Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect to airsplat.com and gimmeanswer.com


  • This topic is locked This topic is locked
30 replies to this topic

#1 wickedtruth

wickedtruth

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 29 March 2012 - 08:04 AM

Hi, I was wondering if someone could help me with this google redirect virus. It also happens when I use the yahoo search engine. I usually get diverted to Happili.com, airsplat.com and gimmeanswers.com. I don't know what to do and I really don't want this problem to progress any further.

I really really need help =[

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 31 March 2012 - 01:54 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wickedtruth

wickedtruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 31 March 2012 - 02:10 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Nae at 12:06:47 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.4339 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.7.254
TCP: Interfaces\{B7BF41A1-B223-45A8-88B4-FDA740C3D6F8} : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{DCCB0681-0F6F-4506-9160-D7AFCB7840E7} : DhcpNameServer = 192.168.7.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nae\AppData\Roaming\Mozilla\Firefox\Profiles\hhdzr77s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Nae\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Nae\AppData\Roaming\Mozilla\Firefox\Profiles\hhdzr77s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Nae\AppData\Roaming\Mozilla\Firefox\Profiles\hhdzr77s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-9-14 98208]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-9-14 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-2-14 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-24 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-24 136176]
S3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-31 19:00:42 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-31 12:11:55 -------- d-----w- C:\Users\Nae\AppData\Local\{21B6CD5C-E5D5-44D5-90A9-900EEA7F5CE6}
2012-03-31 00:11:43 -------- d-----w- C:\Users\Nae\AppData\Local\{1CD8223C-EF62-4A20-B8F9-30F6B6063A31}
2012-03-30 12:11:32 -------- d-----w- C:\Users\Nae\AppData\Local\{9EBA08CE-583D-4233-8E55-515C0DEF9D05}
2012-03-30 00:11:20 -------- d-----w- C:\Users\Nae\AppData\Local\{8BA7D4A1-F5EA-42C9-935E-6EFEE8D58F3B}
2012-03-29 12:45:34 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-29 12:11:04 -------- d-----w- C:\Users\Nae\AppData\Local\{88490B4A-560C-4BAA-BFE9-35C8A8F994B9}
2012-03-29 10:20:33 -------- d--h--w- C:\Windows\msdownld.tmp
2012-03-29 09:47:10 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-29 09:28:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 09:08:41 -------- d-----w- C:\Users\Nae\AppData\Roaming\AVG
2012-03-29 08:23:12 -------- d-----w- C:\Users\Nae\AppData\Roaming\Malwarebytes
2012-03-29 08:23:08 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-29 08:23:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 05:06:22 -------- d-----w- C:\Users\Nae\AppData\Local\{16E28641-8E4E-49C6-8270-EC40929E00CA}
2012-03-28 17:06:10 -------- d-----w- C:\Users\Nae\AppData\Local\{EB44D305-67E2-4861-A959-C4E8FDFD02E8}
2012-03-28 17:05:59 -------- d-----w- C:\Users\Nae\AppData\Local\{3043A666-D985-4F04-BD77-7ADDF1181F8A}
2012-03-28 05:05:46 -------- d-----w- C:\Users\Nae\AppData\Local\{AA2C5B2D-2A9C-4A7E-BDF7-52C1B08A8DE9}
2012-03-28 05:05:34 -------- d-----w- C:\Users\Nae\AppData\Local\{29FA9D4A-3464-4A3C-92E2-3149F9E8C5FB}
2012-03-27 17:05:22 -------- d-----w- C:\Users\Nae\AppData\Local\{4EF1E5B4-2693-4DD3-9A5B-73175BF16770}
2012-03-27 17:05:12 -------- d-----w- C:\Users\Nae\AppData\Local\{F5485ACF-F01B-4C27-BC89-4547BD98FC5E}
2012-03-27 05:05:00 -------- d-----w- C:\Users\Nae\AppData\Local\{201DCCCC-2744-43D8-8C78-39312BB41174}
2012-03-27 05:04:49 -------- d-----w- C:\Users\Nae\AppData\Local\{CBA9441C-1B8C-444F-8BAB-EABA22183F70}
2012-03-26 17:04:37 -------- d-----w- C:\Users\Nae\AppData\Local\{1D798968-9B6C-44D7-940C-DA277B6FE360}
2012-03-26 17:04:26 -------- d-----w- C:\Users\Nae\AppData\Local\{E5E9152E-81D3-4AD7-8CF8-DC64C8A042DF}
2012-03-26 04:12:44 -------- d-----w- C:\Users\Nae\AppData\Local\{673A94F7-796A-43D3-A71F-22538F4FD6D5}
2012-03-26 04:12:33 -------- d-----w- C:\Users\Nae\AppData\Local\{8A503113-699B-4E6A-9B04-759CD44E27D4}
2012-03-17 14:09:23 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 14:09:23 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 09:41:06 -------- d-----w- C:\Users\Nae\AppData\Local\{DCD341F0-F3E0-4CBE-B1CD-F22098AF1F9B}
2012-03-17 09:40:55 -------- d-----w- C:\Users\Nae\AppData\Local\{6C68564D-0048-445F-80B8-83C1BCE2B332}
2012-03-16 21:40:43 -------- d-----w- C:\Users\Nae\AppData\Local\{812309BF-6ACC-4317-B16F-B5710E5FB33E}
2012-03-16 21:40:33 -------- d-----w- C:\Users\Nae\AppData\Local\{4FD947B5-AD76-4633-81EE-808A67216924}
2012-03-16 09:40:20 -------- d-----w- C:\Users\Nae\AppData\Local\{2B857394-753B-4F03-AEFC-944DAB14802A}
2012-03-16 09:40:10 -------- d-----w- C:\Users\Nae\AppData\Local\{08A95079-0690-479E-9182-832331B0C051}
2012-03-15 21:39:57 -------- d-----w- C:\Users\Nae\AppData\Local\{9C34C82F-445F-4D30-9673-1E65F7777FB8}
2012-03-15 21:39:46 -------- d-----w- C:\Users\Nae\AppData\Local\{D8EA550E-2849-4078-BE95-03C43F464683}
2012-03-15 00:02:30 -------- d-----w- C:\Users\Nae\AppData\Local\{BAED66E1-42B7-4954-8609-C234A9061610}
2012-03-15 00:02:17 -------- d-----w- C:\Users\Nae\AppData\Local\{F7CBB23A-EC6B-4A75-9DF3-85E6563A58C0}
2012-03-14 00:50:08 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 00:50:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 00:50:08 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 00:44:30 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 00:44:30 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 00:44:30 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 00:34:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 00:34:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 00:34:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 00:34:04 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 00:34:04 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 00:34:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 00:34:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 00:23:52 -------- d-----w- C:\Users\Nae\AppData\Local\{75CB6B73-0054-402A-A0C5-AC9649139A06}
2012-03-14 00:23:41 -------- d-----w- C:\Users\Nae\AppData\Local\{5CE51956-0212-4C84-AF21-4ADDEE8C34B4}
2012-03-12 22:24:11 -------- d-----w- C:\Users\Nae\AppData\Local\{6F16CC01-AED0-44E0-B45A-158D5F58E87C}
2012-03-12 22:24:00 -------- d-----w- C:\Users\Nae\AppData\Local\{F05D894C-DADC-44AD-8DE0-8FE69116C4FA}
2012-03-12 07:55:55 -------- d-----w- C:\Users\Nae\AppData\Local\{EA308A9C-7477-43D7-8043-77C470722BA9}
2012-03-12 07:55:44 -------- d-----w- C:\Users\Nae\AppData\Local\{438898C9-E84C-40C9-9B7F-40FB03C34E5E}
2012-03-11 19:55:32 -------- d-----w- C:\Users\Nae\AppData\Local\{E11BDCAA-72F4-47DE-9BC0-5F03150D6C4A}
2012-03-11 19:55:21 -------- d-----w- C:\Users\Nae\AppData\Local\{041C1484-240E-4EE1-97C6-708FDDC86FCF}
2012-03-11 03:33:52 -------- d-----w- C:\Users\Nae\AppData\Local\{C66D6288-EF62-40F6-A190-B2F18CD6CFB8}
2012-03-11 03:33:41 -------- d-----w- C:\Users\Nae\AppData\Local\{C4CA7F56-591A-40DC-B51B-464BF0D214C1}
2012-03-10 15:33:29 -------- d-----w- C:\Users\Nae\AppData\Local\{D9025CBC-AF12-4883-9BDD-66F2758C3ED2}
2012-03-10 15:33:18 -------- d-----w- C:\Users\Nae\AppData\Local\{72CB7EDD-F5E9-491C-97F8-1C8D88613867}
2012-03-10 03:33:05 -------- d-----w- C:\Users\Nae\AppData\Local\{279D6A9D-5928-49D2-85BF-89D2C533B7DE}
2012-03-10 03:32:54 -------- d-----w- C:\Users\Nae\AppData\Local\{4A89B6C2-2210-4CE9-AC10-F5AB3DD9AAF2}
2012-03-09 15:32:42 -------- d-----w- C:\Users\Nae\AppData\Local\{1E270A3F-80E7-4C49-B001-322170B3D122}
2012-03-09 15:32:31 -------- d-----w- C:\Users\Nae\AppData\Local\{C6759A09-F62B-45AE-ADAF-80E885F49F29}
2012-03-08 23:09:56 -------- d-----w- C:\Users\Nae\AppData\Local\{4CDC0CAF-4C15-4C0B-B7DF-80FB9DBE816A}
2012-03-08 23:09:46 -------- d-----w- C:\Users\Nae\AppData\Local\{18FBF478-EA1B-4479-BA9E-C18D3DA50EC2}
2012-03-08 23:09:35 -------- d-----w- C:\Users\Nae\AppData\Local\{319AF68D-8E0C-4479-8D9D-46A0416EA363}
2012-03-08 23:09:20 -------- d-----w- C:\Users\Nae\AppData\Local\{DE78D685-6E66-4CE1-BA1D-8A44EA889F7D}
2012-03-08 11:09:07 -------- d-----w- C:\Users\Nae\AppData\Local\{D85F578A-1712-41D6-BC2B-B839E0F23F72}
2012-03-08 11:08:57 -------- d-----w- C:\Users\Nae\AppData\Local\{5BAA3166-CC8A-4486-894C-4E4FEFF8BCBB}
2012-03-07 23:22:33 -------- d-----w- C:\Program Files\iPod
2012-03-07 23:22:32 -------- d-----w- C:\Program Files\iTunes
2012-03-07 23:22:32 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-07 23:08:32 -------- d-----w- C:\Users\Nae\AppData\Local\{166DC258-1A91-49A3-A81A-0291700E5A38}
2012-03-07 23:08:22 -------- d-----w- C:\Users\Nae\AppData\Local\{F92042AE-A146-4F04-A44A-604E35B170E3}
2012-03-07 08:41:20 -------- d-----w- C:\Users\Nae\AppData\Local\{5915025C-F2FD-4D20-927E-3C602F15412B}
2012-03-07 08:41:09 -------- d-----w- C:\Users\Nae\AppData\Local\{610445EB-D821-4DAA-A92A-BDE0EB78A5F7}
2012-03-06 20:40:57 -------- d-----w- C:\Users\Nae\AppData\Local\{0DC08660-57E4-4431-8F37-D95EE21E9468}
2012-03-06 20:40:46 -------- d-----w- C:\Users\Nae\AppData\Local\{8B6CAB24-6AE5-445C-B39B-00457CA52C95}
2012-03-06 03:20:50 -------- d-----w- C:\Users\Nae\AppData\Local\{15D6EF87-0879-47B9-B3B3-1CF6A2CB2C26}
2012-03-06 03:20:35 -------- d-----w- C:\Users\Nae\AppData\Local\{64AE4F3C-8771-46DC-A3A2-1A353FD5B0C2}
2012-03-05 15:20:23 -------- d-----w- C:\Users\Nae\AppData\Local\{D9EB0AD1-9AE5-46AD-87FE-9BE4EBB21801}
2012-03-05 15:20:13 -------- d-----w- C:\Users\Nae\AppData\Local\{C85D9012-C2DD-4FB4-AE22-44ACE98F0FD5}
2012-03-04 22:51:55 -------- d-----w- C:\Users\Nae\AppData\Local\{CC70DB5F-3CBE-41B4-9ACD-8196F1412FD7}
2012-03-04 22:51:44 -------- d-----w- C:\Users\Nae\AppData\Local\{07022B12-9C1C-4A33-A0A0-FEE5CAFA1FDD}
2012-03-04 10:51:31 -------- d-----w- C:\Users\Nae\AppData\Local\{CBF5DA0D-16C0-41B0-A8EE-17A1076E0367}
2012-03-04 10:51:20 -------- d-----w- C:\Users\Nae\AppData\Local\{B5AAB050-8B7B-4085-80FD-9C77C739C6E3}
2012-03-03 22:51:08 -------- d-----w- C:\Users\Nae\AppData\Local\{DDE3BA5C-1FD7-4889-94B5-5E34C85A9562}
2012-03-03 22:50:57 -------- d-----w- C:\Users\Nae\AppData\Local\{8E1D2DBC-EEAD-4390-8009-A9B08F1047AD}
2012-03-02 22:07:04 -------- d-----w- C:\Users\Nae\AppData\Local\{D3B7F07C-22F8-464F-A989-1FF4601107D8}
2012-03-02 22:06:53 -------- d-----w- C:\Users\Nae\AppData\Local\{A6F511EA-6366-4952-8058-398BF9AA6B08}
2012-03-02 13:07:22 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-02 10:06:41 -------- d-----w- C:\Users\Nae\AppData\Local\{F109E861-C913-4ABE-9957-32C616B362EE}
2012-03-02 10:06:30 -------- d-----w- C:\Users\Nae\AppData\Local\{EA08006C-A382-43E0-B16D-4F8E807E0D99}
2012-03-01 22:06:18 -------- d-----w- C:\Users\Nae\AppData\Local\{AB7BE577-825F-4F8E-A399-DF50AD0CBBB5}
2012-03-01 22:06:07 -------- d-----w- C:\Users\Nae\AppData\Local\{A5AA0AA4-0D50-4B1D-94A1-0C839E4E0AE5}
.
==================== Find3M ====================
.
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 12:07:15.98 ===============



