Jump to content

sparrowdclxvi

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Everything posted by sparrowdclxvi

  1. sparrowdclxvi
    I still get some blocks, but not as many. I use Skype for work, so have to have it installed. Not much else I can do. Thanks for all the help. You can close this thread now.
  2. sparrowdclxvi
    I uninstalled Skype, and had no ip blocks. I installed it again, and immediately got a block. I've now updated the registry to prevent this computer from being a supernode,and I'll see if that makes a difference. Thanks for the help.
  3. sparrowdclxvi
    I've uninstalled it, and will leave it for a couple of days. Did ComboFix show anything to be concerned about?
  4. sparrowdclxvi
    The IPs are almost exclusively from Skype. See below. The concern was the varying IPs and also varying ports. The odd thing is how they have tapered off massively over the last couple days. Loads up to 11 Feb, then one on the 12th, none on the 12th, and only one on the 14th. Reading that article it looks that could be all it is. I did have a few hits from Firefox early on, but those would probably be advertising on whichever forum I happened to be on. If you're happy it's just Skype, I'm happy to go with that. Thanks for your invaluable help. --------MBAM Logs-------------- 2012/02/11 00:52:32 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 00:52:40 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 00:52:48 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 01:44:01 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 01:44:01 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 01:44:09 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 02:24:58 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 02:24:59 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 02:24:59 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 03:06:52 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 03:06:52 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 03:07:08 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 03:58:29 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 03:58:29 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 03:58:37 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 05:51:59 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 05:51:59 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 05:52:07 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 06:02:32 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 06:02:40 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 06:02:48 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 07:45:54 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 07:45:54 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 07:46:02 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 08:37:31 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 08:37:32 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 08:37:40 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 08:38:28 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 08:38:28 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 08:38:36 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 09:19:31 GMT MESSAGE Executing scheduled update: Daily 2012/02/11 09:19:36 GMT MESSAGE Scheduled update executed successfully: database updated from version v2012.02.10.03 to version v2012.02.11.03 2012/02/11 09:19:36 GMT MESSAGE Starting database refresh 2012/02/11 09:19:36 GMT MESSAGE Stopping IP protection 2012/02/11 09:20:01 GMT MESSAGE IP Protection stopped 2012/02/11 09:20:02 GMT MESSAGE Database refreshed successfully 2012/02/11 09:20:02 GMT MESSAGE Starting IP protection 2012/02/11 09:20:02 GMT MESSAGE IP Protection started successfully 2012/02/11 09:29:38 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 09:29:46 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 09:29:54 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 11:21:49 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 11:21:57 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 11:22:05 GMT IP-BLOCK 91.212.226.82 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 23:22:11 GMT IP-BLOCK 79.133.196.251 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/11 23:22:19 GMT IP-BLOCK 79.133.196.251 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/12 07:40:20 GMT IP-BLOCK 94.100.22.126 (Type: outgoing, Port: 54157, Process: skype.exe) 2012/02/12 07:40:20 GMT IP-BLOCK 94.100.22.126 (Type: outgoing, Port: 28599, Process: skype.exe) 2012/02/14 17:01:07 GMT IP-BLOCK 83.128.61.92 (Type: outgoing, Port: 28599, Process: skype.exe)
