Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get rid of a browser redirect virus.


  • Please log in to reply
9 replies to this topic

#1 nmh5090

nmh5090

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 28 September 2012 - 12:17 PM

Hello,

For about the past two weeks, 60% of all the search engine listings I try clicking on will take me to different sites. I usually open links in new tabs, and the tab will say "Redirect".

I tried both quick and full system scans with Malewarebytes. A quick scan revealed nothing, but the full scan found something called RootKit. I clicked the clean or delete option, restarted my computer, and tested Google to see if it had worked, but nothing was different.

I updated Avira AntiVir Personal and then did a full system scan on that. There were 24 detections, but in the menu that popped up, only 3 were marked to be quarantined.

Here is part of the log from that scan:

Starting the file scan:

Begin scan in 'C:\'
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\53692894-65c8bc16
[0] Archive type: ZIP
--> pka.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IM Java virus
--> d.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
--> e.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
--> f.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
--> h.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.N Java virus
--> b.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
--> g.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
--> a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\31a45832-1553da2a
[0] Archive type: ZIP
--> pka.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IM Java virus
--> d.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
--> e.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
--> f.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
--> h.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.N Java virus
--> b.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
--> g.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
--> a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\754ee97b-5b65c332
[0] Archive type: ZIP
--> pka.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IM Java virus
--> d.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.M Java virus
--> e.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IJ Java virus
--> f.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-4681.A.149 exploit
--> h.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Badorg.N Java virus
--> b.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Trea.ES.1 Java virus
--> g.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.EO Java virus
--> a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\754ee97b-5b65c332
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
[NOTE] The file was moved to the quarantine directory under the name '56f338c3.qua'.
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\31a45832-1553da2a
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
[NOTE] The file was moved to the quarantine directory under the name '4e3b1760.qua'.
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\53692894-65c8bc16
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.IK Java virus
[NOTE] The file was moved to the quarantine directory under the name '1c394d8a.qua'.


I have no idea how to fix this; any help is very much appreciated. Thank you.


** I just realized I posted this on the wrong board... sorry about that!

Edit: Moved topic from Vista to the more appropriate forum at the recommendation of staff. ~ Animal

Edited by Animal, 28 September 2012 - 02:15 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:51 PM

Posted 28 September 2012 - 12:44 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 nmh5090

nmh5090
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 28 September 2012 - 10:39 PM