No problems occurred while running the program

Attached Files


Edited by wickedtruth, 31 March 2012 - 02:18 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 31 March 2012 - 08:04 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wickedtruth

wickedtruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 01 April 2012 - 02:20 AM

ComboFix 12-03-31.03 - Nae 03/31/2012 23:56:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.4092 [GMT -7:00]
Running from: c:\users\Nae\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Nae\AppData\Roaming\Mozilla\Firefox\Profiles\hhdzr77s.default\searchplugins\bing-zugo.xml
c:\users\Nae\Documents\~WRL0003.tmp
c:\users\Nae\Documents\~WRL0004.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 07:03 . 2012-04-01 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 06:53 . 2012-04-01 07:06 -------- d-----w- C:\32788R22FWJFW
2012-03-31 19:00 . 2012-03-31 19:00 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-29 12:45 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 10:20 . 2012-03-29 10:20 -------- d--h--w- c:\windows\msdownld.tmp
2012-03-29 09:47 . 2012-03-29 09:48 -------- d-----w- c:\programdata\HitmanPro
2012-03-29 09:28 . 2012-03-29 09:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 09:08 . 2012-03-29 09:08 -------- d-----w- c:\users\Nae\AppData\Roaming\AVG
2012-03-29 08:23 . 2012-03-29 08:23 -------- d-----w- c:\users\Nae\AppData\Roaming\Malwarebytes
2012-03-29 08:23 . 2012-03-29 12:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 08:23 . 2012-03-29 08:39 -------- d-----w- c:\programdata\Malwarebytes
2012-03-17 14:09 . 2012-03-17 14:09 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 14:09 . 2012-03-17 14:09 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 00:50 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 00:50 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 00:50 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 00:44 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:44 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 00:44 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:34 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 00:34 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:34 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 00:34 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 00:34 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:34 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-07 23:22 . 2012-03-07 23:22 -------- d-----w- c:\program files\iPod
2012-03-07 23:22 . 2012-03-29 12:59 -------- d-----w- c:\program files (x86)\iTunes
2012-03-07 23:22 . 2012-03-07 23:23 -------- d-----w- c:\program files\iTunes
2012-03-07 23:15 . 2012-03-07 23:15 -------- d-----w- c:\program files (x86)\Safari
2012-03-02 13:07 . 2012-03-02 13:07 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 10:44 . 2012-02-16 19:39 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 19:39 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 19:07 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 04:12]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 04:12]
.
2012-03-29 c:\windows\Tasks\HPCeeScheduleForNae.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\users\Nae\AppData\Roaming\Mozilla\Firefox\Profiles\hhdzr77s.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-04-01 00:10:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 07:10
.
Pre-Run: 461,395,615,744 bytes free
Post-Run: 461,699,661,824 bytes free
.
- - End Of File - - 64AD65DFE12D876215A0C1C713B5E550


After running combofix, my computer restarted itself and when I logged back in the report/log was created. When I went to click on any of my desktop icons or icons that were in my start up tray or accessed from the start menu, I could not open any of them. I had an error that said "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Illegal operation attemtped on a registry key that has been marked for deletion" for everything I tried to open. No, it did not say google chrome every time, but for what ever program I tried to open it was like that. I only got Mozilla Firefox to run by running it as administrator. Was this caused by combofix? And if so, is there any way to fix it? Also I am still being re-directed to the aforementioned sites.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 01 April 2012 - 02:28 AM

Hello wickedtruth

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 wickedtruth

wickedtruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 01 April 2012 - 12:06 PM

