Jump to content

Confuzzed

Honorary Members
 View Profile  See their activity

  • Posts

    49

  • Joined

  • Last visited

 Content Type 

Everything posted by Confuzzed

  1. Confuzzed
    Oh, I forgot the other two logs. See attached. The computer seems to be operating okay. Somtines it is reluctant to refresh or load a page in IE if I have a few tabs open. ComboFix.txt checkup.txt
  2. Confuzzed
    Per your request: 08:47:13.0342 6816 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 08:47:13.0939 6816 ============================================================ 08:47:13.0940 6816 Current date / time: 2012/05/24 08:47:13.0939 08:47:13.0940 6816 SystemInfo: 08:47:13.0940 6816 08:47:13.0940 6816 OS Version: 6.1.7601 ServicePack: 1.0 08:47:13.0940 6816 Product type: Workstation 08:47:13.0940 6816 ComputerName: VEGAS 08:47:13.0940 6816 UserName: SL 08:47:13.0940 6816 Windows directory: C:\Windows 08:47:13.0940 6816 System windows directory: C:\Windows 08:47:13.0940 6816 Running under WOW64 08:47:13.0940 6816 Processor architecture: Intel x64 08:47:13.0940 6816 Number of processors: 6 08:47:13.0941 6816 Page size: 0x1000 08:47:13.0941 6816 Boot type: Normal boot 08:47:13.0941 6816 ============================================================ 08:47:14.0164 6816 Drive \Device\Harddisk3\DR3 - Size: 0x19254C0000 (100.58 Gb), SectorSize: 0x200, Cylinders: 0x334A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:47:14.0173 6816 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048 08:47:14.0186 6816 Drive \Device\Harddisk1\DR1 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048 08:47:14.0203 6816 Drive \Device\Harddisk2\DR2 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048 08:47:14.0462 6816 ============================================================ 08:47:14.0462 6816 \Device\Harddisk3\DR3: 08:47:14.0462 6816 MBR partitions: 08:47:14.0462 6816 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 08:47:14.0462 6816 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC8F7000 08:47:14.0462 6816 \Device\Harddisk0\DR0: 08:47:14.0465 6816 MBR partitions: 08:47:14.0465 6816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000 08:47:14.0465 6816 \Device\Harddisk1\DR1: 08:47:14.0465 6816 MBR partitions: 08:47:14.0465 6816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF82000 08:47:14.0465 6816 \Device\Harddisk2\DR2: 08:47:14.0465 6816 MBR partitions: 08:47:14.0465 6816 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF83000 08:47:14.0465 6816 ============================================================ 08:47:14.0466 6816 C: <-> \Device\Harddisk3\DR3\Partition1 08:47:14.0503 6816 S: <-> \Device\Harddisk2\DR2\Partition0 08:47:14.0513 6816 D: <-> \Device\Harddisk0\DR0\Partition0 08:47:14.0527 6816 E: <-> \Device\Harddisk1\DR1\Partition0 08:47:14.0527 6816 ============================================================ 08:47:14.0527 6816 Initialize success 08:47:14.0527 6816 ============================================================ 08:47:20.0407 8104 ============================================================ 08:47:20.0407 8104 Scan started 08:47:20.0407 8104 Mode: Manual; 08:47:20.0407 8104 ============================================================ 08:47:20.0547 8104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:47:20.0552 8104 1394ohci - ok 08:47:20.0562 8104 AceecaUSBDx64 (5677f1633ea1fa5db3482080a506ea24) C:\Windows\system32\DRIVERS\AceecaUSBDx64.sys 08:47:20.0585 8104 AceecaUSBDx64 - ok 08:47:20.0600 8104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:47:20.0604 8104 ACPI - ok 08:47:20.0607 8104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:47:20.0608 8104 AcpiPmi - ok 08:47:20.0620 8104 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 08:47:20.0622 8104 AdobeActiveFileMonitor7.0 - ok 08:47:20.0652 8104 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:47:20.0655 8104 AdobeFlashPlayerUpdateSvc - ok 08:47:20.0677 8104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 08:47:20.0683 8104 adp94xx - ok 08:47:20.0698 8104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 08:47:20.0702 8104 adpahci - ok 08:47:20.0712 8104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 08:47:20.0715 8104 adpu320 - ok 08:47:20.0722 8104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:47:20.0724 8104 AeLookupSvc - ok 08:47:20.0745 8104 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:47:20.0751 8104 AFD - ok 08:47:20.0756 8104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:47:20.0757 8104 agp440 - ok 08:47:20.0769 8104 ahcix64s (367bb1682a128ddf23182b370769771e) C:\Windows\system32\DRIVERS\ahcix64s.sys 08:47:20.0770 8104 ahcix64s - ok 08:47:20.0776 8104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:47:20.0777 8104 ALG - ok 08:47:20.0780 8104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:47:20.0781 8104 aliide - ok 08:47:20.0791 8104 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe 08:47:20.0793 8104 AMD External Events Utility - ok 08:47:20.0796 8104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:47:20.0797 8104 amdide - ok 08:47:20.0802 8104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 08:47:20.0803 8104 AmdK8 - ok 08:47:21.0322 8104 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys 08:47:21.0453 8104 amdkmdag - ok 08:47:21.0491 8104 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys 08:47:21.0493 8104 amdkmdap - ok 08:47:21.0498 8104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:47:21.0498 8104 AmdPPM - ok 08:47:21.0504 8104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:47:21.0505 8104 amdsata - ok 08:47:21.0514 8104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 08:47:21.0517 8104 amdsbs - ok 08:47:21.0520 8104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:47:21.0521 8104 amdxata - ok 08:47:21.0525 8104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:47:21.0526 8104 AppID - ok 08:47:21.0530 8104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:47:21.0531 8104 AppIDSvc - ok 08:47:21.0535 8104 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:47:21.0536 8104 Appinfo - ok 08:47:21.0543 8104 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:47:21.0545 8104 Apple Mobile Device - ok 08:47:21.0555 8104 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 08:47:21.0558 8104 AppMgmt - ok 08:47:21.0563 8104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 08:47:21.0564 8104 arc - ok 08:47:21.0570 8104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 08:47:21.0571 8104 arcsas - ok 08:47:21.0583 8104 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:47:21.0586 8104 aspnet_state - ok 08:47:21.0589 8104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:47:21.0590 8104 AsyncMac - ok 08:47:21.0593 8104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:47:21.0594 8104 atapi - ok 08:47:21.0599 8104 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 08:47:21.0600 8104 AtiPcie - ok 08:47:21.0627 8104 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:47:21.0634 8104 AudioEndpointBuilder - ok 08:47:21.0639 8104 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:47:21.0642 8104 AudioSrv - ok 08:47:21.0650 8104 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 08:47:21.0651 8104 AxInstSV - ok 08:47:21.0668 8104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 08:47:21.0671 8104 b06bdrv - ok 08:47:21.0682 8104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:47:21.0684 8104 b57nd60a - ok 08:47:21.0691 8104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:47:21.0692 8104 BDESVC - ok 08:47:21.0695 8104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:47:21.0695 8104 Beep - ok 08:47:21.0723 8104 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 08:47:21.0730 8104 BFE - ok 08:47:21.0763 8104 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 08:47:21.0773 8104 BITS - ok 08:47:21.0780 8104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:47:21.0781 8104 blbdrive - ok 08:47:21.0801 8104 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 08:47:21.0806 8104 Bonjour Service - ok 08:47:21.0812 8104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:47:21.0814 8104 bowser - ok 08:47:21.0816 8104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:47:21.0817 8104 BrFiltLo - ok 08:47:21.0820 8104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:47:21.0820 8104 BrFiltUp - ok 08:47:21.0828 8104 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 08:47:21.0830 8104 Browser - ok 08:47:21.0839 8104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:47:21.0842 8104 Brserid - ok 08:47:21.0846 8104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:47:21.0847 8104 BrSerWdm - ok 08:47:21.0850 8104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:47:21.0850 8104 BrUsbMdm - ok 08:47:21.0853 8104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:47:21.0854 8104 BrUsbSer - ok 08:47:21.0859 8104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 08:47:21.0860 8104 BTHMODEM - ok 08:47:21.0866 8104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:47:21.0867 8104 bthserv - ok 08:47:21.0873 8104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:47:21.0875 8104 cdfs - ok 08:47:21.0882 8104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 08:47:21.0884 8104 cdrom - ok 08:47:21.0890 8104 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:47:21.0891 8104 CertPropSvc - ok 08:47:21.0895 8104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:47:21.0896 8104 circlass - ok 08:47:21.0912 8104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:47:21.0916 8104 CLFS - ok 08:47:21.0923 8104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:47:21.0925 8104 clr_optimization_v2.0.50727_32 - ok 08:47:21.0932 8104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:47:21.0933 8104 clr_optimization_v2.0.50727_64 - ok 08:47:21.0944 8104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:47:21.0953 8104 clr_optimization_v4.0.30319_32 - ok 08:47:21.0963 