TDSSkiller
15:45:22.0067 0552 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:45:22.0695 0552 ============================================================
15:45:22.0695 0552 Current date / time: 2012/09/28 15:45:22.0695
15:45:22.0695 0552 SystemInfo:
15:45:22.0695 0552
15:45:22.0696 0552 OS Version: 6.0.6002 ServicePack: 2.0
15:45:22.0696 0552 Product type: Workstation
15:45:22.0696 0552 ComputerName: NICOLE-PC
15:45:22.0696 0552 UserName: Nicole
15:45:22.0696 0552 Windows directory: C:\Windows
15:45:22.0696 0552 System windows directory: C:\Windows
15:45:22.0696 0552 Processor architecture: Intel x86
15:45:22.0696 0552 Number of processors: 2
15:45:22.0696 0552 Page size: 0x1000
15:45:22.0696 0552 Boot type: Normal boot
15:45:22.0696 0552 ============================================================
15:45:24.0563 0552 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:45:24.0565 0552 ============================================================
15:45:24.0565 0552 \Device\Harddisk0\DR0:
15:45:24.0579 0552 MBR partitions:
15:45:24.0579 0552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x14E5C15
15:45:24.0579 0552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14E5C54, BlocksNum 0x11532E6D
15:45:24.0579 0552 ============================================================
15:45:24.0614 0552 C: <-> \Device\Harddisk0\DR0\Partition2
15:45:24.0639 0552 D: <-> \Device\Harddisk0\DR0\Partition1
15:45:24.0639 0552 ============================================================
15:45:24.0639 0552 Initialize success
15:45:24.0639 0552 ============================================================
15:46:39.0603 0852 ============================================================
15:46:39.0603 0852 Scan started
15:46:39.0603 0852 Mode: Manual; TDLFS;
15:46:39.0603 0852 ============================================================
15:46:40.0054 0852 ================ Scan system memory ========================
15:46:40.0054 0852 System memory - ok
15:46:40.0055 0852 ================ Scan services =============================
15:46:40.0271 0852 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:46:40.0273 0852 ACPI - ok
15:46:40.0374 0852 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:46:40.0392 0852 AdobeARMservice - ok
15:46:40.0444 0852 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:46:40.0474 0852 adp94xx - ok
15:46:40.0505 0852 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:46:40.0516 0852 adpahci - ok
15:46:40.0537 0852 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:46:40.0558 0852 adpu160m - ok
15:46:40.0582 0852 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:46:40.0593 0852 adpu320 - ok
15:46:40.0634 0852 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:46:40.0635 0852 AeLookupSvc - ok
15:46:40.0685 0852 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:46:40.0698 0852 AFD - ok
15:46:40.0740 0852 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:46:40.0747 0852 agp440 - ok
15:46:40.0775 0852 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:46:40.0782 0852 aic78xx - ok
15:46:40.0814 0852 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:46:40.0841 0852 ALG - ok
15:46:40.0863 0852 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
15:46:40.0868 0852 aliide - ok
15:46:40.0888 0852 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:46:40.0908 0852 amdagp - ok
15:46:40.0923 0852 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
15:46:40.0937 0852 amdide - ok
15:46:40.0966 0852 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:46:40.0972 0852 AmdK7 - ok
15:46:40.0987 0852 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:46:40.0995 0852 AmdK8 - ok
15:46:41.0057 0852 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:46:41.0059 0852 AntiVirSchedulerService - ok
15:46:41.0086 0852 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:46:41.0088 0852 AntiVirService - ok
15:46:41.0133 0852 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:46:41.0134 0852 Appinfo - ok
15:46:41.0165 0852 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
15:46:41.0190 0852 arc - ok
15:46:41.0216 0852 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:46:41.0314 0852 arcsas - ok
15:46:41.0354 0852 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:41.0359 0852 AsyncMac - ok
15:46:41.0395 0852 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:46:41.0395 0852 atapi - ok
15:46:41.0451 0852 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:46:41.0455 0852 AudioEndpointBuilder - ok
15:46:41.0466 0852 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:46:41.0468 0852 Audiosrv - ok
15:46:41.0499 0852 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:46:41.0500 0852 avgntflt - ok
15:46:41.0538 0852 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:46:41.0539 0852 avipbb - ok
15:46:41.0587 0852 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:46:41.0591 0852 Beep - ok
15:46:41.0638 0852 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:46:41.0642 0852 BFE - ok
15:46:41.0696 0852 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:46:41.0711 0852 BITS - ok
15:46:41.0717 0852 blbdrive - ok
15:46:41.0785 0852 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:46:41.0803 0852 Bonjour Service - ok
15:46:41.0863 0852 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:46:41.0890 0852 bowser - ok
15:46:41.0927 0852 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:46:41.0931 0852 BrFiltLo - ok
15:46:41.0945 0852 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:46:41.0963 0852 BrFiltUp - ok
15:46:41.0988 0852 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:46:41.0989 0852 Browser - ok
15:46:42.0015 0852 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:46:42.0022 0852 Brserid - ok
15:46:42.0055 0852 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:46:42.0060 0852 BrSerWdm - ok
15:46:42.0087 0852 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:46:42.0090 0852 BrUsbMdm - ok
15:46:42.0097 0852 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:46:42.0102 0852 BrUsbSer - ok
15:46:42.0113 0852 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:46:42.0119 0852 BTHMODEM - ok
15:46:42.0154 0852 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:46:42.0174 0852 cdfs - ok
15:46:42.0206 0852 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:46:42.0213 0852 cdrom - ok
15:46:42.0264 0852 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:46:42.0265 0852 CertPropSvc - ok
15:46:42.0294 0852 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
15:46:42.0299 0852 circlass - ok
15:46:42.0333 0852 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:46:42.0359 0852 CLFS - ok
15:46:42.0419 0852 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:42.0429 0852 clr_optimization_v2.0.50727_32 - ok
15:46:42.0503 0852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:46:42.0531 0852 clr_optimization_v4.0.30319_32 - ok
15:46:42.0572 0852 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:42.0576 0852 CmBatt - ok
15:46:42.0602 0852 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:46:42.0620 0852 cmdide - ok
15:46:42.0651 0852 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:46:42.0657 0852 Compbatt - ok
15:46:42.0664 0852 COMSysApp - ok
15:46:42.0673 0852 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:46:42.0699 0852 crcdisk - ok
15:46:42.0715 0852 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:46:42.0721 0852 Crusoe - ok
15:46:42.0759 0852 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:46:42.0761 0852 CryptSvc - ok
15:46:42.0824 0852 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:46:42.0830 0852 DcomLaunch - ok
15:46:42.0865 0852 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:46:42.0892 0852 DfsC - ok
15:46:42.0988 0852 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:46:43.0025 0852 DFSR - ok
15:46:43.0093 0852 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:46:43.0096 0852 Dhcp - ok
15:46:43.0138 0852 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:46:43.0160 0852 disk - ok
15:46:43.0202 0852 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:46:43.0204 0852 Dnscache - ok
15:46:43.0237 0852 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:46:43.0250 0852 dot3svc - ok
15:46:43.0294 0852 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:46:43.0301 0852 Dot4 - ok
15:46:43.0326 0852 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:46:43.0330 0852 Dot4Print - ok
15:46:43.0342 0852 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:46:43.0348 0852 dot4usb - ok
15:46:43.0388 0852 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:46:43.0390 0852 DPS - ok
15:46:43.0433 0852 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:46:43.0434 0852 drmkaud - ok
15:46:43.0472 0852 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:46:43.0488 0852 DXGKrnl - ok
15:46:43.0527 0852 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:46:43.0534 0852 E1G60 - ok