10:04:17.0482 2532 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
10:04:17.0980 2532 ============================================================
10:04:17.0980 2532 Current date / time: 2012/04/01 10:04:17.0980
10:04:17.0980 2532 SystemInfo:
10:04:17.0980 2532
10:04:17.0980 2532 OS Version: 6.1.7601 ServicePack: 1.0
10:04:17.0980 2532 Product type: Workstation
10:04:17.0980 2532 ComputerName: NAE-HP
10:04:17.0981 2532 UserName: Nae
10:04:17.0981 2532 Windows directory: C:\Windows
10:04:17.0981 2532 System windows directory: C:\Windows
10:04:17.0981 2532 Running under WOW64
10:04:17.0981 2532 Processor architecture: Intel x64
10:04:17.0981 2532 Number of processors: 4
10:04:17.0981 2532 Page size: 0x1000
10:04:17.0981 2532 Boot type: Normal boot
10:04:17.0981 2532 ============================================================
10:04:18.0264 2532 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:04:18.0268 2532 \Device\Harddisk0\DR0:
10:04:18.0269 2532 MBR used
10:04:18.0269 2532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:04:18.0269 2532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55DFF000
10:04:18.0269 2532 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55E31800, BlocksNum 0x1714000
10:04:18.0319 2532 Initialize success
10:04:18.0319 2532 ============================================================
10:04:33.0374 4508 ============================================================
10:04:33.0374 4508 Scan started
10:04:33.0374 4508 Mode: Manual;
10:04:33.0374 4508 ============================================================
10:04:40.0366 4508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:04:40.0368 4508 1394ohci - ok
10:04:40.0426 4508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:04:40.0427 4508 ACPI - ok
10:04:40.0457 4508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:04:40.0458 4508 AcpiPmi - ok
10:04:40.0491 4508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:04:40.0493 4508 adp94xx - ok
10:04:40.0511 4508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:04:40.0512 4508 adpahci - ok
10:04:40.0539 4508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:04:40.0540 4508 adpu320 - ok
10:04:40.0564 4508 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:04:40.0564 4508 AeLookupSvc - ok
10:04:40.0613 4508 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
10:04:40.0615 4508 AERTFilters - ok
10:04:40.0672 4508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:04:40.0677 4508 AFD - ok
10:04:40.0721 4508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:04:40.0722 4508 agp440 - ok
10:04:40.0749 4508 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:04:40.0752 4508 ALG - ok
10:04:40.0783 4508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:04:40.0784 4508 aliide - ok
10:04:40.0824 4508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:04:40.0825 4508 amdide - ok
10:04:40.0843 4508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:04:40.0844 4508 AmdK8 - ok
10:04:40.0871 4508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:04:40.0871 4508 AmdPPM - ok
10:04:40.0903 4508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:04:40.0904 4508 amdsata - ok
10:04:40.0926 4508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:04:40.0928 4508 amdsbs - ok
10:04:40.0942 4508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:04:40.0943 4508 amdxata - ok
10:04:40.0977 4508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:04:40.0978 4508 AppID - ok
10:04:41.0010 4508 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:04:41.0012 4508 AppIDSvc - ok
10:04:41.0043 4508 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:04:41.0046 4508 Appinfo - ok
10:04:41.0132 4508 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:04:41.0132 4508 Apple Mobile Device - ok
10:04:41.0192 4508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:04:41.0192 4508 arc - ok
10:04:41.0201 4508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:04:41.0201 4508 arcsas - ok
10:04:41.0222 4508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:04:41.0223 4508 AsyncMac - ok
10:04:41.0261 4508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:04:41.0262 4508 atapi - ok
10:04:41.0304 4508 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:04:41.0310 4508 AudioEndpointBuilder - ok
10:04:41.0332 4508 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:04:41.0335 4508 AudioSrv - ok
10:04:41.0471 4508 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
10:04:41.0489 4508 AVGIDSAgent - ok
10:04:41.0527 4508 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:04:41.0528 4508 AVGIDSDriver - ok
10:04:41.0556 4508 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:04:41.0557 4508 AVGIDSEH - ok
10:04:41.0566 4508 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:04:41.0567 4508 AVGIDSFilter - ok
10:04:41.0583 4508 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
10:04:41.0584 4508 Avgldx64 - ok
10:04:41.0596 4508 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:04:41.0597 4508 Avgmfx64 - ok
10:04:41.0613 4508 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:04:41.0613 4508 Avgrkx64 - ok
10:04:41.0660 4508 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
10:04:41.0662 4508 Avgtdia - ok
10:04:41.0683 4508 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:04:41.0684 4508 avgwd - ok
10:04:41.0767 4508 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:04:41.0770 4508 AxInstSV - ok
10:04:41.0810 4508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:04:41.0813 4508 b06bdrv - ok
10:04:41.0839 4508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:04:41.0842 4508 b57nd60a - ok
10:04:41.0956 4508 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:04:41.0957 4508 BBSvc - ok
10:04:41.0989 4508 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:04:41.0992 4508 BDESVC - ok
10:04:42.0006 4508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:04:42.0008 4508 Beep - ok
10:04:42.0058 4508 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:04:42.0065 4508 BFE - ok
10:04:42.0102 4508 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:04:42.0106 4508 BITS - ok
10:04:42.0128 4508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:04:42.0131 4508 blbdrive - ok
10:04:42.0210 4508 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:04:42.0213 4508 Bonjour Service - ok
10:04:42.0254 4508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:04:42.0256 4508 bowser - ok
10:04:42.0281 4508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:04:42.0282 4508 BrFiltLo - ok
10:04:42.0299 4508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:04:42.0300 4508 BrFiltUp - ok
10:04:42.0327 4508 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:04:42.0328 4508 BridgeMP - ok
10:04:42.0366 4508 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:04:42.0367 4508 Browser - ok
10:04:42.0377 4508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:04:42.0402 4508 Brserid - ok
10:04:42.0411 4508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:04:42.0411 4508 BrSerWdm - ok
10:04:42.0418 4508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:04:42.0419 4508 BrUsbMdm - ok
10:04:42.0429 4508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:04:42.0430 4508 BrUsbSer - ok
10:04:42.0466 4508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:04:42.0467 4508 BTHMODEM - ok
10:04:42.0502 4508 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:04:42.0505 4508 bthserv - ok
10:04:42.0529 4508 catchme - ok
10:04:42.0546 4508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:04:42.0549 4508 cdfs - ok
10:04:42.0594 4508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:04:42.0595 4508 cdrom - ok
10:04:42.0634 4508 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:04:42.0637 4508 CertPropSvc - ok
10:04:42.0695 4508 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
10:04:42.0696 4508 CinemaNow Service - ok
10:04:42.0731 4508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:04:42.0740 4508 circlass - ok
10:04:42.0777 4508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:04:42.0779 4508 CLFS - ok
10:04:42.0838 4508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:04:42.0839 4508 clr_optimization_v2.0.50727_32 - ok
10:04:42.0866 4508 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:04:42.0867 4508 clr_optimization_v2.0.50727_64 - ok
10:04:42.0984 4508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:04:42.0986 4508 clr_optimization_v4.0.30319_32 - ok
10:04:43.0039 4508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:04:43.0041 4508 clr_optimization_v4.0.30319_64 - ok
10:04:43.0081 4508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:04:43.0082 4508 CmBatt - ok
10:04:43.0121 4508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:04:43.0122 4508 cmdide - ok
10:04:43.0164 4508 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:04:43.0166 4508 CNG - ok
10:04:43.0174 4508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:04:43.0175 4508 Compbatt - ok
10:04:43.0223 4508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:04:43.0223 4508 CompositeBus - ok
10:04:43.0236 4508 COMSysApp - ok
10:04:43.0258 4508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:04:43.0259 4508 crcdisk - ok
10:04:43.0291 4508 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:04:43.0293 4508 CryptSvc - ok
10:04:43.0391 4508 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:04:43.0395 4508 cvhsvc - ok
10:04:43.0468 4508 dc3d (15c2afd86d8a58354fc100434c78b621) C:\Windows\system32\DRIVERS\dc3d.sys
10:04:43.0470 4508 dc3d - ok