  5. sparrowdclxvi
    Log below. e4awand is the product the company I work for develops, so you can ignore that. My computer is behaving normally. The number of blocked ip addresses appears to have reduced over the last couple of days, although I have had some today still. -------- ComboFix 12-02-13.01 - Xxxxxxxxxx 14/02/2012 22:08:29.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.12205.10027 [GMT 0:00] Running from: c:\users\Xxxxxxxxxx\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Xxxxxxxxxx\AppData\Roaming\Microsoft\AddIns\e4awand_oracle.dll c:\users\Xxxxxxxxxx\AppData\Roaming\Microsoft\AddIns\e4awand_oracle.xll . . ((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 ))))))))))))))))))))))))))))))) . . 2012-02-14 22:11 . 2012-02-14 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-14 17:56 . 2012-01-17 04:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE60AFEE-A1C9-4904-BFC5-3496E921FB48}\mpengine.dll 2012-02-14 17:20 . 2012-02-14 17:20 -------- d-----w- c:\program files\GIGABYTE 2012-02-14 17:20 . 2012-02-14 17:20 -------- d-----w- c:\program files (x86)\GIGABYTE 2012-02-14 17:20 . 2011-11-02 10:48 21616 ----a-w- c:\windows\system32\drivers\AppleCharger.sys 2012-02-14 17:20 . 2010-04-06 16:30 31272 ----a-w- c:\windows\system32\AppleChargerSrv.exe 2012-02-13 13:27 . 2012-02-13 13:28 -------- d-----w- c:\program files (x86)\PacificPoker 2012-02-07 17:00 . 2012-02-07 17:00 -------- d-----w- c:\windows\Hewlett-Packard 2012-02-06 10:50 . 2012-02-06 10:50 -------- dc----w- c:\windows\system32\DRVSTORE 2012-02-06 10:48 . 2012-02-06 10:49 -------- d-----w- c:\programdata\Apple 2012-02-06 10:36 . 2012-02-06 10:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-02-06 10:34 . 1998-10-29 16:45 306688 ----a-w- c:\windows\IsUninst.exe 2012-02-01 08:57 . 2012-02-01 08:57 -------- d-----w- c:\windows\system32\appmgmt 2012-01-31 23:22 . 2012-01-31 23:22 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd 2012-01-31 23:22 . 2012-01-31 23:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-01-31 23:22 . 2012-01-31 23:22 -------- d-----w- c:\programdata\Logishrd 2012-01-31 23:22 . 2012-01-31 23:22 -------- d-----w- c:\program files\Logitech 2012-01-31 23:01 . 2012-01-31 23:02 -------- d-----w- c:\program files (x86)\get_iplayer 2012-01-31 23:01 . 2012-01-31 23:01 -------- d-----w- c:\programdata\get_iplayer 2012-01-31 22:56 . 2004-03-02 14:29 45145 ------w- c:\windows\SysWow64\plugincpl13118.cpl 2012-01-31 22:56 . 2012-01-31 22:56 -------- d-----w- c:\program files (x86)\Oracle 2012-01-31 22:56 . 2004-03-02 14:29 36943 ------w- c:\windows\SysWow64\ActPanel.dll 2012-01-31 22:23 . 2012-01-31 22:23 -------- d-----w- c:\programdata\Quest Software 2012-01-31 22:22 . 2012-01-31 22:22 -------- d-----w- c:\program files (x86)\Raize 2012-01-31 22:22 . 2005-01-08 03:00 24064 ----a-w- c:\windows\SysWow64\CS30Inspectors70.bpl 2012-01-31 22:22 . 2002-08-09 08:00 778240 ----a-w- c:\windows\SysWow64\rtl70.bpl 2012-01-31 22:22 . 2002-08-09 08:00 227328 ----a-w- c:\windows\SysWow64\vclie70.bpl 2012-01-31 22:22 . 2002-08-09 08:00 1381376 ----a-w- c:\windows\SysWow64\vcl70.bpl 2012-01-31 22:22 . 2012-01-31 22:23 -------- d-----w- c:\program files (x86)\Quest Software 2012-01-31 22:18 . 2012-01-31 14:24 -------- d-----w- c:\windows\Panther 2012-01-31 22:12 . 2012-01-31 22:12 -------- d-----w- c:\programdata\Malwarebytes 2012-01-31 22:12 . 2012-01-31 22:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-31 22:12 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-31 21:59 . 2012-01-31 21:59 -------- d-----w- c:\program files (x86)\Calibre2 2012-01-31 21:45 . 2012-01-31 21:45 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2012-01-31 21:40 . 2011-09-23 20:45 81008 ----a-w- c:\windows\system32\drivers\vmci.sys 2012-01-31 21:40 . 2011-09-23 20:45 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys 2012-01-31 21:40 . 2011-09-23 20:44 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe 2012-01-31 21:40 . 2011-09-23 20:45 404080 ----a-w- c:\windows\SysWow64\vmnat.exe 2012-01-31 21:40 . 