15:46:43.0573 0852 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:46:43.0575 0852 EapHost - ok
15:46:43.0635 0852 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:46:43.0647 0852 Ecache - ok
15:46:43.0703 0852 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:46:43.0707 0852 ehRecvr - ok
15:46:43.0739 0852 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:46:43.0741 0852 ehSched - ok
15:46:43.0757 0852 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:46:43.0763 0852 ehstart - ok
15:46:43.0797 0852 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
15:46:43.0803 0852 ElbyCDIO - ok
15:46:43.0844 0852 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:46:43.0876 0852 elxstor - ok
15:46:43.0937 0852 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:46:43.0946 0852 EMDMgmt - ok
15:46:43.0981 0852 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:46:43.0985 0852 EventSystem - ok
15:46:44.0030 0852 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:46:44.0055 0852 exfat - ok
15:46:44.0086 0852 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:46:44.0108 0852 fastfat - ok
15:46:44.0150 0852 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:46:44.0155 0852 fdc - ok
15:46:44.0184 0852 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:46:44.0190 0852 fdPHost - ok
15:46:44.0213 0852 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:46:44.0220 0852 FDResPub - ok
15:46:44.0262 0852 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:46:44.0269 0852 FileInfo - ok
15:46:44.0302 0852 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:46:44.0328 0852 Filetrace - ok
15:46:44.0349 0852 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:44.0374 0852 flpydisk - ok
15:46:44.0408 0852 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:46:44.0434 0852 FltMgr - ok
15:46:44.0505 0852 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:46:44.0545 0852 FontCache - ok
15:46:44.0617 0852 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:46:44.0626 0852 FontCache3.0.0.0 - ok
15:46:44.0660 0852 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:46:44.0664 0852 Fs_Rec - ok
15:46:44.0688 0852 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:46:44.0695 0852 gagp30kx - ok
15:46:44.0709 0852 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:44.0715 0852 GEARAspiWDM - ok
15:46:44.0774 0852 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:46:44.0797 0852 gpsvc - ok
15:46:44.0913 0852 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:46:45.0151 0852 HdAudAddService - ok
15:46:45.0203 0852 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:46:45.0218 0852 HDAudBus - ok
15:46:45.0243 0852 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:46:45.0248 0852 HidBth - ok
15:46:45.0262 0852 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:46:45.0266 0852 HidIr - ok
15:46:45.0303 0852 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:46:45.0304 0852 hidserv - ok
15:46:45.0336 0852 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:46:45.0340 0852 HidUsb - ok
15:46:45.0375 0852 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:46:45.0377 0852 hkmsvc - ok
15:46:45.0394 0852 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:46:45.0401 0852 HpCISSs - ok
15:46:45.0493 0852 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:46:45.0496 0852 hpqcxs08 - ok
15:46:45.0509 0852 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:46:45.0523 0852 hpqddsvc - ok
15:46:45.0568 0852 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:46:45.0582 0852 HTTP - ok
15:46:45.0603 0852 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:46:45.0608 0852 i2omp - ok
15:46:45.0666 0852 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:46:45.0673 0852 i8042prt - ok
15:46:45.0748 0852 [ 5F43E40C46D98E5E1E7D8A77D7BBF738 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
15:46:45.0767 0852 ialm - ok
15:46:45.0792 0852 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:46:45.0817 0852 iaStorV - ok
15:46:45.0918 0852 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:46:45.0959 0852 idsvc - ok
15:46:46.0025 0852 [ 5F43E40C46D98E5E1E7D8A77D7BBF738 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:46:46.0036 0852 igfx - ok
15:46:46.0049 0852 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:46:46.0056 0852 iirsp - ok
15:46:46.0094 0852 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:46:46.0101 0852 IKEEXT - ok
15:46:46.0131 0852 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:46:46.0149 0852 intelide - ok
15:46:46.0184 0852 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:46:46.0208 0852 intelppm - ok
15:46:46.0247 0852 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:46:46.0267 0852 IPBusEnum - ok
15:46:46.0305 0852 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:46.0310 0852 IpFilterDriver - ok
15:46:46.0344 0852 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:46:46.0347 0852 iphlpsvc - ok
15:46:46.0353 0852 IpInIp - ok
15:46:46.0378 0852 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:46:46.0387 0852 IPMIDRV - ok
15:46:46.0423 0852 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:46:46.0431 0852 IPNAT - ok
15:46:46.0481 0852 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:46:46.0511 0852 iPod Service - ok
15:46:46.0541 0852 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:46:46.0545 0852 IRENUM - ok
15:46:46.0571 0852 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:46:46.0578 0852 isapnp - ok
15:46:46.0614 0852 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:46:46.0643 0852 iScsiPrt - ok
15:46:46.0666 0852 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:46:46.0672 0852 iteatapi - ok
15:46:46.0688 0852 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:46:46.0694 0852 iteraid - ok
15:46:46.0737 0852 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:46.0743 0852 kbdclass - ok
15:46:46.0757 0852 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:46:46.0762 0852 kbdhid - ok
15:46:46.0792 0852 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:46:46.0795 0852 KeyIso - ok
15:46:46.0840 0852 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:46:46.0856 0852 KSecDD - ok
15:46:46.0938 0852 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:46:46.0944 0852 KtmRm - ok
15:46:46.0996 0852 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:46:46.0999 0852 LanmanServer - ok
15:46:47.0073 0852 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:46:47.0076 0852 LanmanWorkstation - ok
15:46:47.0121 0852 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:46:47.0127 0852 lltdio - ok
15:46:47.0191 0852 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:46:47.0204 0852 lltdsvc - ok
15:46:47.0235 0852 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:46:47.0237 0852 lmhosts - ok
15:46:47.0257 0852 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:46:47.0280 0852 LSI_FC - ok
15:46:47.0304 0852 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:46:47.0311 0852 LSI_SAS - ok
15:46:47.0336 0852 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:46:47.0343 0852 LSI_SCSI - ok
15:46:47.0367 0852 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:46:47.0377 0852 luafv - ok
15:46:47.0423 0852 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:46:47.0448 0852 MBAMProtector - ok
15:46:47.0530 0852 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:46:47.0558 0852 MBAMScheduler - ok
15:46:47.0595 0852 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:46:47.0611 0852 MBAMService - ok
15:46:47.0657 0852 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
15:46:47.0668 0852 mcdbus - ok
15:46:47.0695 0852 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:46:47.0718 0852 Mcx2Svc - ok
15:46:47.0752 0852 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
15:46:47.0758 0852 megasas - ok
15:46:47.0852 0852 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:46:47.0861 0852 Microsoft Office Groove Audit Service - ok
15:46:47.0890 0852 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:46:47.0892 0852 MMCSS - ok
15:46:47.0924 0852 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:46:47.0925 0852 Modem - ok
15:46:47.0957 0852 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
15:46:47.0980 0852 MODEMCSA - ok
15:46:48.0021 0852 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:46:48.0026 0852 monitor - ok
15:46:48.0082 0852 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:46:48.0088 0852 mouclass - ok
15:46:48.0105 0852 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:46:48.0110 0852 mouhid - ok
15:46:48.0139 0852 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:46:48.0147 0852 MountMgr - ok
15:46:48.0221 0852 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:46:48.0253 0852 MozillaMaintenance - ok
15:46:48.0297 0852 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