10:04:43.0507 4508 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:04:43.0510 4508 DcomLaunch - ok
10:04:43.0537 4508 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:04:43.0540 4508 defragsvc - ok
10:04:43.0570 4508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:04:43.0574 4508 DfsC - ok
10:04:43.0595 4508 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:04:43.0598 4508 Dhcp - ok
10:04:43.0625 4508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:04:43.0627 4508 discache - ok
10:04:43.0640 4508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:04:43.0641 4508 Disk - ok
10:04:43.0675 4508 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:04:43.0678 4508 Dnscache - ok
10:04:43.0717 4508 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:04:43.0721 4508 dot3svc - ok
10:04:43.0775 4508 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:04:43.0778 4508 Dot4 - ok
10:04:43.0810 4508 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
10:04:43.0811 4508 Dot4Print - ok
10:04:43.0848 4508 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:04:43.0850 4508 dot4usb - ok
10:04:43.0884 4508 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:04:43.0886 4508 DPS - ok
10:04:43.0919 4508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:04:43.0921 4508 drmkaud - ok
10:04:43.0960 4508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:04:43.0964 4508 DXGKrnl - ok
10:04:43.0987 4508 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:04:43.0990 4508 EapHost - ok
10:04:44.0047 4508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:04:44.0060 4508 ebdrv - ok
10:04:44.0100 4508 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:04:44.0101 4508 EFS - ok
10:04:44.0150 4508 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:04:44.0153 4508 ehRecvr - ok
10:04:44.0177 4508 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:04:44.0179 4508 ehSched - ok
10:04:44.0206 4508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:04:44.0209 4508 elxstor - ok
10:04:44.0236 4508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:04:44.0237 4508 ErrDev - ok
10:04:44.0266 4508 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:04:44.0269 4508 EventSystem - ok
10:04:44.0279 4508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:04:44.0281 4508 exfat - ok
10:04:44.0301 4508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:04:44.0304 4508 fastfat - ok
10:04:44.0347 4508 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:04:44.0350 4508 Fax - ok
10:04:44.0359 4508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:04:44.0359 4508 fdc - ok
10:04:44.0393 4508 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:04:44.0400 4508 fdPHost - ok
10:04:44.0415 4508 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:04:44.0417 4508 FDResPub - ok
10:04:44.0435 4508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:04:44.0435 4508 FileInfo - ok
10:04:44.0449 4508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:04:44.0451 4508 Filetrace - ok
10:04:44.0459 4508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:04:44.0460 4508 flpydisk - ok
10:04:44.0506 4508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:04:44.0507 4508 FltMgr - ok
10:04:44.0569 4508 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:04:44.0594 4508 FontCache - ok
10:04:44.0682 4508 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:04:44.0684 4508 FontCache3.0.0.0 - ok
10:04:44.0701 4508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:04:44.0704 4508 FsDepends - ok
10:04:44.0718 4508 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:04:44.0718 4508 Fs_Rec - ok
10:04:44.0764 4508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:04:44.0765 4508 fvevol - ok
10:04:44.0784 4508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:04:44.0785 4508 gagp30kx - ok
10:04:44.0830 4508 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:04:44.0831 4508 GameConsoleService - ok
10:04:44.0860 4508 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:04:44.0861 4508 GEARAspiWDM - ok
10:04:44.0906 4508 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:04:44.0913 4508 gpsvc - ok
10:04:44.0992 4508 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:04:44.0994 4508 gupdate - ok
10:04:45.0032 4508 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:04:45.0032 4508 gupdatem - ok
10:04:45.0070 4508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:04:45.0071 4508 hcw85cir - ok
10:04:45.0116 4508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:04:45.0117 4508 HdAudAddService - ok
10:04:45.0152 4508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:04:45.0153 4508 HDAudBus - ok
10:04:45.0175 4508 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:04:45.0176 4508 HECIx64 - ok
10:04:45.0196 4508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:04:45.0196 4508 HidBatt - ok
10:04:45.0205 4508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:04:45.0206 4508 HidBth - ok
10:04:45.0231 4508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:04:45.0232 4508 HidIr - ok
10:04:45.0250 4508 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:04:45.0252 4508 hidserv - ok
10:04:45.0268 4508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:04:45.0269 4508 HidUsb - ok
10:04:45.0303 4508 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:04:45.0306 4508 hkmsvc - ok
10:04:45.0337 4508 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:04:45.0340 4508 HomeGroupListener - ok
10:04:45.0374 4508 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:04:45.0377 4508 HomeGroupProvider - ok
10:04:45.0503 4508 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:04:45.0504 4508 HP Support Assistant Service - ok
10:04:45.0561 4508 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:04:45.0563 4508 HPDrvMntSvc.exe - ok
10:04:45.0591 4508 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:04:45.0594 4508 hpqwmiex - ok
10:04:45.0678 4508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:04:45.0679 4508 HpSAMD - ok
10:04:45.0795 4508 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:04:45.0800 4508 HPSLPSVC - ok
10:04:45.0848 4508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:04:45.0855 4508 HTTP - ok
10:04:45.0885 4508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:04:45.0886 4508 hwpolicy - ok
10:04:45.0928 4508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:04:45.0929 4508 i8042prt - ok
10:04:45.0955 4508 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
10:04:45.0957 4508 iaStor - ok
10:04:45.0984 4508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:04:45.0986 4508 iaStorV - ok
10:04:46.0077 4508 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:04:46.0081 4508 idsvc - ok
10:04:46.0107 4508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:04:46.0108 4508 iirsp - ok
10:04:46.0157 4508 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:04:46.0165 4508 IKEEXT - ok
10:04:46.0227 4508 IntcAzAudAddService (28ceefbd2c63f91dc17ded3e8d27ecf5) C:\Windows\system32\drivers\RTKVHD64.sys
10:04:46.0235 4508 IntcAzAudAddService - ok
10:04:46.0273 4508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:04:46.0274 4508 intelide - ok
10:04:46.0299 4508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:04:46.0299 4508 intelppm - ok
10:04:46.0326 4508 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:04:46.0329 4508 IPBusEnum - ok
10:04:46.0360 4508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:04:46.0363 4508 IpFilterDriver - ok
10:04:46.0400 4508 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:04:46.0405 4508 iphlpsvc - ok
10:04:46.0440 4508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:04:46.0441 4508 IPMIDRV - ok
10:04:46.0461 4508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:04:46.0464 4508 IPNAT - ok
10:04:46.0531 4508 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
10:04:46.0539 4508 iPod Service - ok
10:04:46.0568 4508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:04:46.0570 4508 IRENUM - ok
10:04:46.0615 4508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:04:46.0616 4508 isapnp - ok
10:04:46.0633 4508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:04:46.0635 4508 iScsiPrt - ok
10:04:46.0663 4508 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
10:04:46.0663 4508 itecir - ok
10:04:46.0702 4508 ITECIRfilter (e5aac07b053d15ba8f67ba7d49c20971) C:\Windows\system32\DRIVERS\ITECIRfilter.sys
10:04:46.0703 4508 ITECIRfilter - ok
10:04:46.0742 4508 JMCR (1ea84fc4df200ff77a823078532123bf) C:\Windows\system32\DRIVERS\jmcr.sys
10:04:46.0743 4508 JMCR - ok
10:04:46.0790 4508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:04:46.0791 4508 kbdclass - ok
10:04:46.0804 4508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:04:46.0807 4508 kbdhid - ok
10:04:46.0830 4508 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:04:46.0831 4508 KeyIso - ok
10:04:46.0844 4508 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:04:46.0845 4508 KSecDD - ok
10:04:46.0860 4508 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:04:46.0861 4508 KSecPkg - ok
10:04:46.0888 4508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:04:46.0889 4508 ksthunk - ok
10:04:46.0918 4508 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:04:46.0923 4508 KtmRm - ok
10:04:46.0974 4508 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:04:46.0977 4508 LanmanServer - ok
10:04:47.0017 4508 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:04:47.0021 4508 LanmanWorkstation - ok
10:04:47.0066 4508 LightScribeService (4b142775dad98274c58f3b5893376c20) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:04:47.0068 4508 LightScribeService - ok