2011-09-23 20:44 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2012-01-31 21:40 . 2011-09-23 20:45 968816 ----a-w- c:\windows\system32\vnetlib64.dll 2012-01-31 21:40 . 2011-09-23 20:44 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2012-01-31 21:40 . 2011-09-23 19:21 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys 2012-01-31 21:39 . 2012-01-31 21:39 -------- d-----w- c:\program files (x86)\Common Files\VMware 2012-01-31 21:22 . 2012-01-31 21:27 -------- d-----w- c:\program files (x86)\Common Files\InstallEngine 2012-01-31 21:21 . 2009-05-12 13:58 4165632 ----a-w- c:\windows\SysWow64\cdintf400.dll 2012-01-31 21:20 . 2012-01-31 21:20 -------- d-----w- c:\program files (x86)\Common Files\Sage Shared 2012-01-31 21:20 . 2012-01-31 21:20 -------- d-----w- c:\program files (x86)\Common Files\Sage Line50 2012-01-31 21:20 . 2012-01-31 21:21 -------- d-----w- c:\program files (x86)\Common Files\Sage SData 2012-01-31 21:20 . 2012-01-31 21:27 -------- d-----w- c:\program files (x86)\Common Files\Sage SBD 2012-01-31 21:20 . 2012-01-31 21:26 -------- d-----w- c:\programdata\Sage 2012-01-31 21:20 . 2012-01-31 21:20 -------- d-----w- c:\program files (x86)\Common Files\Sage Report Designer 2007 2012-01-31 21:20 . 2012-01-31 21:20 -------- d-----w- c:\program files (x86)\Sage 2012-01-31 20:25 . 2012-01-31 20:25 -------- d-----w- c:\program files (x86)\TextPad 5 2012-01-31 19:03 . 2012-01-31 22:18 -------- d-----w- c:\program files (x86)\Google 2012-01-31 17:27 . 2012-01-31 17:29 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-01-31 17:27 . 2012-01-31 17:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-31 17:27 . 2012-02-01 08:58 -------- d-----w- c:\program files (x86)\Java 2012-01-31 17:15 . 2012-02-14 18:21 -------- d-----w- c:\programdata\VMware 2012-01-31 17:15 . 2012-01-31 21:39 -------- d-----w- c:\program files (x86)\VMware 2012-01-31 17:10 . 2012-01-31 17:10 -------- d-----w- c:\program files (x86)\Foxit Software 2012-01-31 17:01 . 2012-01-31 17:01 -------- d-----w- c:\program files\Java 2012-01-31 16:20 . 2012-01-31 16:20 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-31 16:15 . 2012-01-31 16:15 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-01-31 16:14 . 2012-01-31 16:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-01-31 16:12 . 2012-01-31 16:12 -------- d-----w- c:\programdata\WEBREG 2012-01-31 16:11 . 2008-08-12 10:58 254976 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp082.dll 2012-01-31 16:10 . 2012-01-31 16:10 -------- d-----w- c:\windows\SysWow64\spool 2012-01-31 16:10 . 2012-01-31 16:10 -------- d-----w- c:\programdata\HP Product Assistant 2012-01-31 16:09 . 2012-01-31 16:09 -------- d-----w- c:\program files (x86)\Common Files\HP 2012-01-31 16:09 . 2012-01-31 16:09 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard 2012-01-31 16:09 . 2012-01-31 16:09 -------- d-----w- c:\windows\hpoj6500e709 2012-01-31 16:09 . 2008-08-12 10:58 131072 ----a-w- c:\windows\system32\hpf3l082.dll 2012-01-31 16:09 . 2012-02-07 17:00 -------- d-----w- c:\program files (x86)\HP 2012-01-31 16:06 . 2012-01-31 16:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-01-31 16:03 . 2012-01-31 16:03 -------- d-----r- C:\MSOCache 2012-01-31 15:50 . 2012-02-14 16:42 -------- d-----w- c:\program files (x86)\SugarSync 2012-01-31 15:28 . 2012-01-31 15:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 15:28 . 2012-01-31 15:28 -------- d-----w- c:\windows\SysWow64\Macromed 2012-01-31 15:28 . 2012-01-31 16:06 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-01-31 15:24 . 2012-01-31 15:24 -------- d-----w- c:\windows\SysWow64\Wat 2012-01-31 15:24 . 2012-01-31 15:24 -------- d-----w- c:\windows\system32\Wat 2012-01-31 15:05 . 2012-01-31 15:05 -------- d-----r- c:\program files (x86)\Skype 2012-01-31 15:05 . 2012-01-31 15:05 -------- d-----w- c:\programdata\Skype 2012-01-31 15:05 . 2012-01-31 23:22 -------- d-----w- c:\program files\Common Files\logishrd 2012-01-31 15:04 . 2012-01-31 15:04 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2012-01-31 15:03 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-01-31 15:03 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-01-31 15:03 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-01-31 15:03 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-01-31 15:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-01-31 15:00 . 