8104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:47:21.0969 8104 clr_optimization_v4.0.30319_64 - ok 08:47:21.0972 8104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 08:47:21.0973 8104 CmBatt - ok 08:47:21.0976 8104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:47:21.0976 8104 cmdide - ok 08:47:21.0993 8104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:47:21.0997 8104 CNG - ok 08:47:22.0000 8104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 08:47:22.0001 8104 Compbatt - ok 08:47:22.0005 8104 CompFilter64 (403433d758c2d8908937265c1fb34f34) C:\Windows\system32\DRIVERS\lvbflt64.sys 08:47:22.0005 8104 CompFilter64 - ok 08:47:22.0009 8104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:47:22.0009 8104 CompositeBus - ok 08:47:22.0011 8104 COMSysApp - ok 08:47:22.0015 8104 cpuz134 - ok 08:47:22.0019 8104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 08:47:22.0020 8104 crcdisk - ok 08:47:22.0030 8104 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 08:47:22.0033 8104 CryptSvc - ok 08:47:22.0054 8104 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 08:47:22.0060 8104 CSC - ok 08:47:22.0086 8104 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 08:47:22.0093 8104 CscService - ok 08:47:22.0117 8104 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:47:22.0124 8104 DcomLaunch - ok 08:47:22.0137 8104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:47:22.0140 8104 defragsvc - ok 08:47:22.0148 8104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:47:22.0150 8104 DfsC - ok 08:47:22.0164 8104 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 08:47:22.0168 8104 Dhcp - ok 08:47:22.0171 8104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:47:22.0172 8104 discache - ok 08:47:22.0176 8104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 08:47:22.0178 8104 Disk - ok 08:47:22.0186 8104 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 08:47:22.0188 8104 Dnscache - ok 08:47:22.0199 8104 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 08:47:22.0202 8104 dot3svc - ok 08:47:22.0209 8104 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 08:47:22.0211 8104 DPS - ok 08:47:22.0213 8104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:47:22.0214 8104 drmkaud - ok 08:47:22.0253 8104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:47:22.0258 8104 DXGKrnl - ok 08:47:22.0264 8104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:47:22.0266 8104 EapHost - ok 08:47:22.0382 8104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 08:47:22.0409 8104 ebdrv - ok 08:47:22.0435 8104 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 08:47:22.0437 8104 EFS - ok 08:47:22.0459 8104 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 08:47:22.0465 8104 ehRecvr - ok 08:47:22.0472 8104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:47:22.0474 8104 ehSched - ok 08:47:22.0498 8104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 08:47:22.0504 8104 elxstor - ok 08:47:22.0506 8104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:47:22.0507 8104 ErrDev - ok 08:47:22.0527 8104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:47:22.0532 8104 EventSystem - ok 08:47:22.0541 8104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:47:22.0543 8104 exfat - ok 08:47:22.0553 8104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:47:22.0555 8104 fastfat - ok 08:47:22.0579 8104 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 08:47:22.0586 8104 Fax - ok 08:47:22.0589 8104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 08:47:22.0591 8104 fdc - ok 08:47:22.0593 8104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:47:22.0594 8104 fdPHost - ok 08:47:22.0598 8104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:47:22.0599 8104 FDResPub - ok 08:47:22.0603 8104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:47:22.0604 8104 FileInfo - ok 08:47:22.0607 8104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:47:22.0608 8104 Filetrace - ok 08:47:22.0634 8104 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 08:47:22.0701 8104 FLEXnet Licensing Service - ok 08:47:22.0704 8104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 08:47:22.0705 8104 flpydisk - ok 08:47:22.0718 8104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:47:22.0721 8104 FltMgr - ok 08:47:22.0761 8104 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 08:47:22.0772 8104 FontCache - ok 08:47:22.0777 8104 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:47:22.0778 8104 FontCache3.0.0.0 - ok 08:47:22.0784 8104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:47:22.0785 8104 FsDepends - ok 08:47:22.0788 8104 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 08:47:22.0788 8104 Fs_Rec - ok 08:47:22.0799 8104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:47:22.0802 8104 fvevol - ok 08:47:22.0806 8104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 08:47:22.0807 8104 gagp30kx - ok 08:47:22.0809 8104 gdrv - ok 08:47:22.0814 8104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:47:22.0815 8104 GEARAspiWDM - ok 08:47:22.0844 8104 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 08:47:22.0852 8104 gpsvc - ok 08:47:22.0861 8104 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:47:22.0863 8104 gupdate - ok 08:47:22.0865 8104 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:47:22.0866 8104 gupdatem - ok 08:47:22.0870 8104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:47:22.0871 8104 hcw85cir - ok 08:47:22.0884 8104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:47:22.0887 8104 HdAudAddService - ok 08:47:22.0894 8104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 08:47:22.0896 8104 HDAudBus - ok 08:47:22.0899 8104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 08:47:22.0900 8104 HidBatt - ok 08:47:22.0905 8104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 08:47:22.0906 8104 HidBth - ok 08:47:22.0909 8104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 08:47:22.0910 8104 HidIr - ok 08:47:22.0914 8104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 08:47:22.0915 8104 hidserv - ok 08:47:22.0919 8104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 08:47:22.0919 8104 HidUsb - ok 08:47:22.0924 8104 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 08:47:22.0926 8104 hkmsvc - ok 08:47:22.0936 8104 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 08:47:22.0940 8104 HomeGroupListener - ok 08:47:22.0949 8104 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 08:47:22.0951 8104 HomeGroupProvider - ok 08:47:22.0956 8104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:47:22.0957 8104 HpSAMD - ok 08:47:22.0987 8104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:47:22.0994 8104 HTTP - ok 08:47:22.0997 8104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:47:22.0997 8104 hwpolicy - ok 08:47:23.0003 8104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:47:23.0005 8104 i8042prt - ok 08:47:23.0022 8104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:47:23.0028 8104 iaStorV - ok 08:47:23.0036 8104 IDMWFP (2a63036283b36b3b68cdc6f85a7d53ed) C:\Windows\system32\DRIVERS\idmwfp.sys 08:47:23.0037 8104 IDMWFP - ok 08:47:23.0043 8104 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 08:47:23.0045 8104 IDriverT - ok 08:47:23.0076 8104 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:47:23.0085 8104 idsvc - ok 08:47:23.0089 8104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 08:47:23.0090 8104 iirsp - ok 08:47:23.0120 8104 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 08:47:23.0129 8104 IKEEXT - ok 08:47:23.0229 8104 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys 08:47:23.0247 8104 IntcAzAudAddService - ok 08:47:23.0275 8104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:47:23.0276 8104 intelide - ok 08:47:23.0280 8104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:47:23.0281 8104 intelppm - ok 08:47:23.0287 8104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:47:23.0289 8104 IPBusEnum - ok 08:47:23.0294 8104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:47:23.0295 8104 IpFilterDriver - ok 08:47:23.0318 8104 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 08:47:23.0325 8104 iphlpsvc - ok 08:47:23.0329 8104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:47:23.0331 8104 IPMIDRV - ok 08:47:23.0336 8104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:47:23.0338 8104 IPNAT - ok 08:47:23.0372 8104 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe 08:47:23.0382 8104 iPod Service - ok 08:47:23.0386 8104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:47:23.0386 8104 IRENUM - ok 08:47:23.0390 8104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:47:23.0391 8104 isapnp - ok 08:47:23.0401 8104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:47:23.0403 8104 iScsiPrt - ok 08:47:23.0425 8104 JMB36X (f3a41ec4c6506e76e07a219b3a1df8d2) C:\Windows\SysWOW64\XSrvSetup.exe 08:47:23.0459 8104 JMB36X - ok 08:47:23.0466 8104 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys 08:47:23.0467 8104 JRAID - ok 08:47:23.0471 8104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 08:47:23.0471 8104 kbdclass - ok 08:47:23.0475 8104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 08:47:23.0476 8104 kbdhid - ok 08:47:23.0479 8104 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:47:23.0480 8104 KeyIso - ok 08:47:23.0486 8104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:47:23.0487 8104 KSecDD - ok 08:47:23.0494 8104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:47:23.0496 8104 KSecPkg - ok 08:47:23.0500 8104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:47:23.0500 8104 ksthunk - ok 08:47:23.0512 8104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:47:23.0516 8104 KtmRm - ok 08:47:23.0527 8104 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 08:47:23.0531 8104 LanmanServer - ok 08:47:23.0537 8104 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 08:47:23.0539 8104 LanmanWorkstation - ok 08:47:23.0806 8104 