10:04:47.0115 4508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:04:47.0117 4508 lltdio - ok
10:04:47.0146 4508 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:04:47.0150 4508 lltdsvc - ok
10:04:47.0169 4508 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:04:47.0171 4508 lmhosts - ok
10:04:47.0230 4508 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:04:47.0231 4508 LMS - ok
10:04:47.0255 4508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:04:47.0256 4508 LSI_FC - ok
10:04:47.0266 4508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:04:47.0267 4508 LSI_SAS - ok
10:04:47.0276 4508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:04:47.0276 4508 LSI_SAS2 - ok
10:04:47.0286 4508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:04:47.0286 4508 LSI_SCSI - ok
10:04:47.0319 4508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:04:47.0320 4508 luafv - ok
10:04:47.0411 4508 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:04:47.0412 4508 MBAMProtector - ok
10:04:47.0470 4508 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:04:47.0473 4508 MBAMService - ok
10:04:47.0501 4508 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:04:47.0505 4508 Mcx2Svc - ok
10:04:47.0534 4508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:04:47.0535 4508 megasas - ok
10:04:47.0561 4508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:04:47.0563 4508 MegaSR - ok
10:04:47.0588 4508 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:04:47.0591 4508 MMCSS - ok
10:04:47.0620 4508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:04:47.0623 4508 Modem - ok
10:04:47.0644 4508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:04:47.0645 4508 monitor - ok
10:04:47.0693 4508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:04:47.0694 4508 mouclass - ok
10:04:47.0704 4508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:04:47.0705 4508 mouhid - ok
10:04:47.0740 4508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:04:47.0741 4508 mountmgr - ok
10:04:47.0781 4508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:04:47.0782 4508 mpio - ok
10:04:47.0803 4508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:04:47.0805 4508 mpsdrv - ok
10:04:47.0848 4508 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:04:47.0855 4508 MpsSvc - ok
10:04:47.0891 4508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:04:47.0892 4508 MRxDAV - ok
10:04:47.0930 4508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:04:47.0932 4508 mrxsmb - ok
10:04:47.0961 4508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:04:47.0963 4508 mrxsmb10 - ok
10:04:48.0003 4508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:04:48.0006 4508 mrxsmb20 - ok
10:04:48.0035 4508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:04:48.0036 4508 msahci - ok
10:04:48.0068 4508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:04:48.0069 4508 msdsm - ok
10:04:48.0106 4508 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:04:48.0107 4508 MSDTC - ok
10:04:48.0153 4508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:04:48.0154 4508 Msfs - ok
10:04:48.0175 4508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:04:48.0176 4508 mshidkmdf - ok
10:04:48.0198 4508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:04:48.0199 4508 msisadrv - ok
10:04:48.0229 4508 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:04:48.0232 4508 MSiSCSI - ok
10:04:48.0239 4508 msiserver - ok
10:04:48.0272 4508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:04:48.0274 4508 MSKSSRV - ok
10:04:48.0292 4508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:04:48.0294 4508 MSPCLOCK - ok
10:04:48.0303 4508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:04:48.0303 4508 MSPQM - ok
10:04:48.0348 4508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:04:48.0352 4508 MsRPC - ok
10:04:48.0372 4508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:04:48.0373 4508 mssmbios - ok
10:04:48.0406 4508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:04:48.0408 4508 MSTEE - ok
10:04:48.0425 4508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:04:48.0426 4508 MTConfig - ok
10:04:48.0452 4508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:04:48.0453 4508 Mup - ok
10:04:48.0494 4508 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:04:48.0499 4508 napagent - ok
10:04:48.0534 4508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:04:48.0536 4508 NativeWifiP - ok
10:04:48.0589 4508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:04:48.0593 4508 NDIS - ok
10:04:48.0609 4508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:04:48.0611 4508 NdisCap - ok
10:04:48.0642 4508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:04:48.0644 4508 NdisTapi - ok
10:04:48.0687 4508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:04:48.0690 4508 Ndisuio - ok
10:04:48.0727 4508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:04:48.0729 4508 NdisWan - ok
10:04:48.0759 4508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:04:48.0761 4508 NDProxy - ok
10:04:48.0827 4508 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
10:04:48.0830 4508 Net Driver HPZ12 - ok
10:04:48.0865 4508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:04:48.0865 4508 NetBIOS - ok
10:04:48.0894 4508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:04:48.0897 4508 NetBT - ok
10:04:48.0928 4508 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:04:48.0929 4508 Netlogon - ok
10:04:48.0970 4508 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:04:48.0972 4508 Netman - ok
10:04:48.0992 4508 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:04:48.0997 4508 netprofm - ok
10:04:49.0071 4508 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
10:04:49.0075 4508 netr28x - ok
10:04:49.0146 4508 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:04:49.0147 4508 NetTcpPortSharing - ok
10:04:49.0201 4508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:04:49.0202 4508 nfrd960 - ok
10:04:49.0247 4508 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:04:49.0250 4508 NlaSvc - ok
10:04:49.0266 4508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:04:49.0267 4508 Npfs - ok
10:04:49.0281 4508 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:04:49.0283 4508 nsi - ok
10:04:49.0297 4508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:04:49.0298 4508 nsiproxy - ok
10:04:49.0351 4508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:04:49.0358 4508 Ntfs - ok
10:04:49.0420 4508 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
10:04:49.0422 4508 NuidFltr - ok
10:04:49.0442 4508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:04:49.0443 4508 Null - ok
10:04:49.0667 4508 nvlddmkm (8efef6e580b94845a196a368ef5be82a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:04:49.0717 4508 nvlddmkm - ok
10:04:49.0765 4508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:04:49.0766 4508 nvraid - ok
10:04:49.0790 4508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:04:49.0791 4508 nvstor - ok
10:04:49.0836 4508 nvsvc (b8cab9b7d7ae488125700d9991c52cd4) C:\Windows\system32\nvvsvc.exe
10:04:49.0838 4508 nvsvc - ok
10:04:49.0884 4508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:04:49.0885 4508 nv_agp - ok
10:04:49.0917 4508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:04:49.0918 4508 ohci1394 - ok
10:04:49.0980 4508 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:04:49.0982 4508 ose - ok
10:04:50.0101 4508 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:04:50.0169 4508 osppsvc - ok
10:04:50.0237 4508 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:04:50.0241 4508 p2pimsvc - ok
10:04:50.0269 4508 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:04:50.0274 4508 p2psvc - ok
10:04:50.0325 4508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:04:50.0326 4508 Parport - ok
10:04:50.0355 4508 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:04:50.0356 4508 partmgr - ok
10:04:50.0376 4508 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:04:50.0388 4508 PcaSvc - ok
10:04:50.0424 4508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:04:50.0426 4508 pci - ok
10:04:50.0456 4508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:04:50.0457 4508 pciide - ok
10:04:50.0483 4508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:04:50.0484 4508 pcmcia - ok
10:04:50.0502 4508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:04:50.0503 4508 pcw - ok
10:04:50.0525 4508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:04:50.0532 4508 PEAUTH - ok
10:04:50.0589 4508 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:04:50.0590 4508 PerfHost - ok
10:04:50.0654 4508 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:04:50.0680 4508 pla - ok
10:04:50.0716 4508 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:04:50.0721 4508 PlugPlay - ok
10:04:50.0800 4508 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
10:04:50.0803 4508 Pml Driver HPZ12 - ok
10:04:50.0831 4508 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:04:50.0834 4508 PNRPAutoReg - ok
10:04:50.0853 4508 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:04:50.0855 4508 PNRPsvc - ok
10:04:50.0903 4508 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
10:04:50.0905 4508 Point64 - ok
10:04:50.0942 4508 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:04:50.0947 4508 PolicyAgent - ok
10:04:50.0970 4508 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:04:50.0972 4508 Power - ok