15:46:48.0306 0852 mpio - ok
15:46:48.0338 0852 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:46:48.0345 0852 mpsdrv - ok
15:46:48.0376 0852 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:46:48.0383 0852 MpsSvc - ok
15:46:48.0402 0852 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:46:48.0422 0852 Mraid35x - ok
15:46:48.0459 0852 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:46:48.0487 0852 MRxDAV - ok
15:46:48.0522 0852 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:48.0530 0852 mrxsmb - ok
15:46:48.0563 0852 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:48.0584 0852 mrxsmb10 - ok
15:46:48.0591 0852 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:48.0605 0852 mrxsmb20 - ok
15:46:48.0653 0852 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
15:46:48.0660 0852 msahci - ok
15:46:48.0727 0852 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
15:46:48.0752 0852 MSCamSvc - ok
15:46:48.0782 0852 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:46:48.0790 0852 msdsm - ok
15:46:48.0842 0852 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:46:48.0852 0852 MSDTC - ok
15:46:48.0877 0852 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:46:48.0901 0852 Msfs - ok
15:46:48.0955 0852 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:46:48.0961 0852 msisadrv - ok
15:46:48.0989 0852 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:46:48.0999 0852 MSiSCSI - ok
15:46:49.0004 0852 msiserver - ok
15:46:49.0045 0852 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:46:49.0049 0852 MSKSSRV - ok
15:46:49.0061 0852 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:49.0065 0852 MSPCLOCK - ok
15:46:49.0082 0852 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:46:49.0086 0852 MSPQM - ok
15:46:49.0120 0852 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:46:49.0145 0852 MsRPC - ok
15:46:49.0173 0852 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:46:49.0199 0852 mssmbios - ok
15:46:49.0222 0852 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:46:49.0226 0852 MSTEE - ok
15:46:49.0258 0852 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:46:49.0278 0852 Mup - ok
15:46:49.0318 0852 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:46:49.0324 0852 napagent - ok
15:46:49.0364 0852 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:46:49.0376 0852 NativeWifiP - ok
15:46:49.0501 0852 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:46:49.0524 0852 NDIS - ok
15:46:49.0598 0852 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:49.0603 0852 NdisTapi - ok
15:46:49.0688 0852 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:49.0693 0852 Ndisuio - ok
15:46:49.0761 0852 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:49.0837 0852 NdisWan - ok
15:46:49.0898 0852 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:46:49.0903 0852 NDProxy - ok
15:46:49.0950 0852 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:46:49.0971 0852 Net Driver HPZ12 - ok
15:46:49.0989 0852 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:46:49.0994 0852 NetBIOS - ok
15:46:50.0049 0852 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:46:50.0092 0852 netbt - ok
15:46:50.0103 0852 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:46:50.0104 0852 Netlogon - ok
15:46:50.0154 0852 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:46:50.0159 0852 Netman - ok
15:46:50.0194 0852 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:46:50.0198 0852 netprofm - ok
15:46:50.0238 0852 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:50.0251 0852 NetTcpPortSharing - ok
15:46:50.0336 0852 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
15:46:50.0363 0852 NETw3v32 - ok
15:46:50.0504 0852 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:46:50.0638 0852 NETw5v32 - ok
15:46:50.0661 0852 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:46:50.0667 0852 nfrd960 - ok
15:46:50.0723 0852 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:46:50.0726 0852 NlaSvc - ok
15:46:51.0788 0852 [ 1B49B83747509B2B1D707CD4B09AA504 ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
15:46:51.0830 0852 NLNdisMP - ok
15:46:52.0856 0852 [ 1B49B83747509B2B1D707CD4B09AA504 ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
15:46:52.0893 0852 NLNdisPT - ok
15:46:53.0260 0852 [ A021DDEDD9912BCE022C4CDA410D3374 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
15:46:53.0356 0852 nlsvc - ok
15:46:54.0093 0852 [ 6FE26694C94F1A63AF066D7A557F69D3 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
15:46:54.0264 0852 nltdi - ok
15:46:54.0314 0852 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:46:54.0346 0852 Npfs - ok
15:46:54.0370 0852 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:46:54.0372 0852 nsi - ok
15:46:54.0427 0852 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:46:54.0445 0852 nsiproxy - ok
15:46:54.0605 0852 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:46:54.0661 0852 Ntfs - ok
15:46:54.0702 0852 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:46:54.0707 0852 ntrigdigi - ok
15:46:54.0772 0852 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:46:54.0803 0852 Null - ok
15:46:54.0829 0852 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:46:54.0836 0852 nvraid - ok
15:46:54.0865 0852 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:46:54.0870 0852 nvstor - ok
15:46:54.0892 0852 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:46:54.0932 0852 nv_agp - ok
15:46:54.0938 0852 NwlnkFlt - ok
15:46:54.0944 0852 NwlnkFwd - ok
15:46:55.0278 0852 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:46:55.0324 0852 odserv - ok
15:46:55.0363 0852 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:46:55.0372 0852 ohci1394 - ok
15:46:55.0414 0852 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:55.0426 0852 ose - ok
15:46:55.0562 0852 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:46:55.0628 0852 p2pimsvc - ok
15:46:55.0645 0852 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:46:55.0652 0852 p2psvc - ok
15:46:55.0706 0852 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:46:55.0750 0852 Parport - ok
15:46:55.0798 0852 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:46:55.0805 0852 partmgr - ok
15:46:55.0812 0852 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:46:55.0817 0852 Parvdm - ok
15:46:55.0865 0852 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:46:55.0868 0852 PcaSvc - ok
15:46:55.0955 0852 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:46:56.0005 0852 pci - ok
15:46:56.0070 0852 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
15:46:56.0075 0852 pciide - ok
15:46:56.0176 0852 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:56.0177 0852 pcmcia - ok
15:46:56.0308 0852 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:46:56.0369 0852 PEAUTH - ok
15:46:56.0835 0852 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:46:56.0878 0852 pla - ok
15:46:56.0949 0852 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:46:56.0962 0852 PlugPlay - ok
15:46:57.0046 0852 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:46:57.0048 0852 Pml Driver HPZ12 - ok
15:46:57.0162 0852 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:46:57.0169 0852 PNRPAutoReg - ok
15:46:57.0229 0852 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:46:57.0235 0852 PNRPsvc - ok
15:46:57.0438 0852 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:46:57.0450 0852 PolicyAgent - ok
15:46:57.0485 0852 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:46:57.0492 0852 PptpMiniport - ok
15:46:57.0529 0852 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
15:46:57.0536 0852 Processor - ok
15:46:57.0626 0852 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:46:57.0629 0852 ProfSvc - ok
15:46:57.0670 0852 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:46:57.0671 0852 ProtectedStorage - ok
15:46:57.0719 0852 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:46:57.0743 0852 PSched - ok
15:46:57.0794 0852 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:46:57.0809 0852 ql2300 - ok
15:46:57.0839 0852 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:46:57.0847 0852 ql40xx - ok
15:46:57.0927 0852 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:46:57.0944 0852 QWAVE - ok
15:46:57.0968 0852 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:46:57.0974 0852 QWAVEdrv - ok
15:46:58.0006 0852 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:46:58.0030 0852 RasAcd - ok
15:46:58.0063 0852 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:46:58.0065 0852 RasAuto - ok
15:46:58.0110 0852 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:58.0151 0852 Rasl2tp - ok
15:46:58.0187 0852 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:46:58.0191 0852 RasMan - ok
15:46:58.0227 0852 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:58.0275 0852 RasPppoe - ok