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe 08:47:23.0882 8104 LeapFrog Connect Device Service - ok 08:47:23.0913 8104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:47:23.0915 8104 lltdio - ok 08:47:23.0926 8104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:47:23.0929 8104 lltdsvc - ok 08:47:23.0932 8104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:47:23.0933 8104 lmhosts - ok 08:47:23.0941 8104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 08:47:23.0943 8104 LSI_FC - ok 08:47:23.0949 8104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 08:47:23.0950 8104 LSI_SAS - ok 08:47:23.0954 8104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:47:23.0955 8104 LSI_SAS2 - ok 08:47:23.0962 8104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:47:23.0964 8104 LSI_SCSI - ok 08:47:23.0970 8104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:47:23.0971 8104 luafv - ok 08:47:23.0975 8104 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 08:47:23.0976 8104 LVPr2M64 - ok 08:47:23.0978 8104 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 08:47:23.0978 8104 LVPr2Mon - ok 08:47:23.0993 8104 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys 08:47:23.0995 8104 LVRS64 - ok 08:47:24.0175 8104 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys 08:47:24.0196 8104 LVUVC64 - ok 08:47:24.0224 8104 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 08:47:24.0226 8104 Mcx2Svc - ok 08:47:24.0231 8104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 08:47:24.0232 8104 megasas - ok 08:47:24.0244 8104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 08:47:24.0247 8104 MegaSR - ok 08:47:24.0255 8104 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 08:47:24.0256 8104 Microsoft Office Groove Audit Service - ok 08:47:24.0261 8104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:47:24.0262 8104 MMCSS - ok 08:47:24.0266 8104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:47:24.0266 8104 Modem - ok 08:47:24.0270 8104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:47:24.0270 8104 monitor - ok 08:47:24.0274 8104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:47:24.0275 8104 mouclass - ok 08:47:24.0278 8104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:47:24.0279 8104 mouhid - ok 08:47:24.0285 8104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:47:24.0286 8104 mountmgr - ok 08:47:24.0295 8104 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 08:47:24.0296 8104 MpFilter - ok 08:47:24.0304 8104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:47:24.0305 8104 mpio - ok 08:47:24.0310 8104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:47:24.0311 8104 mpsdrv - ok 08:47:24.0343 8104 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 08:47:24.0351 8104 MpsSvc - ok 08:47:24.0359 8104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:47:24.0361 8104 MRxDAV - ok 08:47:24.0370 8104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:47:24.0372 8104 mrxsmb - ok 08:47:24.0384 8104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:47:24.0387 8104 mrxsmb10 - ok 08:47:24.0393 8104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:47:24.0395 8104 mrxsmb20 - ok 08:47:24.0398 8104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:47:24.0399 8104 msahci - ok 08:47:24.0406 8104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:47:24.0408 8104 msdsm - ok 08:47:24.0415 8104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:47:24.0417 8104 MSDTC - ok 08:47:24.0423 8104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:47:24.0424 8104 Msfs - ok 08:47:24.0426 8104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:47:24.0427 8104 mshidkmdf - ok 08:47:24.0430 8104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:47:24.0430 8104 msisadrv - ok 08:47:24.0440 8104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:47:24.0442 8104 MSiSCSI - ok 08:47:24.0445 8104 msiserver - ok 08:47:24.0448 8104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:47:24.0449 8104 MSKSSRV - ok 08:47:24.0453 8104 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe 08:47:24.0454 8104 MsMpSvc - ok 08:47:24.0457 8104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:47:24.0457 8104 MSPCLOCK - ok 08:47:24.0460 8104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:47:24.0461 8104 MSPQM - ok 08:47:24.0478 8104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:47:24.0483 8104 MsRPC - ok 08:47:24.0488 8104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:47:24.0489 8104 mssmbios - ok 08:47:24.0491 8104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:47:24.0492 8104 MSTEE - ok 08:47:24.0495 8104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 08:47:24.0496 8104 MTConfig - ok 08:47:24.0501 8104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:47:24.0501 8104 Mup - ok 08:47:24.0521 8104 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 08:47:24.0527 8104 napagent - ok 08:47:24.0539 8104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:47:24.0542 8104 NativeWifiP - ok 08:47:24.0581 8104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:47:24.0591 8104 NDIS - ok 08:47:24.0595 8104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:47:24.0596 8104 NdisCap - ok 08:47:24.0599 8104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:47:24.0600 8104 NdisTapi - ok 08:47:24.0604 8104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:47:24.0605 8104 Ndisuio - ok 08:47:24.0613 8104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:47:24.0616 8104 NdisWan - ok 08:47:24.0620 8104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:47:24.0621 8104 NDProxy - ok 08:47:24.0625 8104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:47:24.0626 8104 NetBIOS - ok 08:47:24.0638 8104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:47:24.0641 8104 NetBT - ok 08:47:24.0644 8104 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:47:24.0645 8104 Netlogon - ok 08:47:24.0661 8104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:47:24.0666 8104 Netman - ok 08:47:24.0678 8104 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:47:24.0682 8104 NetMsmqActivator - ok 08:47:24.0685 8104 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:47:24.0685 8104 NetPipeActivator - ok 08:47:24.0705 8104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:47:24.0710 8104 netprofm - ok 08:47:24.0713 8104 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:47:24.0714 8104 NetTcpActivator - ok 08:47:24.0716 8104 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:47:24.0717 8104 NetTcpPortSharing - ok 08:47:24.0725 8104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 08:47:24.0726 8104 nfrd960 - ok 08:47:24.0732 8104 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 08:47:24.0733 8104 NisDrv - ok 08:47:24.0745 8104 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe 08:47:24.0747 8104 NisSrv - ok 08:47:24.0760 8104 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 08:47:24.0765 8104 NlaSvc - ok 08:47:24.0769 8104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:47:24.0770 8104 Npfs - ok 08:47:24.0774 8104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:47:24.0775 8104 nsi - ok 08:47:24.0779 8104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:47:24.0779 8104 nsiproxy - ok 08:47:24.0861 8104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:47:24.0883 8104 Ntfs - ok 08:47:24.0911 8104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:47:24.0912 8104 Null - ok 08:47:24.0918 8104 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys 08:47:24.0919 8104 nusb3hub - ok 08:47:24.0929 8104 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys 08:47:24.0931 8104 nusb3xhc - ok 08:47:24.0940 8104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:47:24.0942 8104 nvraid - ok 08:47:24.0951 8104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:47:24.0954 8104 nvstor - ok 08:47:24.0961 8104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:47:24.0963 8104 nv_agp - ok 08:47:24.0984 8104 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 08:47:24.0990 8104 odserv - ok 08:47:24.0995 8104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:47:24.0997 8104 ohci1394 - ok 08:47:25.0004 8104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:47:25.0005 8104 ose - ok 08:47:25.0023 8104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:47:25.0028 8104 p2pimsvc - ok 08:47:25.0046 8104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:47:25.0051 8104 p2psvc - ok 08:47:25.0058 8104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 08:47:25.0059 8104 Parport - ok 08:47:25.0064 8104 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 08:47:25.0065 8104 partmgr - ok 08:47:25.0076 8104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:47:25.0079 8104 PcaSvc - ok 08:47:25.0090 8104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:47:25.0093 8104 pci - ok 08:47:25.0096 8104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:47:25.0097 8104 pciide - ok 08:47:25.0107 8104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 08:47:25.0109 8104 pcmcia - ok 08:47:25.0114 8104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:47:25.0115 8104 pcw - ok 08:47:25.0144 8104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:47:25.0153 8104 PEAUTH - ok 08:47:25.0207 8104 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 08:47:25.0225 8104 PeerDistSvc - ok 08:47:25.0248 8104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:47:25.0250 8104 PerfHost - ok 08:47:25.0326 8104 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 08:47:25.0340 8104 pla - ok 08:47:25.0358 8104 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 08:47:25.0364 8104 PlugPlay - ok 08:47:25.0367 8104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:47:25.0369 8104 PNRPAutoReg - ok 08:47:25.0382 8104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:47:25.0384 8104 PNRPsvc - ok 08:47:25.0406 8104 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 