Jump to content

colmac

Honorary Members
 View Profile  See their activity

  • Posts

    21

  • Joined

  • Last visited

Reputation

0 Neutral
  1. colmac
    Can you tell mw which ones thos are. I have Acronis to deo back ups as well as other batch files, so I probably do have copies Colin
  2. colmac
    I have to do the copying in stages. I have three back-ups of all, so I do not have storage space to delete all and start again. Colin
  3. colmac
    Thanks for the feedback Quite happy to follow advice and re-install. However, I'm slightly concerned that I do not waste your time and mine. I have been using 5 physical disks partly for storage, partly for first line back-up. I also have an external 1Tb for further back-up. In re-building, I've been copying data from one HDD to others to re-arrange more logically. The net result is that I have a total of 8 disks that have been used/connected to this PC recently, plus USB sticks. What I'm trying to avoid is a re-install of everything which is then screwed up when I connect one of these disks. How do I clean them as well? If I copy all the files to a new HDD then format the old disk, I still risk having the trojan in those files somewhere. Colin
  4. colmac
    Hi Thanks for your help heres the info 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is malware. File name: Twain.dll Submission date: 2011-02-15 16:53:31 (UTC) Current status: finished Result: 14/42 (33.3%) VT Community malware Safety score: 0.0% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.02.14.02 2011.02.14 Trojan/Win32.Agent AntiVir 7.11.3.90 2011.02.15 TR/MSIL.Agent.azv Antiy-AVL 2.0.3.7 2011.02.15 - Avast 4.8.1351.0 2011.02.14 Win32:Rootkit-gen Avast5 5.0.677.0 2011.02.14 Win32:Rootkit-gen AVG 10.0.0.1190 2011.02.15 - BitDefender 7.2 2011.02.15 Trojan.Generic.KDV.132048 CAT-QuickHeal 11.00 2011.02.15 - ClamAV 0.96.4.0 2011.02.15 - Commtouch 5.2.11.5 2011.02.15 - Comodo 7699 2011.02.15 - Emsisoft 5.1.0.2 2011.02.15 Trojan.Msil!IK eSafe 7.0.17.0 2011.02.15 - eTrust-Vet 36.1.8160 2011.02.15 - F-Prot 4.6.2.117 2011.02.15 - F-Secure 9.0.16160.0 2011.02.15 Trojan.Generic.KDV.132048 Fortinet 4.2.254.0 2011.02.15 W32/Agent.AZV!tr GData 21 2011.02.15 Trojan.Generic.KDV.132048 Ikarus T3.1.1.97.0 2011.02.15 Trojan.Msil Jiangmin 13.0.900 2011.02.15 - K7AntiVirus 9.85.3859 2011.02.15 Trojan Kaspersky 7.0.0.125 2011.02.15 Trojan.MSIL.Agent.azv McAfee 5.400.0.1158 2011.02.15 - McAfee-GW-Edition 2010.1C 2011.02.15 - Microsoft 1.6502 2011.02.15 - NOD32 5877 2011.02.15 - Norman 6.07.03 2011.02.15 - nProtect 2011-02-10.01 2011.02.15 - Panda 10.0.3.5 2011.02.15 Suspicious file PCTools 7.0.3.5 2011.02.15 - Prevx 3.0 2011.02.15 - Rising 23.45.01.06 2011.02.15 - Sophos 4.61.0 2011.02.15 - SUPERAntiSpyware 4.40.0.1006 2011.02.15 - Symantec 20101.3.0.103 2011.02.15 - TheHacker 6.7.0.1.131 2011.02.15 - TrendMicro 9.200.0.1012 2011.02.15 - TrendMicro-HouseCall 9.200.0.1012 2011.02.15 - VBA32 3.12.14.3 2011.02.15 - VIPRE 8429 2011.02.15 Trojan.Win32.Generic!BT ViRobot 2011.2.15.4311 2011.02.15 - VirusBuster 13.6.201.0 2011.02.15 - Additional information Show all MD5 : 2153e2d85da316a0fe302227e0f9af88 SHA1 : 48b334c27d604ce7d89c9c825d211d26427176cf SHA256: 645b30a3ef5cf05ad0df575fbbdbc05387b5493ce1778935b60d98681fea7bc0 ssdeep: 384:sKNh1KNM8/7q8rUSTVAMAt2qqve+LR8v9scYAIZaTWQB:bNwM8/GidINI0lB File size : 18432 bytes First seen: 2011-02-10 16:51:22 Last seen : 2011-02-15 16:53:31 Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit Mono/.Net assembly TrID: Win64 Executable Generic (79.4%) Win32 Executable Generic (7.9%) Win32 Dynamic Link Library (generic) (7.0%) Win16/32 Executable Delphi generic (1.9%) Generic Win/DOS Executable (1.8%) sigcheck: publisher....: Microsoft Corporation copyright....: product......: Twain Working Group description..: Twain Source Manager (Image Acquisition Interface) original name: Twain.dll internal name: Twain.dll file version.: 1.7.0.0 comments.....: Twain Source Manager (Image Acquisition Interface) signers......: - signing date.: - verified.....: Unsigned PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x555E timedatestamp....: 0x4D526D4C (Wed Feb 09 10:32:44 2011) machinetype......: 0x14C (Intel I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x2000, 0x3564, 0x3600, 5.64, 96a264abd468136df4feb8fdd0fca05c .sdata, 0x6000, 0x66, 0x200, 1.45, 16c823c91220d7d3f3c83db79cebc7cb .rsrc, 0x8000, 0x908, 0xA00, 3.16, 065f4920f6a06566fda44d68c4827c82 .reloc, 0xA000, 0xC, 0x200, 0.08, 5f30fe1e90b2f253432b992a220e4c8d [[ 1 import(s) ]] mscoree.dll: _CorDllMain ExifTool: file metadata AssemblyVersion: 1.7.0.0 CharacterSet: Unicode CodeSize: 13824 Comments: Twain Source Manager (Image Acquisition Interface) CompanyName: Microsoft Corporation EntryPoint: 0x555e FileDescription: Twain Source Manager (Image Acquisition Interface) FileFlagsMask: 0x003f FileOS: Win32 FileSize: 18 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 1.7.0.0 FileVersionNumber: 1.7.0.0 ImageVersion: 0.0 InitializedDataSize: 3584 InternalName: Twain.dll LanguageCode: Neutral LegalCopyright: LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Dynamic link library OriginalFilename: Twain.dll PEType: PE32 ProductName: Twain Working Group ProductVersion: 1.7.0.0 ProductVersionNumber: 1.7.0.0 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2011:02:09 11:32:44+01:00 UninitializedDataSize: 0 Symantec reputation:Suspicious.Insight VT Community User: Anonymous Reputation: 1 credits Comment date: 2011-02-11 17:52:17 (UTC) FAKE DLL - Compiled Visual Basic botnet downloader. Contains string: D:\Botnet\kernel32\kernel32\obj\Release\Twain.pdb if it wasn't obvious. Tags: Malware, P2Pdownload,
  5. colmac