15:46:58.0306 0852 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:46:58.0312 0852 RasSstp - ok
15:46:58.0407 0852 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:46:58.0446 0852 rdbss - ok
15:46:58.0477 0852 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:58.0481 0852 RDPCDD - ok
15:46:58.0557 0852 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:46:58.0568 0852 rdpdr - ok
15:46:58.0599 0852 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:46:58.0604 0852 RDPENCDD - ok
15:46:58.0674 0852 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:46:58.0683 0852 RDPWD - ok
15:46:58.0721 0852 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:46:58.0743 0852 RemoteAccess - ok
15:46:58.0775 0852 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:46:58.0777 0852 RemoteRegistry - ok
15:46:58.0810 0852 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:46:58.0813 0852 RpcLocator - ok
15:46:58.0859 0852 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:46:58.0865 0852 RpcSs - ok
15:46:58.0922 0852 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:46:58.0965 0852 rspndr - ok
15:46:58.0973 0852 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:46:58.0975 0852 SamSs - ok
15:46:59.0033 0852 [ 2B12749CC05F32D217735770D2EEABE3 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
15:46:59.0042 0852 SbieDrv - ok
15:46:59.0076 0852 [ 226D6068A955635259A3ABEF2F13827C ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
15:46:59.0084 0852 SbieSvc - ok
15:46:59.0131 0852 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:46:59.0156 0852 sbp2port - ok
15:46:59.0191 0852 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:46:59.0194 0852 SCardSvr - ok
15:46:59.0242 0852 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:46:59.0251 0852 Schedule - ok
15:46:59.0264 0852 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:46:59.0265 0852 SCPolicySvc - ok
15:46:59.0310 0852 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:46:59.0343 0852 SDRSVC - ok
15:46:59.0364 0852 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:46:59.0385 0852 secdrv - ok
15:46:59.0422 0852 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:46:59.0424 0852 seclogon - ok
15:46:59.0476 0852 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:46:59.0478 0852 SENS - ok
15:46:59.0551 0852 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:46:59.0552 0852 Serenum - ok
15:46:59.0604 0852 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:46:59.0611 0852 Serial - ok
15:46:59.0648 0852 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:46:59.0653 0852 sermouse - ok
15:46:59.0740 0852 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:46:59.0742 0852 SessionEnv - ok
15:46:59.0820 0852 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:46:59.0843 0852 sffdisk - ok
15:46:59.0849 0852 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:46:59.0855 0852 sffp_mmc - ok
15:46:59.0876 0852 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:46:59.0880 0852 sffp_sd - ok
15:46:59.0893 0852 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:46:59.0899 0852 sfloppy - ok
15:46:59.0984 0852 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:47:00.0001 0852 SharedAccess - ok
15:47:00.0032 0852 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:47:00.0036 0852 ShellHWDetection - ok
15:47:00.0063 0852 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:47:00.0070 0852 sisagp - ok
15:47:00.0099 0852 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:47:00.0106 0852 SiSRaid2 - ok
15:47:00.0130 0852 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:47:00.0154 0852 SiSRaid4 - ok
15:47:00.0281 0852 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:47:00.0321 0852 slsvc - ok
15:47:00.0365 0852 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:47:00.0375 0852 SLUINotify - ok
15:47:00.0406 0852 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:47:00.0413 0852 Smb - ok
15:47:00.0476 0852 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
15:47:00.0495 0852 smserial - ok
15:47:00.0531 0852 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:47:00.0534 0852 SNMPTRAP - ok
15:47:00.0565 0852 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:47:00.0572 0852 spldr - ok
15:47:00.0611 0852 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:47:00.0635 0852 Spooler - ok
15:47:00.0702 0852 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
15:47:00.0702 0852 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
15:47:00.0704 0852 sptd ( LockedFile.Multi.Generic ) - warning
15:47:00.0704 0852 sptd - detected LockedFile.Multi.Generic (1)
15:47:00.0740 0852 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:47:00.0765 0852 srv - ok
15:47:00.0806 0852 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:47:00.0814 0852 srv2 - ok
15:47:00.0834 0852 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:47:00.0858 0852 srvnet - ok
15:47:00.0899 0852 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:47:00.0928 0852 SSDPSRV - ok
15:47:00.0969 0852 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:47:00.0976 0852 ssmdrv - ok
15:47:01.0031 0852 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:47:01.0034 0852 SstpSvc - ok
15:47:01.0073 0852 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:47:01.0098 0852 stisvc - ok
15:47:01.0141 0852 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:47:01.0148 0852 swenum - ok
15:47:01.0239 0852 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:47:01.0263 0852 SwitchBoard - ok
15:47:01.0317 0852 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:47:01.0323 0852 swprv - ok
15:47:01.0366 0852 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:47:01.0371 0852 Symc8xx - ok
15:47:01.0400 0852 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:47:01.0407 0852 Sym_hi - ok
15:47:01.0435 0852 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:47:01.0441 0852 Sym_u3 - ok
15:47:01.0496 0852 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:47:01.0523 0852 SysMain - ok
15:47:01.0571 0852 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:47:01.0585 0852 TabletInputService - ok
15:47:01.0634 0852 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:47:01.0649 0852 TapiSrv - ok
15:47:01.0684 0852 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:47:01.0687 0852 TBS - ok
15:47:01.0827 0852 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:47:01.0859 0852 Tcpip - ok
15:47:01.0881 0852 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:47:01.0888 0852 Tcpip6 - ok
15:47:01.0928 0852 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:47:01.0933 0852 tcpipreg - ok
15:47:01.0972 0852 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:47:01.0976 0852 TDPIPE - ok
15:47:02.0003 0852 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:47:02.0008 0852 TDTCP - ok
15:47:02.0040 0852 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:47:02.0047 0852 tdx - ok
15:47:02.0086 0852 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:47:02.0093 0852 TermDD - ok
15:47:02.0115 0852 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:47:02.0124 0852 TermService - ok
15:47:02.0143 0852 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:47:02.0147 0852 Themes - ok
15:47:02.0154 0852 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:47:02.0156 0852 THREADORDER - ok
15:47:02.0184 0852 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:47:02.0187 0852 TrkWks - ok
15:47:02.0235 0852 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:47:02.0236 0852 TrustedInstaller - ok
15:47:02.0286 0852 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:47:02.0307 0852 tssecsrv - ok
15:47:02.0335 0852 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:47:02.0340 0852 tunmp - ok
15:47:02.0353 0852 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:47:02.0354 0852 tunnel - ok
15:47:02.0374 0852 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:47:02.0382 0852 uagp35 - ok
15:47:02.0419 0852 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:47:02.0430 0852 udfs - ok
15:47:02.0543 0852 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:47:02.0546 0852 UI0Detect - ok
15:47:02.0613 0852 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:47:02.0620 0852 uliagpkx - ok
15:47:02.0658 0852 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:47:02.0669 0852 uliahci - ok
15:47:02.0715 0852 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:47:02.0723 0852 UlSata - ok
15:47:02.0755 0852 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:47:02.0764 0852 ulsata2 - ok
15:47:02.0793 0852 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:47:02.0823 0852 umbus - ok
15:47:02.0861 0852 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:47:02.0867 0852 upnphost - ok
15:47:02.0876 0852 USBAAPL - ok
15:47:02.0941 0852 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:47:02.0949 0852 usbaudio - ok