08:47:25.0412 8104 PolicyAgent - ok 08:47:25.0422 8104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 08:47:25.0425 8104 Power - ok 08:47:25.0435 8104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:47:25.0436 8104 PptpMiniport - ok 08:47:25.0441 8104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 08:47:25.0442 8104 Processor - ok 08:47:25.0452 8104 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 08:47:25.0455 8104 ProfSvc - ok 08:47:25.0458 8104 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:47:25.0459 8104 ProtectedStorage - ok 08:47:25.0467 8104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:47:25.0468 8104 Psched - ok 08:47:25.0473 8104 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys 08:47:25.0474 8104 PxHlpa64 - ok 08:47:25.0545 8104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 08:47:25.0569 8104 ql2300 - ok 08:47:25.0607 8104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 08:47:25.0610 8104 ql40xx - ok 08:47:25.0622 8104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:47:25.0626 8104 QWAVE - ok 08:47:25.0630 8104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:47:25.0631 8104 QWAVEdrv - ok 08:47:25.0634 8104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:47:25.0635 8104 RasAcd - ok 08:47:25.0641 8104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:47:25.0642 8104 RasAgileVpn - ok 08:47:25.0648 8104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:47:25.0650 8104 RasAuto - ok 08:47:25.0659 8104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:47:25.0661 8104 Rasl2tp - ok 08:47:25.0676 8104 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 08:47:25.0681 8104 RasMan - ok 08:47:25.0688 8104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:47:25.0690 8104 RasPppoe - ok 08:47:25.0696 8104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:47:25.0697 8104 RasSstp - ok 08:47:25.0713 8104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:47:25.0718 8104 rdbss - ok 08:47:25.0722 8104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 08:47:25.0723 8104 rdpbus - ok 08:47:25.0726 8104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:47:25.0726 8104 RDPCDD - ok 08:47:25.0733 8104 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) C:\Windows\system32\DRIVERS\rdpdispm.sys 08:47:25.0734 8104 RDPDISPM - ok 08:47:25.0744 8104 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 08:47:25.0746 8104 RDPDR - ok 08:47:25.0750 8104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:47:25.0750 8104 RDPENCDD - ok 08:47:25.0756 8104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:47:25.0756 8104 RDPREFMP - ok 08:47:25.0767 8104 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 08:47:25.0769 8104 RDPWD - ok 08:47:25.0779 8104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:47:25.0782 8104 rdyboost - ok 08:47:25.0787 8104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:47:25.0789 8104 RemoteAccess - ok 08:47:25.0796 8104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:47:25.0798 8104 RemoteRegistry - ok 08:47:25.0803 8104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:47:25.0805 8104 RpcEptMapper - ok 08:47:25.0808 8104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:47:25.0809 8104 RpcLocator - ok 08:47:25.0831 8104 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:47:25.0834 8104 RpcSs - ok 08:47:25.0840 8104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:47:25.0841 8104 rspndr - ok 08:47:25.0851 8104 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys 08:47:25.0853 8104 RSUSBSTOR - ok 08:47:25.0863 8104 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys 08:47:25.0879 8104 RTHDMIAzAudService - ok 08:47:25.0894 8104 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys 08:47:25.0896 8104 RTL8167 - ok 08:47:25.0899 8104 RtsUIR - ok 08:47:25.0903 8104 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 08:47:25.0904 8104 s3cap - ok 08:47:25.0907 8104 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:47:25.0908 8104 SamSs - ok 08:47:25.0914 8104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:47:25.0916 8104 sbp2port - ok 08:47:25.0924 8104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:47:25.0926 8104 SCardSvr - ok 08:47:25.0930 8104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:47:25.0931 8104 scfilter - ok 08:47:25.0968 8104 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 08:47:25.0979 8104 Schedule - ok 08:47:25.0985 8104 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:47:25.0985 8104 SCPolicySvc - ok 08:47:25.0993 8104 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 08:47:25.0996 8104 SDRSVC - ok 08:47:26.0002 8104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:47:26.0003 8104 secdrv - ok 08:47:26.0006 8104 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 08:47:26.0007 8104 seclogon - ok 08:47:26.0012 8104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 08:47:26.0015 8104 SENS - ok 08:47:26.0018 8104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:47:26.0020 8104 SensrSvc - ok 08:47:26.0023 8104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 08:47:26.0024 8104 Serenum - ok 08:47:26.0029 8104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 08:47:26.0030 8104 Serial - ok 08:47:26.0033 8104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 08:47:26.0034 8104 sermouse - ok 08:47:26.0046 8104 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 08:47:26.0048 8104 SessionEnv - ok 08:47:26.0051 8104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:47:26.0052 8104 sffdisk - ok 08:47:26.0054 8104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:47:26.0055 8104 sffp_mmc - ok 08:47:26.0058 8104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:47:26.0059 8104 sffp_sd - ok 08:47:26.0062 8104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 08:47:26.0063 8104 sfloppy - ok 08:47:26.0078 8104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:47:26.0082 8104 SharedAccess - ok 08:47:26.0098 8104 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 08:47:26.0103 8104 ShellHWDetection - ok 08:47:26.0107 8104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:47:26.0108 8104 SiSRaid2 - ok 08:47:26.0113 8104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 08:47:26.0114 8104 SiSRaid4 - ok 08:47:26.0119 8104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:47:26.0120 8104 Smb - ok 08:47:26.0126 8104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:47:26.0128 8104 SNMPTRAP - ok 08:47:26.0131 8104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:47:26.0132 8104 spldr - ok 08:47:26.0155 8104 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 08:47:26.0163 8104 Spooler - ok 08:47:26.0334 8104 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 08:47:26.0375 8104 sppsvc - ok 08:47:26.0403 8104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:47:26.0405 8104 sppuinotify - ok 08:47:26.0429 8104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:47:26.0435 8104 srv - ok 08:47:26.0453 8104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:47:26.0458 8104 srv2 - ok 08:47:26.0466 8104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:47:26.0468 8104 srvnet - ok 08:47:26.0478 8104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 08:47:26.0481 8104 SSDPSRV - ok 08:47:26.0485 8104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 08:47:26.0488 8104 SstpSvc - ok 08:47:26.0491 8104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 08:47:26.0491 8104 stexstor - ok 08:47:26.0516 8104 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 08:47:26.0524 8104 stisvc - ok 08:47:26.0528 8104 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 08:47:26.0529 8104 storflt - ok 08:47:26.0532 8104 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 08:47:26.0534 8104 StorSvc - ok 08:47:26.0537 8104 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 08:47:26.0538 8104 storvsc - ok 08:47:26.0541 8104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:47:26.0541 8104 swenum - ok 08:47:26.0561 8104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 08:47:26.0567 8104 swprv - ok 08:47:26.0642 8104 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 08:47:26.0664 8104 SysMain - ok 08:47:26.0693 8104 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 08:47:26.0695 8104 TabletInputService - ok 08:47:26.0708 8104 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 08:47:26.0713 8104 TapiSrv - ok 08:47:26.0718 8104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 08:47:26.0720 8104 TBS - ok 08:47:26.0797 8104 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 08:47:26.0817 8104 Tcpip - ok 08:47:26.0899 8104 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 08:47:26.0907 8104 TCPIP6 - ok 08:47:26.0937 8104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:47:26.0938 8104 tcpipreg - ok 08:47:26.0942 8104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:47:26.0943 8104 TDPIPE - ok 08:47:26.0947 8104 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 08:47:26.0947 8104 TDTCP - ok 08:47:26.0954 8104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:47:26.0955 8104 tdx - ok 08:47:26.0960 8104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:47:26.0960 8104 TermDD - ok 08:47:26.0983 8104 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 08:47:26.0989 8104 TermService - ok 08:47:26.0993 8104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 08:47:26.0995 8104 Themes - ok 08:47:26.0999 8104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:47:27.0000 8104 THREADORDER - ok 08:47:27.0008 8104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 08:47:27.0010 8104 TrkWks - ok 08:47:27.0018 8104 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 08:47:27.0020 8104 TrustedInstaller - ok 08:47:27.0026 8104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:47:27.0026 8104 tssecsrv - ok 08:47:27.0032 8104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:47:27.0033 8104 TsUsbFlt - ok 