2011-05-20 09:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys 2012-01-31 14:59 . 2012-01-31 14:59 -------- d-----w- c:\program files (x86)\Etron Technology 2012-01-31 14:59 . 2012-02-14 18:20 -------- d-sh--w- c:\windows\Installer 2012-01-31 14:54 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2012-01-31 14:53 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-31 14:53 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-31 14:53 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-01-31 14:53 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-01-31 14:53 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-01-31 14:53 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-01-31 14:53 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-31 14:53 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-31 14:53 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-01-31 14:53 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-01-31 14:53 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-01-31 14:45 . 2012-01-31 15:00 -------- d-----w- c:\program files (x86)\Intel 2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- c:\program files\Common Files\Intel 2012-01-31 14:45 . 2012-01-31 14:45 -------- d-----w- c:\program files (x86)\Common Files\Intel 2012-01-31 14:43 . 2011-08-23 13:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2012-01-31 14:43 . 2011-08-23 13:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2012-01-31 14:27 . 2011-08-23 13:57 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2012-01-31 14:27 . 2012-02-14 17:20 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2012-01-31 14:27 . 2012-01-31 14:43 -------- d-----w- c:\program files (x86)\Realtek 2012-01-31 14:24 . 2012-02-01 11:09 -------- d-----w- c:\users\Xxxxxxxxxx 2012-01-31 14:24 . 2012-01-31 14:24 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-27 00:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-02-03 9401424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-09-23 129648] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] . c:\users\Xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-6 113664] Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 Sage SData Service;Sage SData Service;c:\program files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [2009-08-21 49152] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-09-23 539248] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - APPLECHARGER . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-02-03 18:41 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-02-03 18:41 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-02-03 18:41 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-02-03 18:41 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll TCP: Interfaces\{ECBED843-4F39-4BD3-A4CB-64C8E700FB78}: NameServer = 192.168.0.1 FF - ProfilePath - c:\users\Xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\4e7i70o3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-02-14 22:12:59 ComboFix-quarantined-files.txt 2012-02-14 22:12 . Pre-Run: 42,610,003,968 bytes free Post-Run: 43,365,003,264 bytes free . - - End Of File - - 7F2DD2A1818651C1EE9E66794EA07C23
  6. sparrowdclxvi
    Scan came back fine. My computer behaves normally apart from the constant messages from MBAM about blocked IPs.
  7. sparrowdclxvi
    Hi all I got a virus of some sort on 31 Jan that caused my machine to hard restart, which I posted about here, but the post seems to have been missed. I disconnected from the internet, installed MBAM, but couldn't get rid of everything, so formatted the partition on my drive and re-installed Win7 x64. There is another partition on the drive that wasn't removed, and all my other drives in the machine are as they were while infected. I also paid for and installed MBAM Pro. Since then, I keep getting incoming and outgoing blocks by MBAM. Outgoing I can understand (dodgy advertising sites), but incoming blocks on random ports is worrying. The majority of these blocks are from Skype, although some are from FireFox. I don't seem to get any from IE, but I don't use that much. Attached are DDS, Attach, and some MBAM logs (personal name removed). Any help gratefully appreciated. Attach.txt DDS.txt protection-log-2012-02-10.txt
  8. sparrowdclxvi
    Thanks for your help, Kenny94.