10:04:51.0009 4508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:04:51.0011 4508 PptpMiniport - ok
10:04:51.0035 4508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:04:51.0036 4508 Processor - ok
10:04:51.0062 4508 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:04:51.0065 4508 ProfSvc - ok
10:04:51.0092 4508 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:04:51.0093 4508 ProtectedStorage - ok
10:04:51.0133 4508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:04:51.0134 4508 Psched - ok
10:04:51.0172 4508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:04:51.0178 4508 ql2300 - ok
10:04:51.0201 4508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:04:51.0203 4508 ql40xx - ok
10:04:51.0235 4508 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:04:51.0238 4508 QWAVE - ok
10:04:51.0255 4508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:04:51.0256 4508 QWAVEdrv - ok
10:04:51.0275 4508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:04:51.0278 4508 RasAcd - ok
10:04:51.0313 4508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:04:51.0315 4508 RasAgileVpn - ok
10:04:51.0327 4508 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:04:51.0332 4508 RasAuto - ok
10:04:51.0370 4508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:04:51.0373 4508 Rasl2tp - ok
10:04:51.0404 4508 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:04:51.0410 4508 RasMan - ok
10:04:51.0435 4508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:04:51.0438 4508 RasPppoe - ok
10:04:51.0459 4508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:04:51.0462 4508 RasSstp - ok
10:04:51.0500 4508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:04:51.0505 4508 rdbss - ok
10:04:51.0520 4508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:04:51.0521 4508 rdpbus - ok
10:04:51.0543 4508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:04:51.0545 4508 RDPCDD - ok
10:04:51.0574 4508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:04:51.0576 4508 RDPENCDD - ok
10:04:51.0592 4508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:04:51.0594 4508 RDPREFMP - ok
10:04:51.0635 4508 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:04:51.0637 4508 RDPWD - ok
10:04:51.0681 4508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:04:51.0683 4508 rdyboost - ok
10:04:51.0707 4508 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:04:51.0711 4508 RemoteAccess - ok
10:04:51.0742 4508 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:04:51.0745 4508 RemoteRegistry - ok
10:04:51.0765 4508 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:04:51.0768 4508 RpcEptMapper - ok
10:04:51.0801 4508 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:04:51.0802 4508 RpcLocator - ok
10:04:51.0841 4508 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:04:51.0847 4508 RpcSs - ok
10:04:51.0887 4508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:04:51.0889 4508 rspndr - ok
10:04:51.0938 4508 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:04:51.0942 4508 RTL8167 - ok
10:04:51.0974 4508 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:04:51.0976 4508 SamSs - ok
10:04:52.0012 4508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:04:52.0014 4508 sbp2port - ok
10:04:52.0037 4508 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:04:52.0042 4508 SCardSvr - ok
10:04:52.0075 4508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:04:52.0077 4508 scfilter - ok
10:04:52.0130 4508 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:04:52.0141 4508 Schedule - ok
10:04:52.0182 4508 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:04:52.0183 4508 SCPolicySvc - ok
10:04:52.0205 4508 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:04:52.0210 4508 SDRSVC - ok
10:04:52.0292 4508 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:04:52.0295 4508 SeaPort - ok
10:04:52.0380 4508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:04:52.0381 4508 secdrv - ok
10:04:52.0420 4508 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:04:52.0424 4508 seclogon - ok
10:04:52.0456 4508 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:04:52.0460 4508 SENS - ok
10:04:52.0476 4508 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:04:52.0480 4508 SensrSvc - ok
10:04:52.0510 4508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:04:52.0511 4508 Serenum - ok
10:04:52.0535 4508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:04:52.0536 4508 Serial - ok
10:04:52.0585 4508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:04:52.0586 4508 sermouse - ok
10:04:52.0635 4508 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:04:52.0640 4508 SessionEnv - ok
10:04:52.0676 4508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:04:52.0677 4508 sffdisk - ok
10:04:52.0699 4508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:04:52.0700 4508 sffp_mmc - ok
10:04:52.0710 4508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:04:52.0711 4508 sffp_sd - ok
10:04:52.0745 4508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:04:52.0747 4508 sfloppy - ok
10:04:52.0808 4508 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:04:52.0815 4508 Sftfs - ok
10:04:52.0877 4508 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:04:52.0884 4508 sftlist - ok
10:04:52.0920 4508 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:04:52.0923 4508 Sftplay - ok
10:04:52.0952 4508 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:04:52.0953 4508 Sftredir - ok
10:04:52.0986 4508 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:04:52.0987 4508 Sftvol - ok
10:04:53.0048 4508 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:04:53.0051 4508 sftvsa - ok
10:04:53.0084 4508 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:04:53.0090 4508 SharedAccess - ok
10:04:53.0135 4508 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:04:53.0140 4508 ShellHWDetection - ok
10:04:53.0188 4508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:04:53.0190 4508 SiSRaid2 - ok
10:04:53.0209 4508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:04:53.0210 4508 SiSRaid4 - ok
10:04:53.0235 4508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:04:53.0238 4508 Smb - ok
10:04:53.0270 4508 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:04:53.0272 4508 SNMPTRAP - ok
10:04:53.0284 4508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:04:53.0285 4508 spldr - ok
10:04:53.0326 4508 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:04:53.0333 4508 Spooler - ok
10:04:53.0417 4508 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:04:53.0485 4508 sppsvc - ok
10:04:53.0542 4508 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:04:53.0547 4508 sppuinotify - ok
10:04:53.0610 4508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:04:53.0617 4508 srv - ok
10:04:53.0657 4508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:04:53.0663 4508 srv2 - ok
10:04:53.0684 4508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:04:53.0687 4508 srvnet - ok
10:04:53.0727 4508 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:04:53.0730 4508 SSDPSRV - ok
10:04:53.0746 4508 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:04:53.0750 4508 SstpSvc - ok
10:04:53.0774 4508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:04:53.0775 4508 stexstor - ok
10:04:53.0818 4508 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:04:53.0820 4508 StillCam - ok
10:04:53.0863 4508 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:04:53.0874 4508 stisvc - ok
10:04:53.0923 4508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:04:53.0924 4508 swenum - ok
10:04:53.0957 4508 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:04:53.0966 4508 swprv - ok
10:04:54.0055 4508 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:04:54.0091 4508 SysMain - ok
10:04:54.0130 4508 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:04:54.0134 4508 TabletInputService - ok
10:04:54.0155 4508 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:04:54.0159 4508 TapiSrv - ok
10:04:54.0180 4508 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:04:54.0182 4508 TBS - ok
10:04:54.0246 4508 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:04:54.0258 4508 Tcpip - ok
10:04:54.0304 4508 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:04:54.0316 4508 TCPIP6 - ok
10:04:54.0362 4508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:04:54.0363 4508 tcpipreg - ok
10:04:54.0392 4508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:04:54.0394 4508 TDPIPE - ok
10:04:54.0421 4508 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:04:54.0421 4508 TDTCP - ok
10:04:54.0477 4508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:04:54.0478 4508 tdx - ok
10:04:54.0508 4508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:04:54.0509 4508 TermDD - ok
10:04:54.0538 4508 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:04:54.0546 4508 TermService - ok
10:04:54.0572 4508 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:04:54.0575 4508 Themes - ok
10:04:54.0597 4508 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:04:54.0599 4508 THREADORDER - ok
10:04:54.0631 4508 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:04:54.0636 4508 TrkWks - ok
10:04:54.0693 4508 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:04:54.0697 4508 TrustedInstaller - ok
10:04:54.0732 4508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:04:54.0734 4508 tssecsrv - ok
10:04:54.0784 4508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:04:54.0787 4508 TsUsbFlt - ok
10:04:54.0838 4508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:04:54.0841 4508 tunnel - ok