08:47:27.0040 8104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:47:27.0042 8104 tunnel - ok 08:47:27.0046 8104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 08:47:27.0047 8104 uagp35 - ok 08:47:27.0060 8104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:47:27.0064 8104 udfs - ok 08:47:27.0070 8104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 08:47:27.0072 8104 UI0Detect - ok 08:47:27.0077 8104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:47:27.0078 8104 uliagpkx - ok 08:47:27.0082 8104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 08:47:27.0083 8104 umbus - ok 08:47:27.0086 8104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 08:47:27.0087 8104 UmPass - ok 08:47:27.0096 8104 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 08:47:27.0099 8104 UmRdpService - ok 08:47:27.0118 8104 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 08:47:27.0122 8104 UMVPFSrv - ok 08:47:27.0138 8104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 08:47:27.0144 8104 upnphost - ok 08:47:27.0149 8104 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 08:47:27.0150 8104 USBAAPL64 - ok 08:47:27.0157 8104 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 08:47:27.0158 8104 usbaudio - ok 08:47:27.0164 8104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:47:27.0165 8104 usbccgp - ok 08:47:27.0167 8104 USBCCID - ok 08:47:27.0175 8104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:47:27.0176 8104 usbcir - ok 08:47:27.0180 8104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:47:27.0181 8104 usbehci - ok 08:47:27.0185 8104 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 08:47:27.0185 8104 usbfilter - ok 08:47:27.0197 8104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:47:27.0200 8104 usbhub - ok 08:47:27.0204 8104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 08:47:27.0204 8104 usbohci - ok 08:47:27.0208 8104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 08:47:27.0209 8104 usbprint - ok 08:47:27.0213 8104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 08:47:27.0214 8104 usbscan - ok 08:47:27.0219 8104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:47:27.0221 8104 USBSTOR - ok 08:47:27.0224 8104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 08:47:27.0225 8104 usbuhci - ok 08:47:27.0234 8104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 08:47:27.0236 8104 usbvideo - ok 08:47:27.0240 8104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 08:47:27.0242 8104 UxSms - ok 08:47:27.0245 8104 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:47:27.0246 8104 VaultSvc - ok 08:47:27.0249 8104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:47:27.0250 8104 vdrvroot - ok 08:47:27.0271 8104 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 08:47:27.0277 8104 vds - ok 08:47:27.0281 8104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:47:27.0282 8104 vga - ok 08:47:27.0285 8104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:47:27.0287 8104 VgaSave - ok 08:47:27.0295 8104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:47:27.0298 8104 vhdmp - ok 08:47:27.0301 8104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:47:27.0302 8104 viaide - ok 08:47:27.0311 8104 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 08:47:27.0314 8104 vmbus - ok 08:47:27.0317 8104 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 08:47:27.0318 8104 VMBusHID - ok 08:47:27.0322 8104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:47:27.0324 8104 volmgr - ok 08:47:27.0339 8104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:47:27.0343 8104 volmgrx - ok 08:47:27.0356 8104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:47:27.0360 8104 volsnap - ok 08:47:27.0368 8104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 08:47:27.0370 8104 vsmraid - ok 08:47:27.0441 8104 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 08:47:27.0460 8104 VSS - ok 08:47:27.0487 8104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 08:47:27.0488 8104 vwifibus - ok 08:47:27.0503 8104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 08:47:27.0508 8104 W32Time - ok 08:47:27.0513 8104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 08:47:27.0514 8104 WacomPen - ok 08:47:27.0520 8104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:47:27.0521 8104 WANARP - ok 08:47:27.0524 8104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:47:27.0524 8104 Wanarpv6 - ok 08:47:27.0587 8104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 08:47:27.0606 8104 WatAdminSvc - ok 08:47:27.0673 8104 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 08:47:27.0693 8104 wbengine - ok 08:47:27.0731 8104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 08:47:27.0736 8104 WbioSrvc - ok 08:47:27.0757 8104 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 08:47:27.0764 8104 wcncsvc - ok 08:47:27.0770 8104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 08:47:27.0773 8104 WcsPlugInService - ok 08:47:27.0781 8104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 08:47:27.0782 8104 Wd - ok 08:47:27.0815 8104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:47:27.0824 8104 Wdf01000 - ok 08:47:27.0833 8104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:47:27.0836 8104 WdiServiceHost - ok 08:47:27.0838 8104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:47:27.0840 8104 WdiSystemHost - ok 08:47:27.0851 8104 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 08:47:27.0855 8104 WebClient - ok 08:47:27.0865 8104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 08:47:27.0869 8104 Wecsvc - ok 08:47:27.0874 8104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 08:47:27.0876 8104 wercplsupport - ok 08:47:27.0881 8104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 08:47:27.0883 8104 WerSvc - ok 08:47:27.0888 8104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:47:27.0889 8104 WfpLwf - ok 08:47:27.0892 8104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:47:27.0893 8104 WIMMount - ok 08:47:27.0895 8104 WinDefend - ok 08:47:27.0902 8104 WinHttpAutoProxySvc - ok 08:47:27.0917 8104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 08:47:27.0920 8104 Winmgmt - ok 08:47:28.0001 8104 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 08:47:28.0026 8104 WinRM - ok 08:47:28.0061 8104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 08:47:28.0063 8104 WinUsb - ok 08:47:28.0095 8104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 08:47:28.0104 8104 Wlansvc - ok 08:47:28.0111 8104 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 08:47:28.0112 8104 wlcrasvc - ok 08:47:28.0227 8104 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 08:47:28.0251 8104 wlidsvc - ok 08:47:28.0279 8104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:47:28.0279 8104 WmiAcpi - ok 08:47:28.0293 8104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 08:47:28.0296 8104 wmiApSrv - ok 08:47:28.0299 8104 WMPNetworkSvc - ok 08:47:28.0303 8104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 08:47:28.0305 8104 WPCSvc - ok 08:47:28.0312 8104 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 08:47:28.0315 8104 WPDBusEnum - ok 08:47:28.0318 8104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:47:28.0319 8104 ws2ifsl - ok 08:47:28.0324 8104 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 08:47:28.0326 8104 wscsvc - ok 08:47:28.0328 8104 WSearch - ok 08:47:28.0450 8104 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 08:47:28.0490 8104 wuauserv - ok 08:47:28.0525 8104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:47:28.0527 8104 WudfPf - ok 08:47:28.0537 8104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:47:28.0540 8104 WUDFRd - ok 08:47:28.0546 8104 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 08:47:28.0549 8104 wudfsvc - ok 08:47:28.0561 8104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 08:47:28.0565 8104 WwanSvc - ok 08:47:28.0572 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3 08:47:28.0696 8104 \Device\Harddisk3\DR3 - ok 08:47:28.0718 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 08:47:28.0723 8104 \Device\Harddisk0\DR0 - ok 08:47:28.0730 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 08:47:28.0734 8104 \Device\Harddisk1\DR1 - ok 08:47:28.0739 8104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2 08:47:28.0742 8104 \Device\Harddisk2\DR2 - ok 08:47:28.0745 8104 Boot (0x1200) (37c7f0971007cbf136ac52a0d211d083) \Device\Harddisk3\DR3\Partition0 08:47:28.0747 8104 \Device\Harddisk3\DR3\Partition0 - ok 08:47:28.0751 8104 Boot (0x1200) (6c1fc5eef85479b74d28f28b1ec1b4f1) \Device\Harddisk3\DR3\Partition1 08:47:28.0753 8104 \Device\Harddisk3\DR3\Partition1 - ok 08:47:28.0757 8104 Boot (0x1200) (1c81ba0a65f91a2e9319a42a45714861) \Device\Harddisk0\DR0\Partition0 08:47:28.0759 8104 \Device\Harddisk0\DR0\Partition0 - ok 08:47:28.0763 8104 Boot (0x1200) (cb8f5e8964e1eeed9de3dd63504a7704) \Device\Harddisk1\DR1\Partition0 08:47:28.0765 8104 \Device\Harddisk1\DR1\Partition0 - ok 08:47:28.0768 8104 Boot (0x1200) (ede2f40abb8b401821ec0acf8137ce4b) \Device\Harddisk2\DR2\Partition0 08:47:28.0769 8104 \Device\Harddisk2\DR2\Partition0 - ok 08:47:28.0769 8104 ============================================================ 08:47:28.0769 8104 Scan finished 08:47:28.0769 8104 ============================================================ 08:47:28.0776 5676 Detected object count: 0 08:47:28.0776 5676 Actual detected object count: 0 TDSSKiller.2.7.37.0_24.05.2012_08.47.13_log.txt
  3. Confuzzed
    I have been infected. I honestly am not sure where it came from, or what it is. Antivirus does nost find it. Eset does not find it. Malwarebytes does not find it (although it did find other itmes). I have attached the files as directed. Attach.txt DDS.txt
  4. Confuzzed
    I am running XP SP3. I foloowed the above directions and get the follwoing error after clicking "yes" to continue. Error: Registry Editor could not set security in the key currently selected, or some of its subkeys. I'm stumped....