  9. sparrowdclxvi
    Hi Kenny94 Regarding MSE, you've highlighted a point I was trying to make. MSE has disappeared. I never uninstalled it, but it's gone from this machine. That is concerning me. Logs below. ESET C:\Qoobox\Quarantine\C\Users\Naomi Chard\AppData\Roaming\TSCI6.dll.vir a variant of Win32/Kryptik.JHE trojan Results of screen317's Security Check version 0.99.8 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 17 Out of date Java installed! Adobe Flash Player 10.0.32.18 Adobe Reader 9.3 Out of date Adobe Reader installed! Mozilla Firefox (3.6.6) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log````````````
  10. sparrowdclxvi
    Hi Kenny94 Apologies for not replying sooner, I didn't get a notification about your reply. The computer seems OK, but Microsoft Security Essentials is now missing entirely. Maybe Avira got rid of it? However, Windows Defender is now back and appears to be running normally. Did anything above indicate there was an infection? THanks
  11. sparrowdclxvi
    Thanks for your help Kenny94. 2011/01/12 15:05:33.0777 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11 2011/01/12 15:05:33.0793 ================================================================================ 2011/01/12 15:05:33.0793 SystemInfo: 2011/01/12 15:05:33.0793 2011/01/12 15:05:33.0793 OS Version: 6.1.7600 ServicePack: 0.0 2011/01/12 15:05:33.0793 Product type: Workstation 2011/01/12 15:05:33.0793 ComputerName: NAOMICHARD-PC 2011/01/12 15:05:33.0793 UserName: Naomi Chard 2011/01/12 15:05:33.0793 Windows directory: C:\Windows 2011/01/12 15:05:33.0793 System windows directory: C:\Windows 2011/01/12 15:05:33.0793 Processor architecture: Intel x86 2011/01/12 15:05:33.0793 Number of processors: 2 2011/01/12 15:05:33.0793 Page size: 0x1000 2011/01/12 15:05:33.0793 Boot type: Normal boot 2011/01/12 15:05:33.0793 ================================================================================ 2011/01/12 15:05:34.0354 Initialize success 2011/01/12 15:05:47.0677 ================================================================================ 2011/01/12 15:05:47.0677 Scan started 2011/01/12 15:05:47.0677 Mode: Manual; 2011/01/12 15:05:47.0677 ================================================================================ 2011/01/12 15:05:48.0270 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/01/12 15:05:48.0332 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/01/12 15:05:48.0379 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/01/12 15:05:48.0504 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/01/12 15:05:48.0582 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/01/12 15:05:48.0644 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/01/12 15:05:48.0738 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/01/12 15:05:48.0847 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/01/12 15:05:48.0925 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/01/12 15:05:49.0003 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/01/12 15:05:49.0050 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/01/12 15:05:49.0081 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/01/12 15:05:49.0128 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/01/12 15:05:49.0174 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/01/12 15:05:49.0206 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/01/12 15:05:49.0237 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/01/12 15:05:49.0284 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/01/12 15:05:49.0330 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/01/12 15:05:49.0393 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/01/12 15:05:49.0486 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/01/12 15:05:49.0518 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/01/12 15:05:49.0564 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/01/12 15:05:49.0611 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/01/12 15:05:49.0705 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/01/12 15:05:49.0752 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/01/12 15:05:49.0830 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/01/12 15:05:49.0892 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/01/12 15:05:49.0970 BackupReader (cb2172db1c120a3f25151eab9f0a5678) C:\Windows\system32\DRIVERS\BackupReader.sys 2011/01/12 15:05:50.0064 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/01/12 15:05:50.0126 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/01/12 15:05:50.0173 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/01/12 15:05:50.0204 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/01/12 15:05:50.0235 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/01/12 15:05:50.0282 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/01/12 15:05:50.0329 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/01/12 15:05:50.0360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/01/12 15:05:50.0391 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/01/12 15:05:50.0438 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/01/12 15:05:50.0641 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/01/12 15:05:50.0703 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/01/12 15:05:50.0750 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/01/12 15:05:50.0797 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/01/12 15:05:50.0859 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/01/12 15:05:50.0890 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/01/12 15:05:50.0922 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/01/12 15:05:50.0968 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/01/12 15:05:51.0000 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/01/12 15:05:51.0046 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/01/12 15:05:51.0124 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/01/12 15:05:51.0202 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/01/12 15:05:51.0249 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/01/12 15:05:51.0312 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/01/12 15:05:51.0390 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/01/12 15:05:51.0452 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/01/12 15:05:51.0483 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys 2011/01/12 15:05:51.0655 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/01/12 15:05:51.0811 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/01/12 15:05:51.0842 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/01/12 15:05:51.0951 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/01/12 15:05:51.0998 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/01/12 15:05:52.0045 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/01/12 15:05:52.0107 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/01/12 15:05:52.0138 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/01/12 15:05:52.0185 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/01/12 15:05:52.0248 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/01/12 15:05:52.0341 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/01/12 15:05:52.0372 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/01/12 15:05:52.0450 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/01/12 15:05:52.0482 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/01/12 