    Hi I'd appreciate some help please. You guys helped me recently, but in hindsight, I have no idea if we got rid of all the infections. I was having random issues with corrupt text files, exe files not running, my Favorites in IE not connecting. I did disk test and discovered that two of my disks were showing some signs of wear, and were reported as "Caution" on SMART tests. So I decided to replace those disks, and re-install everything. This has now been done, but I'm infected again with TROJAN.MSL. MBAM removed it, but it re-inserted itself. I also found a very strange entry in msconfig start-up which pointed at a file called ppi.exe. MBAM says this is OK as does Microsoft Security Essentials. I have no idea whether this is correct or not. I have not removed it yet. It is located at C:\Users\Colin\AppData\Local. So whether this is a new infection or the same old one I have no idea. Here are the log files as requested in instructions. Thanks in advance, your help and skills are much appreciated Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5871 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8080.16413 24/02/2011 18:52:27 mbam-log-2011-02-24 (18-52-27).txt Scan type: Quick scan Objects scanned: 139545 Time elapsed: 3 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Colin\AppData\Roaming\Twain.dll (Trojan.MSIL) -> Quarantined and deleted successfully. c:\Users\Colin\local settings\application data\Twain.dll (Trojan.MSIL) -> Quarantined and deleted successfully. DDS (Ver_10-12-12.02) - NTFSx86 Run by Colin at 19:09:01.92 on 24/02/2011 Internet Explorer: 9.0.8080.16413 Microsoft
  6. colmac
    It seems fine. It's been fine since the original MBAM scan caught the 6 problems yesterday morning. I feared that there would be more widespread probs, but it seems not. Think I'll restart the router though as a precaution. Can't do any harm. Just jotted down all the settings Thanks very much for all your help. It is much appreciated Colin
  7. colmac
    Hi MrC Not sure why it said NO ACtion. I thought I removed! I am on a router, and the other two pcs are both fine. Anyway, ran MBAM as requested, and here's the log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5772 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 16/02/2011 09:35:16 mbam-log-2011-02-16 (09-35-16).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 274966 Time elapsed: 58 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\50Z2TKNS\16e1fe349c6c36dd[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\50Z2TKNS\8d511b9d1315d40ca172d33e2aece28d[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\50Z2TKNS\da5456c5b6a019ed418797b0b8c31ea2[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\50Z2TKNS\logo[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\50Z2TKNS\thumb[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\50Z2TKNS\tiny_entourage_wrapper_v6[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\5BU4JKV5\7582f4703bffd33d75d14e24d89a0db9[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\5BU4JKV5\eb15da43825f21cd7a34c6a5bfc81fdc[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UOLWG2U1\7d4ea0f8af57bf8c1fc849021de5bdba[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UOLWG2U1\i-ed-logo[1].png (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZJDFKJO3\200_341985-1[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZJDFKJO3\30eeb9af46e2d95edd4c8b547e67b756[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZJDFKJO3\c216a9e20df9903ae7252bccd6ce3878[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZJDFKJO3\ufc_142x80[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\868KCWX5\facebook[1].png (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\CF709C8U\e0f57a2d443f9f592d9be67bf268a501[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\CF709C8U\logo[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\CF709C8U\sr_house_ad_join[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\PT128K5P\ae55401b-0796-47d2-9303-3020ed4061de_496x279[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\PT128K5P\students%20on%20the%20beach[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\S88A1SP0\footer[1].png (Extension.Mismatch) -> Quarantined and deleted successfully. c:\Users\User\Desktop\anderson 14.12.10 013796\Users\Lynsey\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\S88A1SP0\input[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
  8. colmac
    Apologies for not making it clear. Browsing sites were getting randomly re-directed to other sites. Here's logs 2011/02/15 23:12:21.0317 5112 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20 2011/02/15 23:12:22.0955 5112 ================================================================================ 2011/02/15 23:12:22.0955 5112 SystemInfo: 2011/02/15 23:12:22.0955 5112 2011/02/15 23:12:22.0955 5112 OS Version: 6.1.7600 ServicePack: 0.0 2011/02/15 23:12:22.0955 5112 Product type: Workstation 2011/02/15 23:12:22.0955 5112 ComputerName: USER-VAIO 2011/02/15 23:12:22.0955 5112 UserName: User 2011/02/15 23:12:22.0955 5112 Windows directory: C:\Windows 2011/02/15 23:12:22.0955 5112 System windows directory: C:\Windows 2011/02/15 23:12:22.0955 5112 Running under WOW64 2011/02/15 23:12:22.0955 5112 Processor architecture: Intel x64 2011/02/15 23:12:22.0955 5112 Number of processors: 2 2011/02/15 23:12:22.0955 5112 Page size: 0x1000 2011/02/15 23:12:22.0955 5112 Boot type: Normal boot 2011/02/15 23:12:22.0955 5112 ================================================================================ 2011/02/15 23:12:23.0298 5112 Initialize success 2011/02/15 23:12:38.0851 5736 ================================================================================ 2011/02/15 23:12:38.0851 5736 Scan started 2011/02/15 23:12:38.0851 5736 Mode: Manual; 2011/02/15 23:12:38.0851 5736 ================================================================================ 2011/02/15 23:12:39.0397 5736 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/02/15 23:12:39.0475 5736 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/02/15 23:12:39.0615 5736 