  5. Confuzzed
    Maybe I am either not following, or I am not being clear (either is very possible). Following up the path, the most nested key I can not access. The ones above it have full access. Does that make sense?
  6. Confuzzed
    Well, that seems to be the problem. I can not open the key nor get to the permissions. It give me an "Unable to display security information" error. I can get to the subkey above it, and there are full permissions there. I am a bit lost.
  7. Confuzzed
    Just those two, and windows firewall.... Thanks
  8. Confuzzed
    Not sure if this is in the correct forum, but here it goes. Problem... after having a virus and getting it resolved here http://forums.malwarebytes.org/index.php?s...fuzzed&st=0 I have run into a problem trying to install some software. The installer says it cannot access the reg file. When I run regedit, I get the error "Cannot open {26CE9193-6640-418a-B7DD-DC07D7F3BBBF}: Error while opening key. I can not delete or change the key. It is located here: HKEY_USERS\S-1-5-21-527237240-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Settings\{76152C9D-0360-4843-85AD-1BDCE62EB374}\{26CE9193-6640-418a-B7DD-DC07D7F3BBBF} The only other oddity is that I am not able to fully install a web cam. Of the two I tried, Skype does not recognize them even though they are certified by Skype. Not sure if this is related. Microsoft Security Essentials and Malwarebytes Anti-Malware both turn up nothing. Everything else seems to be OK. Thoughts?
  9. Confuzzed
    The MBAM comes up clean and I have previously run the Combofix. Also the MS Security Essentials comes up clean. About the only thing left to turn on the CDROM emulation software using Defogger. The computer now seems to be shutting down ok, it just does not want to boot with a USB drive installed. Thoughts?
  10. Confuzzed
    I think I did it, almost. I had a few virus' and at one time a backdoor.bot, went throught the self help section to work it out. I think I got it. The computer is scanning clean (although it too a number of days). Both the disk.sys and atapi.sys were infected. About the only problem I still seem to have is the computer does not want to close outlook completely and is having problems shutting down from the Start Menu. Any thoughts would be appreciated. DDS (Ver_10-03-17.01) - NTFSx86 Run by Lawson at 11:31:56.64 on Mon 05/17/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2794 [GMT -7:00] AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WTouch\WTouchService.exe svchost.exe svchost.exe C:\WINDOWS\System32\iscsiexe.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WTouch\WTouchUser.exe svchost.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NDAS\System\ndassvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\Lawson\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Documents and Settings\Lawson\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Lawson\Desktop\Temp1\dds.EXE ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *.local BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [MoeMonitor.exe] "c:\documents and settings\lawson\local settings\application data\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\lawson\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drobod~1.lnk - c:\program files\drobo\drobo dashboard\DroboDashboard.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238108135196 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238176636093 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.28/TSWeb.cab DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - hxxps://oca.microsoft.com/en/secure/ocarpt.CAB DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: wlcrdplauncher - c:\program files\live mesh\remote desktop\wlcrdplauncher.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2009-2-7 274920] R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2009-2-7 100840] R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2009-2-7 285160] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040] R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2009-2-7 416232] R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2009-2-7 783848] R2 DDService;Drobo Dashboard Service;c:\program files\drobo\drobo dashboard\support\DDService.exe [2010-3-19 704512] R2 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\iscsiexe.exe [2008-11-13 103480] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-2-18 4408616] R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2010-2-17 44880] R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-2-18 112936] R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2008-11-13 158264] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2009-2-7 121320] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-3-26 39456] R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-2-17 9040] R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-2-17 19408] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-2-18 15656] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-16 133104] S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2009-2-7 276968] S3 TVService;TVService;c:\program files\team mediaportal\mediaportal tv server\TvService.exe [2009-5-8 192512] ============== File Associations =============== .scr=DWGTrueViewScriptFile =============== Created Last 30 ================ 2010-05-15 00:23:13 0 ----a-w- c:\documents and settings\lawson\defogger_reenable 2010-05-14 23:22:41 0 d-----w- c:\program files\Runtime Software 2010-05-14 21:58:49 36352 -c--a-w- c:\windows\system32\dllcache\disk.sys 2010-05-14 21:58:49 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2010-05-14 21:55:46 98816 ----a-w- c:\windows\sed.exe 2010-05-14 21:55:46 77312 ----a-w- c:\windows\MBR.exe 2010-05-14 21:55:46 256512 ----a-w- c:\windows\PEV.exe 2010-05-14 21:55:46 161792 ----a-w- c:\windows\SWREG.exe 2010-05-14 21:15:48 0 d-sha-r- C:\cmdcons 2010-05-14 21:15:46 0 d-----w- c:\windows\setup.pss 2010-05-14 21:15:36 0 d-----w- c:\windows\setupupd 2010-05-14 16:25:21 3245 ----a-w- c:\windows\system32\wbem\Outlook_01caf3820c855766.mof 2010-05-14 02:49:39 0 d-----w- c:\windows\system32\wbem\Repository 2010-05-14 01:16:18 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-05-14 01:16:18 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-05-14 01:15:52 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-05-14 01:15:52 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-05-13 16:36:47 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-13 16:33:15 0 d-----w- c:\program files\Microsoft Security Essentials 2010-05-13 16:27:50 0 d-----w- C:\60d349ba54d46634af 2010-05-13 00:50:07 0 d-----w- c:\docume~1\lawson\applic~1\Malwarebytes 2010-05-13 00:49:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-13 00:49:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-13 00:49:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-13 00:49:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-12 00:16:02 0 d-----w- c:\program files\Remove Empty Directories 2010-05-11 20:06:51 0 d-----w- c:\program files\Microsoft LifeCam 2010-05-11 20:06:40 0 d-----w- c:\windows\Logs 2010-04-30 16:29:05 0 d-----w- c:\program files\iPod 2010-04-30 16:29:01 0 d-----w- c:\program files\iTunes 2010-04-30 16:25:48 0 d-----w- c:\program files\Bonjour 2010-04-27 13:30:30 210352 ----a-w- c:\windows\system32\idmmbc.dll ==================== Find3M ==================== 2010-05-14 21:45:46 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-25 22:19:28 74756 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-15 23:02:39 137195 ----a-w- c:\windows\fonts\AdobeFnt08.lst 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-17 23:34:07 15696 ----a-w- c:\windows\system32\rdpvdd.dll 2010-02-17 23:34:07 118736 ----a-w- c:\windows\system32\rdpdispd.dll 2009-10-21 01:21:18 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat ============= FINISH: 11:32:13.71 =============== Attach.zip
  11. Confuzzed
    Is there any way to get the remenants of all these programs out?