15:05:52.0528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/01/12 15:05:52.0606 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/01/12 15:05:52.0653 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/01/12 15:05:52.0716 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/01/12 15:05:52.0762 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/01/12 15:05:52.0794 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/01/12 15:05:52.0840 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/01/12 15:05:52.0887 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/01/12 15:05:52.0965 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/01/12 15:05:53.0043 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/01/12 15:05:53.0090 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/01/12 15:05:53.0137 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/01/12 15:05:53.0184 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/01/12 15:05:53.0418 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/01/12 15:05:53.0605 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/01/12 15:05:53.0652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/01/12 15:05:53.0698 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/01/12 15:05:53.0745 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/01/12 15:05:53.0792 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/01/12 15:05:53.0823 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/01/12 15:05:53.0901 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/01/12 15:05:53.0948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/01/12 15:05:53.0979 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/01/12 15:05:54.0010 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/01/12 15:05:54.0088 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/01/12 15:05:54.0151 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/01/12 15:05:54.0213 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/01/12 15:05:54.0307 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/01/12 15:05:54.0385 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/01/12 15:05:54.0447 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/01/12 15:05:54.0494 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/01/12 15:05:54.0525 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/01/12 15:05:54.0588 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/01/12 15:05:54.0634 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/01/12 15:05:54.0681 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/01/12 15:05:54.0744 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/01/12 15:05:54.0806 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/01/12 15:05:54.0868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/01/12 15:05:54.0915 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/01/12 15:05:54.0946 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/01/12 15:05:54.0978 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/01/12 15:05:55.0024 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/01/12 15:05:55.0071 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/01/12 15:05:55.0134 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/01/12 15:05:55.0180 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/01/12 15:05:55.0212 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/01/12 15:05:55.0243 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/01/12 15:05:55.0290 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/01/12 15:05:55.0352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/01/12 15:05:55.0383 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/01/12 15:05:55.0414 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/01/12 15:05:55.0477 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/01/12 15:05:55.0508 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/01/12 15:05:55.0555 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/01/12 15:05:55.0586 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/01/12 15:05:55.0633 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/01/12 15:05:55.0664 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/01/12 15:05:55.0711 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/01/12 15:05:55.0742 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/01/12 15:05:55.0804 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/01/12 15:05:55.0882 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/01/12 15:05:55.0992 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/01/12 15:05:56.0054 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/01/12 15:05:56.0085 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/01/12 15:05:56.0132 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/01/12 15:05:56.0163 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/01/12 15:05:56.0226 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/01/12 15:05:56.0272 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/01/12 15:05:56.0522 netw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\netw5v32.sys 2011/01/12 15:05:56.0740 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/01/12 15:05:56.0803 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/01/12 15:05:56.0834 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/01/12 15:05:56.0912 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/01/12 15:05:56.0990 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/01/12 15:05:57.0037 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/01/12 15:05:57.0068 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/01/12 15:05:57.0099 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/01/12 15:05:57.0146 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/01/12 15:05:57.0224 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/01/12 15:05:57.0271 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/01/12 15:05:57.0302 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/01/12 15:05:57.0349 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/01/12 15:05:57.0380 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/01/12 15:05:57.0411 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/01/12 15:05:57.0458 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/01/12 15:05:57.0520 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/01/12 15:05:57.0692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/01/12 15:05:57.0739 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/01/12 15:05:57.0801 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/01/12 15:05:57.0879 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/01/12 15:05:58.0004 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/01/12 15:05:58.0051 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/01/12 15:05:58.0082 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/01/12 15:05:58.0144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/01/12 15:05:58.0191 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/01/12 15:05:58.0222 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/01/12 15:05:58.0254 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/01/12 15:05:58.0285 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/01/12 15:05:58.0332 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/01/12 15:05:58.0363 