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/02/15 23:12:39.0709 5736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/02/15 23:12:39.0865 5736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/02/15 23:12:39.0912 5736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/02/15 23:12:39.0990 5736 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/02/15 23:12:40.0115 5736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/02/15 23:12:40.0177 5736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/02/15 23:12:40.0286 5736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/02/15 23:12:40.0317 5736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/02/15 23:12:40.0333 5736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/02/15 23:12:40.0380 5736 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2011/02/15 23:12:40.0411 5736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/02/15 23:12:40.0458 5736 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2011/02/15 23:12:40.0551 5736 ApfiltrService (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/02/15 23:12:40.0692 5736 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/02/15 23:12:40.0754 5736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/02/15 23:12:40.0770 5736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/02/15 23:12:40.0832 5736 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 2011/02/15 23:12:40.0941 5736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/15 23:12:40.0988 5736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/02/15 23:12:41.0082 5736 athr (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys 2011/02/15 23:12:41.0378 5736 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/02/15 23:12:41.0721 5736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/02/15 23:12:41.0846 5736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/02/15 23:12:41.0955 5736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/02/15 23:12:42.0127 5736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/02/15 23:12:42.0189 5736 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/15 23:12:42.0299 5736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/02/15 23:12:42.0330 5736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/02/15 23:12:42.0377 5736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/02/15 23:12:42.0392 5736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/02/15 23:12:42.0423 5736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/02/15 23:12:42.0439 5736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/02/15 23:12:42.0533 5736 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/02/15 23:12:42.0595 5736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/02/15 23:12:42.0642 5736 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 2011/02/15 23:12:42.0751 5736 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys 2011/02/15 23:12:42.0876 5736 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys 2011/02/15 23:12:42.0938 5736 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 2011/02/15 23:12:43.0047 5736 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys 2011/02/15 23:12:43.0125 5736 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 2011/02/15 23:12:43.0219 5736 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/02/15 23:12:43.0266 5736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/15 23:12:43.0328 5736 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/15 23:12:43.0453 5736 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys 2011/02/15 23:12:43.0500 5736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/02/15 23:12:43.0562 5736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/02/15 23:12:43.0703 5736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/02/15 23:12:43.0734 5736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/02/15 23:12:43.0781 5736 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/02/15 23:12:43.0827 5736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/02/15 23:12:43.0937 5736 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/02/15 23:12:43.0999 5736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/02/15 23:12:44.0139 5736 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/02/15 23:12:44.0186 5736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/02/15 23:12:44.0295 5736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/02/15 23:12:44.0373 5736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/02/15 23:12:44.0436 5736 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/15 23:12:44.0639 5736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/02/15 23:12:44.0873 5736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/02/15 23:12:44.0982 5736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/02/15 23:12:45.0060 5736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/02/15 23:12:45.0091 5736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/02/15 23:12:45.0200 5736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/02/15 23:12:45.0247 5736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/02/15 23:12:45.0294 5736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/02/15 23:12:45.0309 5736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/02/15 23:12:45.0356 5736 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/02/15 23:12:45.0450 5736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/02/15 23:12:45.0497 5736 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/15 23:12:45.0559 5736 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/02/15 23:12:45.0668 5736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/02/15 23:12:45.0731 5736 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/02/15 23:12:45.0933 5736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/02/15 23:12:46.0011 5736 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/02/15 