  12. Confuzzed
    Hmmmm.... Are there any free malware programs I could run instead? Budgets are tight. I rolled back to IE7, everything worked, then upgraded back to IE8. Got MS Essentials installed. Cleaned up all the misc installations I could. Any reccomendations for a free registry cleaner - I am sure mine is full of crud. Other than that, I am still trying it out. Things seem ok, but have not had much up time on this machine.
  13. Confuzzed
    Well, that seemed to work. Thanks. After looking at mbam, unless I purchase the program it really does not add any protection does it (besides manually running scans from time to time).
  14. Confuzzed
    Well then IE is on the way out to be reintalled later. What about he copies of CCLeaner, cwshredder, HiJack This, Malwarebytes Anti Malware, Spybot Search and Destroy, Spyware Doctor, Super Antispyware, Windows Malious Program Remover, AVG Antivirus, Ad-Aware, etc I have installed. I figure I should probably just keep the AVG Antivirus unless you have a better suggestion.
  15. Confuzzed
    It does not appear I have IE7 installed on the machine. Stepping back would have me reinstalling a number of programs that depend on IE. That being said, what antivirus and antimalware programs should I keep active? Right now this computer is moving at a snails pace.
  16. Confuzzed
    No joy. I ran into this webpage error and was unable load another search engine. Webpage error details User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Timestamp: Sat, 12 Dec 2009 00:01:23 UTC Message: Element not found. Line: 167 Char: 1 Code: 0 URI: http://www.microsoft.com/windows/ie/search...m/runonce2.aspx
  17. Confuzzed
    Changing the default search engine in IE8. The version is up in the Malwarebytes log if it makes any difference.
  18. Confuzzed
    It also seems that I am unable to add or change the search engine. Hmmm.....
  19. Confuzzed
    I just ran the scans again. Malwarebytes did not find anything, but eset did. See below. Malwarebytes' Anti-Malware 1.42 Database version: 3345 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/11/2009 8:33:52 AM mbam-log-2009-12-11 (08-33-52).txt Scan type: Quick Scan Objects scanned: 139120 Time elapsed: 15 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESET ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=a502bb5dfd41fe4ebb523be5b5a9c1d2 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-12-11 04:09:14 # local_time=2009-12-11 08:09:14 (-0800, Pacific Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 2647253 2647253 0 0 # compatibility_mode=1024 16777175 100 0 1188902 1188902 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 1796308 1796308 0 0 # scanned=73861 # found=1 # cleaned=1 # scan_time=2978 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PY virus (deleted - quarantined) 00000000000000000000000000000000 C
  20. Confuzzed
    Fudge. I ran out of time at this location. I will be back this way in about a week and a half and I can continue to work on this. I ran Malwarebytes and it appears clean (seel log below), and ran Eset to about 75% complete without infection. I will have to run both of these again when I am back this way. I'll let you know. Thanks for your help so far, I belive we are close if not there already. Malwarebytes' Anti-Malware 1.41 Database version: 3267 Windows 5.1.2600 Service Pack 3 12/1/2009 7:31:48 AM mbam-log-2009-12-01 (07-31-48).txt Scan type: Quick Scan Objects scanned: 120558 Time elapsed: 7 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  21. Confuzzed
    Well... I followed the link as you suggested and turned off the Resident Sheild as was indicated on older versions of AVG. The Link refers to different versions up to v8.5 and I am running v9.0. I noted my concerns, but figired AVG 9 operated as the older versions. Anyway, I ran ComboFix as you requested and below is the log. ComboFix did hang during one of the restarts, not sure why, but hopefully it did not screw anything up. Hope this helps: ________________________________________________________________________ ComboFix 09-11-30.02 - SL 11/30/2009 17:38.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.569 [GMT -8:00] Running from: c:\documents and settings\SL\Desktop\kahdah.pif . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\sstray.exe c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys . ((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 ))))))))))))))))))))))))))))))) . 2009-11-30 22:49 . 2009-12-01 00:06 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2009-11-30 16:24 . 2009-11-30 16:24 292352 ----a-w- C:\m56rlhin.exe 2009-11-28 17:11 . 2009-11-28 17:11 -------- d-----w- c:\documents and settings\PG\Application Data\Malwarebytes 2009-11-26 22:10 . 2009-11-26 22:04 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-11-26 22:10 . 2009-11-26 22:04 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2009-11-26 22:10 . 2009-11-26 22:04 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2009-11-26 22:10 . 2009-11-26 22:04 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2009-11-26 22:04 . 2009-11-26 22:04 -------- d-----w- c:\program files\AVG 2009-11-26 21:45 . 2009-11-26 21:45 3584 ----a-r- c:\documents and settings\SL\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2009-11-26 21:45 . 2009-11-26 21:45 -------- d-----w- c:\program files\Windows Installer Clean Up 2009-11-26 03:01 . 2009-11-10 14:30 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-25 20:21 . 2009-11-25 20:21 117760 ----a-w- c:\documents and settings\SL\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-25 20:21 . 2009-11-25 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-11-25 20:21 . 2009-11-25 20:21 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-11-25 20:21 . 2009-11-25 20:21 -------- d-----w- c:\documents and settings\SL\Application Data\SUPERAntiSpyware.com 2009-11-25 19:29 . 2009-11-25 19:29 -------- d-----w- c:\program files\CCleaner 2009-11-25 16:15 . 2009-11-25 16:15 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-10 14:29 . 2009-11-10 14:29 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-11-10 14:29 . 2009-11-26 00:39 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-11-10 14:29 . 2009-11-26 00:39 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-11-10 14:29 . 2009-11-26 00:39 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-11-10 14:29 . 2009-11-26 00:39 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-11-10 14:29 . 2009-11-26 00:39 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-11-10 14:28 . 2009-11-26 00:39 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-11-10 14:28 . 2009-11-26 00:39 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-11-10 14:28 . 2009-11-26 00:39 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-11-10 14:28 . 2009-11-26 00:39 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-11-10 14:27 . 2009-11-10 14:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-10 14:27 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-11-10 14:26 . 2009-11-10 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-11-10 14:26 . 2009-11-10 14:26 -------- d-----w- c:\program files\Lavasoft 2009-11-10 14:22 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-10 14:22 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-10 14:22 . 2009-11-25 23:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-10 05:48 . 2009-11-10 05:48 -------- d-sh--w- c:\documents and settings\PG\IECompatCache 2009-11-10 05:21 . 2009-11-10 05:21 -------- d-----w- c:\program files\ESET 2009-11-10 01:14 . 2009-11-10 01:43 -------- d-----w- C:\$AVG 2009-11-10 01:13 . 2009-11-10 01:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-10 01:13 . 2009-11-16 02:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-10 01:13 . 2009-11-10 01:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-10 01:13 . 2009-11-10 01:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-10 01:13 . 2009-11-30 16:25 -------- d-----w- c:\windows\system32\drivers\Avg 2009-11-10 01:12 . 2009-11-26 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-10 00:58 . 2009-11-10 00:58 -------- d-----w- c:\program files\Trend Micro 2009-11-09 23:56 . 2009-12-01 02:05 -------- d-----w- c:\documents and settings\SL\Application Data\DMCache 2009-11-09 19:13 . 2009-11-09 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-09 17:26 . 2009-11-09 17:26 -------- d-----w- c:\documents and settings\SL\Application Data\Malwarebytes 2009-11-09 17:26 . 2009-11-09 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-09 16:56 . 2009-11-09 16:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-01 21:59 . 2009-11-01 21:59 -------- d-----w- c:\documents and settings\PG\Local Settings\Application Data\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-26 21:44 . 2009-02-27 17:04 -------- d-----w- c:\program files\MSECACHE 2009-11-26 00:39 . 2009-11-10 14:30 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-11-26 00:39 . 2009-11-10 14:30 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-11-26 00:39 . 2009-11-10 14:30 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-11-26 00:39 . 2009-11-10 14:30 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-11-26 00:39 . 2009-11-10 14:30 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-11-26 00:39 . 2009-11-10 14:30 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-11-26 00:39 . 2009-11-10 14:30 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-11-25 20:20 . 