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/01/12 15:05:58.0410 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/01/12 15:05:58.0472 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/01/12 15:05:58.0503 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/01/12 15:05:58.0550 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/01/12 15:05:58.0597 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/01/12 15:05:58.0675 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/01/12 15:05:58.0753 RT-USB (e390b063bc6398359e560edacf3515ee) C:\Windows\system32\drivers\RT-USB.SYS 2011/01/12 15:05:58.0800 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/01/12 15:05:58.0846 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/01/12 15:05:58.0893 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/01/12 15:05:58.0971 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys 2011/01/12 15:05:59.0034 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/01/12 15:05:59.0174 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/01/12 15:05:59.0377 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/01/12 15:05:59.0439 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/01/12 15:05:59.0502 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/01/12 15:05:59.0533 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/01/12 15:05:59.0564 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys 2011/01/12 15:05:59.0611 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/01/12 15:05:59.0658 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/01/12 15:05:59.0689 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/01/12 15:05:59.0720 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/01/12 15:05:59.0798 SIVDRIVER (659bf7aa34185dbea8b4f5ba84c297ba) C:\Windows\system32\Drivers\SIVX32.sys 2011/01/12 15:05:59.0829 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/01/12 15:05:59.0892 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/01/12 15:05:59.0970 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/01/12 15:06:00.0016 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/01/12 15:06:00.0063 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/01/12 15:06:00.0141 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/01/12 15:06:00.0204 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/01/12 15:06:00.0297 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 2011/01/12 15:06:00.0360 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/01/12 15:06:00.0406 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/01/12 15:06:00.0453 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/01/12 15:06:00.0562 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/01/12 15:06:00.0656 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/01/12 15:06:00.0718 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/01/12 15:06:00.0765 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/01/12 15:06:00.0796 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/01/12 15:06:00.0843 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/01/12 15:06:00.0874 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/01/12 15:06:00.0952 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\Windows\system32\DRIVERS\thpdrv.sys 2011/01/12 15:06:00.0999 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\Windows\system32\DRIVERS\Thpevm.SYS 2011/01/12 15:06:01.0077 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys 2011/01/12 15:06:01.0140 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/01/12 15:06:01.0186 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/01/12 15:06:01.0249 TVALZ (6e614df4e1110dcf61b335ee02a34954) C:\Windows\system32\DRIVERS\TVALZ.SYS 2011/01/12 15:06:01.0280 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/01/12 15:06:01.0311 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/01/12 15:06:01.0389 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/01/12 15:06:01.0420 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/01/12 15:06:01.0467 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/01/12 15:06:01.0545 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2011/01/12 15:06:01.0732 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/01/12 15:06:01.0779 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/01/12 15:06:01.0826 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/01/12 15:06:01.0873 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/01/12 15:06:01.0920 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/01/12 15:06:01.0951 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/01/12 15:06:01.0998 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/01/12 15:06:02.0044 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/01/12 15:06:02.0122 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/01/12 15:06:02.0169 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/01/12 15:06:02.0200 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/01/12 15:06:02.0232 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/01/12 15:06:02.0294 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/01/12 15:06:02.0325 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/01/12 15:06:02.0356 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/01/12 15:06:02.0403 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/01/12 15:06:02.0450 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/01/12 15:06:02.0481 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/01/12 15:06:02.0528 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/01/12 15:06:02.0559 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/01/12 15:06:02.0622 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/01/12 15:06:02.0668 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/01/12 15:06:02.0715 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/01/12 15:06:02.0762 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/12 15:06:02.0778 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/12 15:06:02.0856 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/01/12 15:06:02.0902 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/01/12 15:06:03.0012 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/01/12 15:06:03.0058 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/01/12 15:06:03.0168 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/01/12 15:06:03.0214 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/01/12 15:06:03.0292 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/01/12 15:06:03.0355 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/01/12 15:06:03.0386 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/01/12 15:06:03.0573 ================================================================================ 2011/01/12 15:06:03.0573 Scan finished 2011/01/12 15:06:03.0573 ================================================================================
  12. sparrowdclxvi
