044 MB offset 620953600
08:42:24.574 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 2034 MB offset 620955648
08:42:24.605 Disk 0 scanning sectors +625139712
08:42:24.699 Disk 0 scanning C:\Windows\system32\drivers
08:42:35.650 Service scanning
08:42:58.426 Modules scanning
08:43:06.710 Disk 0 trace - called modules:
08:43:06.741 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys
08:43:06.757 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8827f640]
08:43:06.772 3 CLASSPNP.SYS[8bdb359e] -> nt!IofCallDriver -> [0x8827fc70]
08:43:06.788 5 stdfltn.sys[8bfeb70c] -> nt!IofCallDriver -> [0x8671f8a0]
08:43:06.803 7 ACPI.sys[8b68a3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8671d028]
08:43:08.083 AVAST engine scan C:\Windows
08:43:11.281 AVAST engine scan C:\Windows\system32
08:45:52.975 AVAST engine scan C:\Windows\system32\drivers
08:46:05.611 AVAST engine scan C:\Users\PaulButl
08:48:48.085 AVAST engine scan C:\ProgramData
08:49:39.955 Scan finished successfully
08:51:46.362 Disk 0 MBR has been saved successfully to "C:\Users\PaulButl\Desktop\TechSupport\MBR.dat"
08:51:46.362 The log file has been saved successfully to "C:\Users\PaulButl\Desktop\TechSupport\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 21 March 2012 - 12:47 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pbutler0359

pbutler0359
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 March 2012 - 02:52 PM

Here is the new combofix log. The computer is running good and I have not had any browser re-directions.

ComboFix 12-03-20.02 - PaulButl 03/21/2012 15:37:10.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1955 [GMT -4:00]
Running from: c:\users\PaulButl\Desktop\TechSupport\ComboFix.exe
Command switches used :: c:\users\PaulButl\Desktop\TechSupport\CFScript.txt
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PaulButl\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 19:42 . 2012-03-21 19:42 -------- d-----w- c:\users\SVSAdmin\AppData\Local\temp
2012-03-21 19:42 . 2012-03-21 19:42 -------- d-----w- c:\users\pbutler\AppData\Local\temp
2012-03-21 19:42 . 2012-03-21 19:42 -------- d-----w- c:\users\pbutler.SIGMA\AppData\Local\temp
2012-03-21 19:42 . 2012-03-21 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 18:48 . 2012-03-20 18:48 -------- d-----w- c:\users\PaulButl\AppData\Roaming\Malwarebytes
2012-03-20 18:48 . 2012-03-20 18:48 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 18:48 . 2012-03-20 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-20 07:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 07:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 11:24 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-19 11:24 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 11:24 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-19 11:24 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-19 11:24 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-19 11:24 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-19 11:24 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 11:24 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-15 02:12 . 2012-03-15 02:18 -------- d-----w- c:\users\PaulButl\AppData\Local\QuickPar
2012-03-15 02:11 . 2012-03-15 02:11 -------- d-----w- c:\program files\QuickPar
2012-03-07 18:37 . 2012-03-07 18:37 -------- d-----w- c:\users\PaulButl\AppData\Roaming\EDrawings
2012-03-07 18:36 . 2012-03-07 18:36 -------- d-----w- c:\program files\Common Files\eDrawings2012
2012-03-06 11:55 . 2012-03-06 11:55 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 12:37 . 2011-05-10 16:52 0 ----a-w- c:\users\PaulButl\AppData\Local\WavXMapDrive.bat
2012-03-09 18:26 . 2011-05-19 10:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 12:08 . 2011-02-07 18:56 83 ----a-w- C:\MemStickBackup.bat
2012-01-04 08:58 . 2012-02-14 19:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-14 19:41 478720 ----a-w- c:\windows\system32\timedate.cpl
1997-07-22 00:30 1045776 --sha-w- c:\windows\System32\Msjet35.dll
1997-06-23 08:00 123664 --sha-w- c:\windows\System32\Msjint35.dll
1997-06-23 17:06 24848 --sha-w- c:\windows\System32\Msjter35.dll
1997-06-23 17:06 252176 --sha-w- c:\windows\System32\Msrd2x35.dll
1997-06-23 17:06 287504 --sha-w- c:\windows\System32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-02-05 01:41 497664 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-12 288112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13838952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-04-17 92776]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-01 5249024]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-13 160768]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-02-05 91648]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2011-06-23 1336656]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-9-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2792646074-1188336934-1903499489-1156\Scripts\Logon\0\0]
"Script"=\\sbsserver\netlogon\NemLogon1.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2792646074-1188336934-1903499489-1208\Scripts\Logon\0\0]
"Script"=\\sbsserver\netlogon\NemLogon1.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-04-15 05:20 1657448 ------w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PFO Check Settings]
2005-04-17 19:58 57344 ----a-w- c:\windows\pfochk.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [2011-06-23 2804280]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2011-06-23 181584]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-05-23 77968]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2009-12-18 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 174720]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgusbgps.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 111152]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-02-17 33712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-25 81920]
R4 LTService;Solar Valley Solutions Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-02-15 3085840]
R4 LTSvcMon;Solar Valley Solutions Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2011-02-15 90128]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 160560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 44784]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-06-10 74200]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2010-08-20 33832]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 45288]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-27 68200]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 122032]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:27]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://companyweb
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: fenetwork.com
Trusted Zone: firstenergycorp.com
Trusted Zone: solarvalleysolutions.com\upport
TCP: DhcpNameServer = 4.2.2.2
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://contractors.firstenergycorp.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\PaulButl\AppData\Roaming\Mozilla\Firefox\Profiles\uvgvxaqq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - http:www.netvibes.com/#General
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(3956)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\windows\system32\BCMWLCPL.CPL
.
Completion time: 2012-03-21 15:44:24
ComboFix-quarantined-files.txt 2012-03-21 19:44
.
Pre-Run: 152,597,385,216 bytes free
Post-Run: 152,665,595,904 bytes free
.
- - End Of File - - F52502F57C5F8426BAF424D1AF69F607