15:47:02.0979 0852 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:47:02.0985 0852 usbccgp - ok
15:47:03.0007 0852 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:47:03.0019 0852 usbcir - ok
15:47:03.0048 0852 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:47:03.0054 0852 usbehci - ok
15:47:03.0070 0852 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:47:03.0080 0852 usbhub - ok
15:47:03.0093 0852 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:47:03.0109 0852 usbohci - ok
15:47:03.0141 0852 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:47:03.0145 0852 usbprint - ok
15:47:03.0170 0852 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:47:03.0176 0852 usbscan - ok
15:47:03.0192 0852 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:47:03.0199 0852 USBSTOR - ok
15:47:03.0226 0852 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:47:03.0231 0852 usbuhci - ok
15:47:03.0283 0852 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:47:03.0293 0852 usbvideo - ok
15:47:03.0333 0852 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:47:03.0335 0852 UxSms - ok
15:47:03.0368 0852 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
15:47:03.0374 0852 VClone - ok
15:47:03.0414 0852 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:47:03.0423 0852 vds - ok
15:47:03.0441 0852 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:47:03.0446 0852 vga - ok
15:47:03.0471 0852 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:47:03.0476 0852 VgaSave - ok
15:47:03.0492 0852 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:47:03.0500 0852 viaagp - ok
15:47:03.0519 0852 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:47:03.0544 0852 ViaC7 - ok
15:47:03.0564 0852 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
15:47:03.0570 0852 viaide - ok
15:47:03.0591 0852 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:47:03.0608 0852 volmgr - ok
15:47:03.0645 0852 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:47:03.0679 0852 volmgrx - ok
15:47:03.0718 0852 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:47:03.0733 0852 volsnap - ok
15:47:03.0762 0852 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:47:03.0769 0852 vsmraid - ok
15:47:03.0852 0852 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:47:03.0872 0852 VSS - ok
15:47:03.0958 0852 [ E26744E5DD71A16E80D4DD5A286B8423 ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys
15:47:03.0980 0852 VX3000 - ok
15:47:04.0022 0852 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:47:04.0027 0852 W32Time - ok
15:47:04.0059 0852 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:47:04.0064 0852 WacomPen - ok
15:47:04.0088 0852 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:47:04.0112 0852 Wanarp - ok
15:47:04.0118 0852 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:47:04.0119 0852 Wanarpv6 - ok
15:47:04.0166 0852 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:47:04.0174 0852 wcncsvc - ok
15:47:04.0205 0852 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:47:04.0207 0852 WcsPlugInService - ok
15:47:04.0227 0852 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
15:47:04.0233 0852 Wd - ok
15:47:04.0289 0852 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:47:04.0313 0852 Wdf01000 - ok
15:47:04.0344 0852 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:47:04.0347 0852 WdiServiceHost - ok
15:47:04.0352 0852 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:47:04.0355 0852 WdiSystemHost - ok
15:47:04.0389 0852 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:47:04.0394 0852 WebClient - ok
15:47:04.0431 0852 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:47:04.0434 0852 Wecsvc - ok
15:47:04.0460 0852 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:47:04.0463 0852 wercplsupport - ok
15:47:04.0497 0852 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:47:04.0500 0852 WerSvc - ok
15:47:04.0547 0852 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:47:04.0563 0852 WinDefend - ok
15:47:04.0571 0852 WinHttpAutoProxySvc - ok
15:47:04.0602 0852 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:47:04.0614 0852 Winmgmt - ok
15:47:04.0684 0852 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:47:04.0723 0852 WinRM - ok
15:47:04.0771 0852 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:47:04.0781 0852 Wlansvc - ok
15:47:04.0826 0852 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:47:04.0831 0852 WmiAcpi - ok
15:47:04.0868 0852 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:47:04.0870 0852 wmiApSrv - ok
15:47:04.0944 0852 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:47:04.0958 0852 WMPNetworkSvc - ok
15:47:04.0985 0852 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:47:04.0988 0852 WPCSvc - ok
15:47:05.0015 0852 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:47:05.0018 0852 WPDBusEnum - ok
15:47:05.0133 0852 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:47:05.0178 0852 WPFFontCache_v0400 - ok
15:47:05.0203 0852 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:47:05.0207 0852 ws2ifsl - ok
15:47:05.0241 0852 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:47:05.0244 0852 wscsvc - ok
15:47:05.0250 0852 WSearch - ok
15:47:05.0334 0852 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:47:05.0372 0852 wuauserv - ok
15:47:05.0428 0852 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:47:05.0454 0852 WUDFRd - ok
15:47:05.0493 0852 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:47:05.0502 0852 wudfsvc - ok
15:47:05.0539 0852 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
15:47:05.0551 0852 yukonwlh - ok
15:47:05.0563 0852 ================ Scan global ===============================
15:47:05.0580 0852 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:47:05.0620 0852 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:47:05.0636 0852 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:47:05.0679 0852 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:47:05.0684 0852 [Global] - ok
15:47:05.0684 0852 ================ Scan MBR ==================================
15:47:05.0701 0852 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:47:06.0295 0852 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:47:06.0295 0852 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:47:06.0295 0852 ================ Scan VBR ==================================
15:47:06.0299 0852 [ 06B9D4D01B5748D5FB34F7BBC6324CEA ] \Device\Harddisk0\DR0\Partition1
15:47:06.0302 0852 \Device\Harddisk0\DR0\Partition1 - ok
15:47:06.0307 0852 [ 95B2E8F4C39CCA9339146F682AA30863 ] \Device\Harddisk0\DR0\Partition2
15:47:06.0309 0852 \Device\Harddisk0\DR0\Partition2 - ok
15:47:06.0310 0852 ============================================================
15:47:06.0310 0852 Scan finished
15:47:06.0310 0852 ============================================================
15:47:06.0324 3408 Detected object count: 2
15:47:06.0324 3408 Actual detected object count: 2
15:47:54.0595 3408 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:47:54.0595 3408 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:47:54.0598 3408 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:47:54.0598 3408 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-28 15:51:29
-----------------------------
15:51:29.141 OS Version: Windows 6.0.6002 Service Pack 2
15:51:29.141 Number of processors: 2 586 0xE0C
15:51:29.143 ComputerName: NICOLE-PC UserName: Nicole
15:51:48.127 Initialize success
15:57:30.747 AVAST engine defs: 12092800
15:58:28.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
15:58:28.128 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC70P Size: 152627MB BusType: 3
15:58:28.159 Disk 0 MBR read successfully
15:58:28.163 Disk 0 MBR scan
15:58:28.169 Disk 0 Windows VISTA default MBR code
15:58:28.174 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10699 MB offset 63
15:58:28.196 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 141925 MB offset 21912660
15:58:28.206 Disk 0 scanning sectors +312576705
15:58:28.280 Disk 0 scanning C:\Windows\system32\drivers
15:58:42.460 Service scanning
15:59:09.963 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:59:19.064 Modules scanning
15:59:27.333 Disk 0 trace - called modules:
15:59:27.349 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84f901f8]<<
15:59:27.350 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851fe518]
15:59:27.350 3 CLASSPNP.SYS[895a08b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84fcb030]
15:59:27.350 \Driver\atapi[0x84fe7900] -> IRP_MJ_CREATE -> 0x84f901f8
15:59:28.399 AVAST engine scan C:\Windows
15:59:31.844 AVAST engine scan C:\Windows\system32
16:04:33.643 AVAST engine scan C:\Windows\system32\drivers
16:04:51.432 AVAST engine scan C:\Users\Nicole
16:05:09.329 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Documents\MBR.dat"
16:05:09.337 The log file has been saved successfully to "C:\Users\Nicole\Documents\aswMBR.txt"