10:04:54.0867 4508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:04:54.0869 4508 uagp35 - ok
10:04:54.0901 4508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:04:54.0906 4508 udfs - ok
10:04:54.0939 4508 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:04:54.0942 4508 UI0Detect - ok
10:04:54.0989 4508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:04:54.0990 4508 uliagpkx - ok
10:04:55.0036 4508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:04:55.0037 4508 umbus - ok
10:04:55.0064 4508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:04:55.0065 4508 UmPass - ok
10:04:55.0095 4508 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:04:55.0102 4508 upnphost - ok
10:04:55.0144 4508 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:04:55.0145 4508 USBAAPL64 - ok
10:04:55.0191 4508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:04:55.0193 4508 usbaudio - ok
10:04:55.0224 4508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:04:55.0227 4508 usbccgp - ok
10:04:55.0278 4508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:04:55.0280 4508 usbcir - ok
10:04:55.0304 4508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:04:55.0306 4508 usbehci - ok
10:04:55.0330 4508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:04:55.0335 4508 usbhub - ok
10:04:55.0352 4508 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:04:55.0353 4508 usbohci - ok
10:04:55.0415 4508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:04:55.0417 4508 usbprint - ok
10:04:55.0447 4508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:04:55.0449 4508 usbscan - ok
10:04:55.0488 4508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:04:55.0489 4508 USBSTOR - ok
10:04:55.0523 4508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:04:55.0525 4508 usbuhci - ok
10:04:55.0553 4508 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:04:55.0557 4508 usbvideo - ok
10:04:55.0577 4508 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:04:55.0581 4508 UxSms - ok
10:04:55.0612 4508 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:04:55.0614 4508 VaultSvc - ok
10:04:55.0665 4508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:04:55.0666 4508 vdrvroot - ok
10:04:55.0706 4508 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:04:55.0715 4508 vds - ok
10:04:55.0742 4508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:04:55.0744 4508 vga - ok
10:04:55.0761 4508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:04:55.0762 4508 VgaSave - ok
10:04:55.0791 4508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:04:55.0794 4508 vhdmp - ok
10:04:55.0827 4508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:04:55.0829 4508 viaide - ok
10:04:55.0874 4508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:04:55.0876 4508 volmgr - ok
10:04:55.0921 4508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:04:55.0924 4508 volmgrx - ok
10:04:55.0948 4508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:04:55.0951 4508 volsnap - ok
10:04:55.0997 4508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:04:55.0999 4508 vsmraid - ok
10:04:56.0078 4508 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:04:56.0129 4508 VSS - ok
10:04:56.0150 4508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:04:56.0152 4508 vwifibus - ok
10:04:56.0174 4508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:04:56.0176 4508 vwififlt - ok
10:04:56.0206 4508 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:04:56.0213 4508 W32Time - ok
10:04:56.0238 4508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:04:56.0239 4508 WacomPen - ok
10:04:56.0290 4508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:04:56.0293 4508 WANARP - ok
10:04:56.0298 4508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:04:56.0300 4508 Wanarpv6 - ok
10:04:56.0350 4508 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:04:56.0361 4508 WatAdminSvc - ok
10:04:56.0419 4508 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:04:56.0454 4508 wbengine - ok
10:04:56.0485 4508 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:04:56.0491 4508 WbioSrvc - ok
10:04:56.0532 4508 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:04:56.0540 4508 wcncsvc - ok
10:04:56.0556 4508 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:04:56.0560 4508 WcsPlugInService - ok
10:04:56.0590 4508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:04:56.0591 4508 Wd - ok
10:04:56.0621 4508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:04:56.0626 4508 Wdf01000 - ok
10:04:56.0653 4508 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:04:56.0657 4508 WdiServiceHost - ok
10:04:56.0662 4508 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:04:56.0665 4508 WdiSystemHost - ok
10:04:56.0704 4508 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:04:56.0710 4508 WebClient - ok
10:04:56.0730 4508 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:04:56.0737 4508 Wecsvc - ok
10:04:56.0755 4508 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:04:56.0759 4508 wercplsupport - ok
10:04:56.0828 4508 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:04:56.0833 4508 WerSvc - ok
10:04:56.0873 4508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:04:56.0875 4508 WfpLwf - ok
10:04:56.0893 4508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:04:56.0895 4508 WIMMount - ok
10:04:56.0916 4508 WinDefend - ok
10:04:56.0922 4508 WinHttpAutoProxySvc - ok
10:04:56.0960 4508 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:04:56.0964 4508 Winmgmt - ok
10:04:57.0032 4508 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:04:57.0069 4508 WinRM - ok
10:04:57.0176 4508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:04:57.0178 4508 WinUsb - ok
10:04:57.0224 4508 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:04:57.0239 4508 Wlansvc - ok
10:04:57.0309 4508 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:04:57.0311 4508 wlcrasvc - ok
10:04:57.0418 4508 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:04:57.0430 4508 wlidsvc - ok
10:04:57.0514 4508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:04:57.0515 4508 WmiAcpi - ok
10:04:57.0568 4508 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:04:57.0572 4508 wmiApSrv - ok
10:04:57.0599 4508 WMPNetworkSvc - ok
10:04:57.0665 4508 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:04:57.0669 4508 WPCSvc - ok
10:04:57.0699 4508 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:04:57.0704 4508 WPDBusEnum - ok
10:04:57.0736 4508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:04:57.0738 4508 ws2ifsl - ok
10:04:57.0752 4508 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:04:57.0756 4508 wscsvc - ok
10:04:57.0799 4508 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:04:57.0801 4508 WSDPrintDevice - ok
10:04:57.0809 4508 WSearch - ok
10:04:57.0885 4508 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:04:57.0937 4508 wuauserv - ok
10:04:58.0014 4508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:04:58.0016 4508 WudfPf - ok
10:04:58.0047 4508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:04:58.0050 4508 WUDFRd - ok
10:04:58.0081 4508 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:04:58.0092 4508 wudfsvc - ok
10:04:58.0132 4508 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:04:58.0139 4508 WwanSvc - ok
10:04:58.0163 4508 MBR (0x1B8) (6c4ea2338784bdda090e36e278e721c8) \Device\Harddisk0\DR0
10:04:58.0313 4508 \Device\Harddisk0\DR0 - ok
10:04:58.0318 4508 Boot (0x1200) (5220b4f4a4e77053a539ce986af4a47c) \Device\Harddisk0\DR0\Partition0
10:04:58.0320 4508 \Device\Harddisk0\DR0\Partition0 - ok
10:04:58.0482 4508 Boot (0x1200) (bcbed19b5a68a2c4504a5cd879392d63) \Device\Harddisk0\DR0\Partition1
10:04:58.0484 4508 \Device\Harddisk0\DR0\Partition1 - ok
10:04:58.0506 4508 Boot (0x1200) (703551771bafbeed5bd8a2c464d88d95) \Device\Harddisk0\DR0\Partition2
10:04:58.0508 4508 \Device\Harddisk0\DR0\Partition2 - ok
10:04:58.0508 4508 ============================================================
10:04:58.0509 4508 Scan finished
10:04:58.0509 4508 ============================================================
10:04:58.0520 3668 Detected object count: 0
10:04:58.0520 3668 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 10:07:19
-----------------------------
10:07:19.362 OS Version: Windows x64 6.1.7601 Service Pack 1
10:07:19.362 Number of processors: 4 586 0x2502
10:07:19.363 ComputerName: NAE-HP UserName: Nae
10:07:21.853 Initialize success
10:15:54.139 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:15:54.142 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 3
10:15:54.154 Disk 0 MBR read successfully
10:15:54.156 Disk 0 MBR scan
10:15:54.158 Disk 0 unknown MBR code
10:15:54.172 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:15:54.180 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 703486 MB offset 206848
10:15:54.204 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11816 MB offset 1440946176
10:15:54.238 Disk 0 scanning C:\Windows\system32\drivers
10:16:07.381 Service scanning
10:16:37.015 Modules scanning
10:16:37.027 Disk 0 trace - called modules:
10:16:37.148 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:16:37.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800653a060]
10:16:37.159 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061fb050]
10:16:37.163 Scan finished successfully
10:16:51.676 Disk 0 MBR has been saved successfully to "C:\Users\Nae\Documents\MBR.dat"
10:16:51.679 The log file has been saved successfully to "C:\Users\Nae\Documents\aswMBR.txt"