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 21 March 2012 - 03:00 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 21
JavaFX 2.0.2
JavaFX 2.0.2 SDK
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pbutler0359

pbutler0359
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 21 March 2012 - 03:45 PM

Here are the logs files from MBAM and HiJackThis. The computer is still working good with no noticeable problems or browser redirects.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
PaulButl :: LAPTOP32 [administrator]

3/21/2012 4:33:24 PM
mbam-log-2012-03-21 (16-33-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255334
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:42:01 PM, on 3/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellBtrEvent] D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
O4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Greenshot] "C:\Program Files\Greenshot\Greenshot.exe"
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.fenetwork.com
O15 - Trusted Zone: upport.solarvalleysolutions.com (HKLM)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://vpn04.firstenergycorp.com/+CSCOL+/relayp.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect Secure Mobility Client Web Control) - https://contractors.firstenergycorp.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sigmatech.local
O17 - HKLM\Software\..\Telephony: DomainName = sigmatech.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sigmatech.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sigmatech.local
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\Windows\system32\RioMSC.exe
O23 - Service: VIPRE Enterprise Agent (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

--
End of file - 13053 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 21 March 2012 - 04:38 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
      O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [DellBtrEvent] D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
      O4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
      O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
      O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
      O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Greenshot] "C:\Program Files\Greenshot\Greenshot.exe"
      O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pbutler0359

pbutler0359
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 22 March 2012 - 08:23 AM

I removed the start-up entries and ran the ESET scan. My computer is running great with no noticeable problems or browser redirects. Thank you so much for your help. Below is the ESET Log.

C:\MyData\Downloads\cdbxp_setup_4.3.8.2568.exe Win32/OpenCandy application
C:\MyData\Downloads\Nook\FaceNiff-2.1b.apk Android/HackTool.FaceNiff.A application
C:\MyData\My Downloads\ipscan.exe Win32/NetTool.Portscan.C application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 22 March 2012 - 03:33 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\MyData\Downloads\cdbxp_setup_4.3.8.2568.exe"
    del /f /s /q "C:\MyData\Downloads\Nook\FaceNiff-2.1b.apk"
    del /f /s /q "C:\MyData\My Downloads\ipscan.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pbutler0359

pbutler0359
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 23 March 2012 - 05:48 PM

Thank you so much for all your help. Your work is greatly appreciated. I will be donating in a few days.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 23 March 2012 - 06:32 PM

thank you and you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 AM

Posted 26 March 2012 - 08:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users