2009-02-19 06:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-25 20:11 . 2006-10-24 15:01 -------- d-----w- c:\program files\Google 2009-11-25 17:28 . 2006-12-01 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-10 14:30 . 2009-11-10 14:30 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-10 14:30 . 2009-11-10 14:30 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys 2009-11-10 14:30 . 2009-11-10 14:30 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll 2009-11-10 14:30 . 2009-11-10 14:30 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-11-10 14:30 . 2009-11-10 14:30 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll 2009-11-10 14:30 . 2009-11-10 14:30 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll 2009-11-10 14:30 . 2009-11-10 14:30 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll 2009-11-10 14:30 . 2009-11-10 14:30 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll 2009-11-10 06:20 . 2008-09-01 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-10 05:24 . 2008-09-01 22:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-09 23:44 . 2009-08-23 17:50 -------- d-----w- c:\program files\Spyware Doctor 2009-11-09 23:43 . 2009-11-09 23:43 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-11-09 23:43 . 2009-08-23 17:51 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-03 04:42 . 2009-10-04 03:59 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-30 00:59 . 2006-11-28 15:03 3119320 ----a-w- c:\documents and settings\SL\Application Data\IDM\idmupdt.exe 2009-10-30 00:59 . 2006-10-26 17:15 -------- d-----w- c:\documents and settings\SL\Application Data\IDM 2009-10-19 23:57 . 2006-12-01 18:26 -------- d-----w- c:\program files\DivX 2009-10-19 23:55 . 2009-10-15 20:37 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-24 16:07 . 2009-04-11 17:41 198064 ----a-w- c:\documents and settings\SL\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2009-09-23 12:55 . 2009-11-10 14:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-11 14:18 . 2001-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 10:43 . 2009-10-15 06:09 210352 ----a-w- c:\windows\system32\idmmbc.dll 2009-09-04 21:03 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-15 3134896] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-10-06 866584] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-26 2020120] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264] c:\documents and settings\PG\Start Menu\Programs\Startup\ DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2009-2-27 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-10 01:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^SL^Start Menu^Programs^Startup^ikowin32.exe] backup=c:\windows\pss\ikowin32.exeStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/10/2009 6:30 AM 64288] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/23/2009 9:51 AM 206256] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/9/2009 5:13 PM 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/9/2009 5:13 PM 360584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/26/2009 2:04 PM 285392] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408] S2 gupdate1ca4dd75f989ce8;Google Update Service (gupdate1ca4dd75f989ce8);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1184912] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [10/5/2006 9:11 PM 13592] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [5/10/2009 1:35 PM 12672] S3 M2400;IEEE 802.11b Wireless Network Driver;c:\windows\system32\drivers\M2400.sys [10/13/2003 2:22 PM 51328] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/23/2009 9:50 AM 348752] . Contents of the 'Scheduled Tasks' folder 2009-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 00:39] 2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-11-30 c:\windows\Tasks\User_Feed_Synchronization-{10C5C172-A73E-4E78-9BB7-A8B606E717FC}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI AddRemove-Tweak UI 2.10 - c:\windows\system32\mshta.exe res://c:\windows\system32\TweakUI.exe/uninstall.hta ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-30 18:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\8.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):3d,b5,1c,f1,d7,7f,ab,d6,c3,c0,32,a1,20,d0,36,99,c0,f6,ba,c2,ac, 84,af,0a,ec,c6,e2,3f,e0,f6,36,d4,93,2c,b2,70,63,ff,60,59,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}] @Denied: (Full) (Everyone) "Model"=dword:00000075 "Therad"=dword:00000020 "MData"=hex(0):e1,90,6a,8e,a1,94,0b,6b,95,20,3b,49,2f,e8,42,e8,54,81,42,8f,ec, 1b,ec,4b,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(700) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3020) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscntfy.exe c:\program files\Internet Download Manager\IEMonitor.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Completion time: 2009-11-30 18:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-01 02:14 Pre-Run: 39,248,592,896 bytes free Post-Run: 40,115,982,336 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - C9A48D0EEE93D9810AEEB16020EF1AE5
  22. Confuzzed
    I got the GMER to run and here are the results. GMER 1.0.15.15252 - http://www.gmer.net Rootkit scan 2009-11-30 13:57:35 Windows 5.1.2600 Service Pack 3 Running: m56rlhin.exe; Driver: C:\DOCUME~1\SL\LOCALS~1\Temp\pxldypow.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF739BD72] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF737C9A6] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF737CB98] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF739C568] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF739C820] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF739AA80] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF739CC8A] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF739C036] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF559D0B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [D0, 59, F5] {RCR BYTE [ECX-0xb], 0x1} .rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF73E07AC] .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6AB5360, 0x24BB1D, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB) Device \Driver\00002142 -> \Driver\atapi \Device\Harddisk0\DR0 864D850C ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x3D 0xB5 0x1C 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}@Model 117 Reg HKLM\SOFTWARE\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}@Therad 32 Reg HKLM\SOFTWARE\Classes\CLSID\{858e1d13-756e-4696-b4bd-f1ba57801dc2}@MData 0xE1 0x90 0x6A 0x8E ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- Hope it helps...
  23. Confuzzed
    I started trying to follow the procedures you listed above, but with the parameters you set the OTL.exe program starts scanning fine but then hangs when trying to scan netsvcs. When I try and close the program a Not Responding error shows up. I have my AVG Resident Sheild disabled, should I have more of the AVG disabled? Perhaps something else? Oh, now I am getting popups as well. Oh joy....
  24. Confuzzed
    Alright. I give up and this thing has beat me so far. My McAfee finally expired and at some time after that my computer caught something. About 1 out of 4 times I click on a link from a search engine (Google, Yahoo, Bing, etc), I get redirected to some phony search engine or some ridiculous site. I tried a system restore to a month prior to my problem. No avail. I turned off the system restore to eliminate anything that might be lurking in there. I cleaned up a number of old versions of programs and uninstalled them - mostly the 8 version of Java I had installed. I can not boot in Safe Mode as I get hung up on Mup.sys. I have tried getting around this by running chkdsk and multiple Anti-Spy-Malware programs. I have run through CCLeaner, cwshredder, HiJack This, Malwarebytes Anti Malware, Spybot Search and Destroy, Spyware Doctor, Super Antispyware, Windows Malious Program Remover (Nov Edition), AVG Antivirus and Ad-Aware. Again, only in normal mode as I can not boot in safe mode - the computer hangs and reboots. Yes I reboot between scans. The Windows Malicious Program Remover found something and removed it, as did Malwarebytes (in full scan mode) and SuperAntiSpyware. The rest of the programs shows the computer is clean. All programs were checked for the most current updates before they were ran. My problem still exists. I have tried "fixing" these items in HiJack This but they keet coming back. O23 - Service: Google Update Service (gupdate1ca4dd75f989ce8) (gupdate1ca4dd75f989ce8) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) Just ran up to date versions of HiJack This, Malwarebytes, and AVG Antivirus. Hope someone can help, Thanks in advance. Here are the logs: MALWAREBYTES: Malwarebytes' Anti-Malware 1.41 Database version: 3234 Windows 5.1.2600 Service Pack 3 11/25/2009 6:28:37 PM mbam-log-2009-11-25 (18-28-37).txt Scan type: Quick Scan Objects scanned: 134513 Time elapsed: 36 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HIJACK THIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:12:03 PM, on 11/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161656023295 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235765052484 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca4dd75f989ce8) (gupdate1ca4dd75f989ce8) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 8661 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.