ESET online scanner
C:\Users\Nicole\Downloads\cnet_wrar401_exe (2).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Nicole\Downloads\cnet_wrar401_exe(1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Nicole\Downloads\cnet_wrar401_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined


Sorry I haven't posted sooner. I was not able to get to my computer until now. I really appreciate this!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:51 PM

Posted 29 September 2012 - 03:52 AM

Launch TDSSkiller and select DELETE for TDSSfilesystem

15:47:54.0598 3408 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and after scan gets completed,post the generated log here.

NOTE: For vista and windows 7 right click on the tool and select run as administrator

#5 nmh5090

nmh5090
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 30 September 2012 - 07:27 PM

Again, sorry for a really late response...

Malwarebytes
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.28.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nicole :: NICOLE-PC [administrator]

Protection: Enabled

9/29/2012 10:10:25 AM
mbam-log-2012-09-29 (10-10-25).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346459
Time elapsed: 1 hour(s), 22 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\TDSSKiller_Quarantine\29.09.2012_10.07.33\tdlfs0000\tsk0003.dta (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\29.09.2012_10.07.33\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\29.09.2012_10.07.33\tdlfs0000\tsk0009.dta (Malware.Packer.Gen) -> Quarantined and deleted successfully.

(end)


Minitoolbox
MiniToolBox by Farbar Version: 23-07-2012
Ran by Nicole (administrator) on 30-09-2012 at 16:41:33
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nicole-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1B-77-51-27-09
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e95b:15ef:390b:e12%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 29, 2012 9:50:50 AM
Lease Expires . . . . . . . . . . : Monday, October 01, 2012 5:58:06 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 151001975
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-90-60-F2-00-E0-B8-EA-EA-59
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-E0-B8-EA-EA-59
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : isatap.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:20d3:330a:3f57:fef0(Preferred)
Link-local IPv6 Address . . . . . : fe80::20d3:330a:3f57:fef0%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:803::1006
74.125.228.103
74.125.228.102
74.125.228.104
74.125.228.98
74.125.228.96
74.125.228.97
74.125.228.110
74.125.228.99
74.125.228.101
74.125.228.100
74.125.228.105



Pinging google.com [74.125.228.105] with 32 bytes of data:

Reply from 74.125.228.105: bytes=32 time=43ms TTL=55

Reply from 74.125.228.105: bytes=32 time=44ms TTL=54



Ping statistics for 74.125.228.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 44ms, Average = 43ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=124ms TTL=50

Reply from 98.139.183.24: bytes=32 time=172ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 124ms, Maximum = 172ms, Average = 148ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=15ms TTL=128

Reply from 127.0.0.1: bytes=32 time=5ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 5ms, Maximum = 15ms, Average = 10ms

===========================================================================
Interface List
9 ...00 1b 77 51 27 09 ...... Intel® PRO/Wireless 3945ABG Network Connection
8 ...00 e0 b8 ea ea 59 ...... Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19 ...00 00 00 00 00 00 00 e0 isatap.westell.com
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.15 281
192.168.1.15 255.255.255.255 On-link 192.168.1.15 281
192.168.1.255 255.255.255.255 On-link 192.168.1.15 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.15 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.15 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:20d3:330a:3f57:fef0/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::20d3:330a:3f57:fef0/128
On-link
9 281 fe80::e95b:15ef:390b:e12/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/29/2012 08:42:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5257

Error: (09/29/2012 08:42:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5257

Error: (09/29/2012 08:42:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2012 08:42:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4243

Error: (09/29/2012 08:42:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4243

Error: (09/29/2012 08:42:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2012 08:42:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3229

Error: (09/29/2012 08:42:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3229

Error: (09/29/2012 08:42:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2012 08:42:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2231


System errors:
=============
Error: (09/19/2012 07:49:15 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (09/13/2012 03:03:26 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/13/2012 03:03:26 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/13/2012 03:03:26 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (09/13/2012 03:03:26 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (09/13/2012 03:03:26 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/04/2012 00:02:18 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (08/26/2012 04:11:08 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (08/24/2012 01:02:39 AM) (Source: Service Control Manager) (User: )
Description: 30000Wlansvc

Error: (08/23/2012 00:41:45 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.1)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.0) (Version: 10.1.0)
AIM 7
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.5)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
Copy (Version: 140.0.212.000)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
Dictionary.com Toolbar (Version: 1.15.2.0)
Dictionary.com Toolbar Updater (Version: 1.2.0.20007)
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000)
Download Updater (AOL LLC)
ESET Online Scanner v3
F4400 (Version: 140.0.696.000)
Free Alarm Clock 2.5.0 (Version: 2.5)
GPBaseService2 (Version: 140.0.211.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Solution Center 14.0 (Version: 14.0)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.5.0.142)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 30 (Version: 6.0.300)
JavaFX 2.1.0 (Version: 2.1.0)
League of Legends (Version: 1.3)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 140.0.212.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetLimiter 3 (Version: 3.0.0.11)
Pando Media Booster (Version: 2.6.0.2)
PDF Settings CS5 (Version: 10.0)
RuneScape Launcher 1.2 (Version: 1.2.0)
Sandboxie 3.54 (32-bit)
Scan (Version: 140.0.80.000)
SolutionCenter (Version: 140.0.213.000)
Status (Version: 140.0.212.000)
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Pets
The Sims 2 Seasons
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Teen Style Stuff
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
VLC media player 1.1.10 (Version: 1.1.10)
WebReg (Version: 140.0.212.017)
WinRAR 4.00 (32-bit) (Version: 4.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 2549.45 MB
Available physical RAM: 1191.3 MB
Total Pagefile: 5319.71 MB
Available Pagefile: 3707.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.43 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:138.6 GB) (Free:15.17 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.45 GB) (Free:3.1 GB) NTFS

========================= Users: ========================================

User accounts for \\NICOLE-PC

Administrator Guest Nicole

========================= Restore Points ==================================

21-09-2012 17:15:46 Scheduled Checkpoint
25-09-2012 07:00:11 Windows Update
27-09-2012 04:05:18 Scheduled Checkpoint
28-09-2012 05:30:37 Scheduled Checkpoint
28-09-2012 14:05:38 Installed Java 7 Update 7
29-09-2012 16:16:00 Scheduled Checkpoint

**** End of log ****


FSS
Farbar Service Scanner Version: 19-09-2012
Ran by Nicole (administrator) on 30-09-2012 at 16:47:01
Running from "C:\Users\Nicole\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2011-06-26 20:21] - [2008-01-19 03:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Adwcleaner
# AdwCleaner v2.003 - Logfile created 09/30/2012 at 16:54:01
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Nicole - NICOLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Nicole\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\Nicole\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\kp1mzb86.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\kp1mzb86.default\prefs.js

C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\kp1mzb86.default\user.js ... Deleted !

Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_8.0.1");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "D6");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.crumb", "2012.01.26+16.48.35-toolbar004iad-US-UGhpbGFkZWxwaGlhLFBBLFVuaX[...]
Deleted : user_pref("extensions.asktb.default-channel", "dictionary-channel");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://app.dictionary.com/click/sekgso?o=100[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.youtube.com/watch?v=xE4uzGaQDQg");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "294F79F6-9F21-48B8-954C-34AB21B58CD8");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dir");
Deleted : user_pref("extensions.asktb.last-config-req", "1349008664021");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1346298204694");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Philadelphia,PA,United States");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "13736");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "5");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.save-searches", false);
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "1/26/2012 7:49:00 PM");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.2.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.2.23037");
Deleted : user_pref("extensions.asktb.volume", "");
Deleted : user_pref("extensions.enabledAddons", "bnfrqjkrtw@bnfrqjkrtw.org:2.5,{AE93811A-5C9A-4d34-8462-F7B864[...]

*************************

AdwCleaner[S2].txt - [9242 octets] - [30/09/2012 16:54:01]

########## EOF - C:\AdwCleaner[S2].txt - [9302 octets] ##########


Junkware
Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.8 (09.30.2012)
OS: Windows Vista ™ Home Premium x86
Ran by Nicole on Sun 09/30/2012 at 17:07:33.43
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Trojan:Win32/Tracur.AV Detected!
Successfully deleted: bnfrqjkrtw@bnfrqjkrtw.org.xpi


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 09/30/2012 at 17:07:35.03
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:51 PM

Posted 30 September 2012 - 09:43 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 nmh5090

nmh5090
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 01 October 2012 - 11:55 PM

Rkill
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/02/2012 12:50:55 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/02/2012 12:51:11 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)


Autoruns
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "AdobeCS5ServiceManager" "Adobe CS5 Service Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "avgnt" "Antivirus System Tray Tool" "Avira GmbH" "c:\program files\avira\antivir desktop\avgnt.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "LifeCam" "LifeExp.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\lifeexp.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SMSERIAL" "SM56 Modem Helper" "Motorola Inc." "c:\program files\motorola\smserial\sm56hlpr.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
+ "VirtualCloneDrive" "Virtual CloneDrive Daemon" "Elaborate Bytes AG" "c:\program files\virtualclonedrive\vcddaemon.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
"C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "hpqtra08.exe" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\users\nicole\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe"
+ "MagicDisc.lnk" "MagicISO Virtual CD/DVD Manager" "MagicISO, Inc." "c:\program files\magicdisc\magicdisc.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "FreeAC" "Free Alarm Clock" "Comfort Software Group" "c:\program files\freealarmclock\freealarmclock.exe"
+ "SandboxieControl" "Sandboxie Control" "SANDBOXIE L.T.D" "c:\program files\sandboxie\sbiectrl.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Shell Extension for Malware scanning" "AntiVirus context menu" "Avira GmbH" "c:\program files\avira\antivir desktop\shlext.dll"
+ "VirtualCloneDrive" "CloseTray" "Elaborate Bytes AG" "c:\program files\virtualclonedrive\elbyvcdshell.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "AntiVirus context menu" "Avira GmbH" "c:\program files\avira\antivir desktop\shlext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\Scheduled Update for Ask Toolbar" "" "" "File not found: C:\Program Files\Ask.com\UpdateTask.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AntiVirSchedulerService" "Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates." "Avira GmbH" "c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the AntiVir search engine." "Avira GmbH" "c:\program files\avira\antivir desktop\avguard.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MSCamSvc" "MsCamSvc.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\mscams32.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "nlsvc" "NetLimiter 3 Service" "Locktime Software" "c:\program files\netlimiter 3\nlsvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SbieSvc" "Sandboxie Service" "SANDBOXIE L.T.D" "c:\program files\sandboxie\sbiesvc.exe"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "avgntflt" "Avira mini-filter driver" "Avira GmbH" "c:\windows\system32\drivers\avgntflt.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira GmbH" "c:\windows\system32\drivers\avipbb.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "ElbyCDIO" "ElbyCD Windows NT/2000/XP I/O driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\elbycdio.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "ialm" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mcdbus" "MagicISO SCSI Host Controller" "MagicISO, Inc." "c:\windows\system32\drivers\mcdbus.sys"
+ "NETw3v32" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\netw3v32.sys"
+ "NETw5v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v32.sys"
+ "NLNdisMP" "NetLimiter 3 NDIS driver" "Locktime Software" "c:\windows\system32\drivers\nlndis.sys"
+ "NLNdisPT" "NetLimiter 3 NDIS driver" "Locktime Software" "c:\windows\system32\drivers\nlndis.sys"
+ "nltdi" "NetLimiter 3 TDI driver" "Locktime Software" "c:\program files\netlimiter 3\nltdi.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "SbieDrv" "Sandboxie Kernel Mode Driver" "SANDBOXIE L.T.D" "c:\program files\sandboxie\sbiedrv.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smserial" "Motorola SM56 Modem WDM Driver" "Motorola Inc." "c:\windows\system32\drivers\smserial.sys"
+ "sptd" "" "" "c:\windows\system32\drivers\sptd.sys"
+ "ssmdrv" "Avira Snapshot Driver" "Avira GmbH" "c:\windows\system32\drivers\ssmdrv.sys"
+ "USBAAPL" "" "" "File not found: System32\Drivers\usbaapl.sys"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys"
+ "yukonwlh" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk60x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.VP60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpf3l083.dll" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l083.dll"
+ "LIDIL hpzlllhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzlllhn.dll"
"C:\Users\Nicole\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "HP Photo Print" "Drag and drop photos to print." "Hewlett-Packard Corp" "C:\Users\Nicole\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:51 PM

Posted 02 October 2012 - 12:13 AM

Any current issues?

#9 nmh5090

nmh5090
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 02 October 2012 - 01:14 AM

All seems well! Starting today, I haven't had any problems browsing websites. Thank you so much for helping me clean my computer! You guys are awesome. :)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:51 PM

Posted 02 October 2012 - 01:20 AM

You're welcome


Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users