After running both of these programs there was no change in the state of my computer. I am still being redirected, the only difference is that now I can see at the top of the page where it tells me I am being redirected (not entirely sure if its always done that or if I am just now noticing it). I still cannot open anything accessed from my start menu or desktop (which is every program or document on my computer) without getting an "Illegal operation attempted on a registry key that has been marked for deletion" message. I noticed there was no response to that particular concern, is that not important right now? Because I could not open the log the Avast software created for me until I saved it onto a flashdrive so that I could open it on a separate device to post it here.

Edited by wickedtruth, 01 April 2012 - 01:02 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 01 April 2012 - 12:15 PM

Hello wickedtruth


That looks good so far, let me have the aswMBR report when it is complete


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wickedtruth

wickedtruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 01 April 2012 - 01:15 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 10:07:19
-----------------------------
10:07:19.362 OS Version: Windows x64 6.1.7601 Service Pack 1
10:07:19.362 Number of processors: 4 586 0x2502
10:07:19.363 ComputerName: NAE-HP UserName: Nae
10:07:21.853 Initialize success
10:15:54.139 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:15:54.142 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 3
10:15:54.154 Disk 0 MBR read successfully
10:15:54.156 Disk 0 MBR scan
10:15:54.158 Disk 0 unknown MBR code
10:15:54.172 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:15:54.180 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 703486 MB offset 206848
10:15:54.204 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11816 MB offset 1440946176
10:15:54.238 Disk 0 scanning C:\Windows\system32\drivers
10:16:07.381 Service scanning
10:16:37.015 Modules scanning
10:16:37.027 Disk 0 trace - called modules:
10:16:37.148 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:16:37.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800653a060]
10:16:37.159 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061fb050]
10:16:37.163 Scan finished successfully
10:16:51.676 Disk 0 MBR has been saved successfully to "C:\Users\Nae\Documents\MBR.dat"
10:16:51.679 The log file has been saved successfully to "C:\Users\Nae\Documents\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 01 April 2012 - 04:40 PM

Hello


.

I still cannot open anything accessed from my start menu or desktop (which is every program or document on my computer) without getting an "Illegal operation attempted on a registry key that has been marked for deletion" message. I noticed there was no response to that particular concern, is that not important right now? Because I could not open the log the Avast software created for me until I saved it onto a flashdrive so that I could open it on a separate device to post it here.



I need you to reread all of post 4 and pay attention to where is says note 2

then please please reread post 6 and you will see the very first thing I addressed was that issue

If you are going to go thru and read only the parts of my post that you want to we will be here a very long time and may end up with a big paper weight .


and now for the third time

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer


let me know when you have restarted the computer and how things are doing
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 wickedtruth

wickedtruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 01 April 2012 - 06:15 PM

Yikes! >.< Definitely missed that part all three times. Sorry. I've read note 2 and restarted the computer, things are working fine now =]

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 01 April 2012 - 06:34 PM

Hello


No problem>


Are you still getting redirected?

which browsers does this happen in?

does this happen in all browsers?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 wickedtruth

wickedtruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 01 April 2012 - 08:50 PM

Yes I am stiill being redirected in my Mozilla browser, I have not checked my other browsers ( chrome, safari and Internet explorer). I'll check right now

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:29 AM

Posted 01 April 2012 - 09:42 PM

Ok let me know so I can decide at what i want to do


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 wickedtruth

wickedtruth
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:29 AM

Posted 02 April 2012 - 01:18 AM

Okay, so it happens in GoogleChrome, Mozilla, and in Internet Explorer. It did not happen in Safari. It doesn't happen for every single thing I click on anymore though, but certain links still take me to happilli.com.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users