    Apologies for the delay, work is crazy at the moment. Combofix log below. ComboFix 11-01-11.01 - Naomi Chard 12/01/2011 8:20.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2039.1135 [GMT 0:00] Running from: c:\users\Naomi Chard\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Naomi Chard\AppData\Roaming\TSCI6.dll . ((((((((((((((((((((((((( Files Created from 2010-12-12 to 2011-01-12 ))))))))))))))))))))))))))))))) . 2011-01-12 08:26 . 2011-01-12 08:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-12 08:18 . 2011-01-12 08:18 -------- d-----w- C:\32788R22FWJFW 2011-01-11 14:10 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11A2F2E4-532D-41AF-ADE4-CE3E830A1A15}\mpengine.dll 2011-01-09 09:38 . 2011-01-09 09:38 -------- d-----w- c:\users\Naomi Chard\AppData\Roaming\Avira 2011-01-09 09:33 . 2010-12-13 08:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-01-09 09:33 . 2010-12-13 08:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-01-09 09:33 . 2011-01-09 09:33 -------- d-----w- c:\programdata\Avira 2011-01-09 09:33 . 2011-01-09 09:33 -------- d-----w- c:\program files\Avira 2011-01-09 08:57 . 2011-01-09 09:13 -------- d-----w- c:\programdata\MFAData 2010-12-31 19:11 . 2010-12-31 19:11 -------- d-----w- c:\program files\iPod 2010-12-31 19:11 . 2010-12-31 19:12 -------- d-----w- c:\program files\iTunes 2010-12-15 06:04 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 18:09 . 2010-08-21 11:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 18:08 . 2010-08-21 11:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-10-19 10:41 . 2009-11-07 14:17 222080 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-06 39408] "IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2010-04-22 177608] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] c:\users\Naomi Chard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2010-5-27 292296] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-7 113664] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2010-5-10 604008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 135664] R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2009-07-11 44784] R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2009-05-21 58880] R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2009-12-20 51136] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128] S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2010-05-27 148936] S2 IDriveWebM;IDrive WebManager;c:\idrive\IDriveWebM.exe [2010-04-22 267720] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-15 6000640] --- Other Services/Drivers In Memory --- *NewlyCreated* - SSMDRV *Deregistered* - awrdafod [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 17:23] 2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 17:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html FF - ProfilePath - c:\users\Naomi Chard\AppData\Roaming\Mozilla\Firefox\Profiles\lk41sjpz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . - - - - ORPHANS REMOVED - - - - HKCU-Run-LYOUJM - c:\users\Naomi Chard\AppData\Roaming\TSCI6.dll HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-01-12 08:28:34 ComboFix-quarantined-files.txt 2011-01-12 08:28 Pre-Run: 96,272,216,064 bytes free Post-Run: 97,977,937,920 bytes free - - End Of File - - 0DB55A6DAFB06FE9158A0A7E7D161296
  13. sparrowdclxvi
    Hi all My wifes laptop seems to have some sort of malware on it, as it randomly redirects Google results to different pages. Also, Microsoft Security Essentials and Windows Defender will not launch. MBAM and Avira can't find anything. DDS Log ---------- DDS (Ver_10-12-12.02) - NTFSx86 Run by Naomi Chard at 14:56:39.66 on 09/01/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17 Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2039.1120 [GMT 0:00] AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Home Server\esClient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\IDrive\IDriveE Service.exe C:\IDrive\IDriveWebM.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\ThpSrv.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Program Files\Windows Home Server\WHSConnector.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\igfxext.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\IDrive\IDriveETray.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\IDrive\IDriveEBackground.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\WUDFHost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Naomi Chard\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [iDriveE Startup] "c:\idrive\IDrvieEStartup.exe" Hide uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [LYOUJM] rundll32 "c:\users\naomi chard\appdata\roaming\TSCI6.dll",uuxdjkmzz mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [ThpSrv] c:\windows\system32\thpsrv /logon mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\naomic~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idrive\IDriveEReg2ini.exe StartupFolder: c:\users\naomic~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 192.168.0.4 WHSERVER2 #Windows Home Server# ================= FIREFOX =================== FF - ProfilePath - c:\users\naomic~1\appdata\roaming\mozilla\firefox\profiles\lk41sjpz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\users\naomi chard\appdata\roaming\mozilla\firefox\profiles\lk41sjpz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\users\naomi chard\appdata\roaming\facebook\npfbplugin_1_0_0.dll FF - plugin: c:\users\naomi chard\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} ============= SERVICES / DRIVERS =============== R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-9 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-9 267944] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 239464] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-9 61960] R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2009-10-7 97128] R2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2010-5-27 148936] R2 IDriveWebM;IDrive WebManager;c:\idrive\IDriveWebM.exe [2010-5-27 267720] R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 376680] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-6 6000640] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-6 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-7-11 44784] S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2009-5-21 58880] S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2009-12-20 51136] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400] =============== Created Last 30 ================ 2011-01-09 09:38:12 -------- d-----w- c:\users\naomic~1\appdata\roaming\Avira 2011-01-09 09:33:12 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-01-09 09:33:11 -------- d-----w- c:\program files\Avira 2011-01-09 09:33:11 -------- d-----w- c:\progra~2\Avira 2011-01-09 08:57:22 -------- d-----w- c:\progra~2\MFAData 2011-01-06 19:13:33 182272 --sha-r- c:\users\naomic~1\appdata\roaming\TSCI6.dll 2010-12-31 19:11:53 -------- d-----w- c:\program files\iPod 2010-12-31 19:11:48 -------- d-----w- c:\program files\iTunes 2010-12-15 06:04:47 516096 ----a-w- c:\program files\windows mail\wab.exe ==================== Find3M ==================== 2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe 2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll 2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe 2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll ============= FINISH: 14:57:23.63 =============== MBAM Log ------------ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5481 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08/01/2011 09:23:12 mbam-log-2011-01-08 (09-23-12).txt Scan type: Full scan (C:\|) Objects scanned: 255757 Time elapsed: 55 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) All help appreciated. Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.