23:12:46.0121 5736 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/02/15 23:12:46.0152 5736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/02/15 23:12:46.0183 5736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/02/15 23:12:46.0214 5736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/02/15 23:12:46.0277 5736 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/15 23:12:46.0417 5736 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/02/15 23:12:46.0495 5736 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/02/15 23:12:46.0620 5736 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/02/15 23:12:46.0667 5736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/02/15 23:12:46.0807 5736 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 2011/02/15 23:12:46.0869 5736 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/02/15 23:12:47.0181 5736 igfx (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys 2011/02/15 23:12:47.0462 5736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/02/15 23:12:47.0603 5736 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys 2011/02/15 23:12:47.0727 5736 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys 2011/02/15 23:12:47.0790 5736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/02/15 23:12:47.0821 5736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/02/15 23:12:47.0915 5736 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/15 23:12:47.0977 5736 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/02/15 23:12:47.0993 5736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/02/15 23:12:48.0102 5736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/02/15 23:12:48.0164 5736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/02/15 23:12:48.0211 5736 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/02/15 23:12:48.0258 5736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/15 23:12:48.0367 5736 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/02/15 23:12:48.0414 5736 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/15 23:12:48.0461 5736 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/02/15 23:12:48.0570 5736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/02/15 23:12:48.0663 5736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/15 23:12:48.0804 5736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/02/15 23:12:48.0835 5736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/02/15 23:12:48.0866 5736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/02/15 23:12:48.0913 5736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/02/15 23:12:48.0960 5736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/02/15 23:12:49.0163 5736 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/02/15 23:12:49.0210 5736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/02/15 23:12:49.0256 5736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/02/15 23:12:49.0412 5736 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys 2011/02/15 23:12:49.0459 5736 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys 2011/02/15 23:12:49.0693 5736 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys 2011/02/15 23:12:49.0802 5736 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys 2011/02/15 23:12:49.0943 5736 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys 2011/02/15 23:12:49.0974 5736 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys 2011/02/15 23:12:50.0114 5736 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys 2011/02/15 23:12:50.0177 5736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/02/15 23:12:50.0286 5736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/15 23:12:50.0333 5736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/15 23:12:50.0458 5736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/15 23:12:50.0489 5736 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/02/15 23:12:50.0536 5736 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/02/15 23:12:50.0582 5736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/15 23:12:50.0676 5736 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/02/15 23:12:50.0738 5736 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/15 23:12:50.0785 5736 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/15 23:12:50.0832 5736 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/15 23:12:50.0926 5736 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/02/15 23:12:50.0957 5736 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/02/15 23:12:51.0004 5736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/02/15 23:12:51.0019 5736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/02/15 23:12:51.0066 5736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/02/15 23:12:51.0191 5736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/15 23:12:51.0238 5736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/15 23:12:51.0269 5736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/02/15 23:12:51.0331 5736 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/02/15 23:12:51.0378 5736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/02/15 23:12:51.0503 5736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/02/15 23:12:51.0518 5736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/02/15 23:12:51.0581 5736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/02/15 23:12:51.0721 5736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/15 23:12:51.0846 5736 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/02/15 23:12:51.0986 5736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/02/15 23:12:52.0033 5736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/15 23:12:52.0064 5736 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/15 23:12:52.0174 5736 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/15 23:12:52.0205 5736 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/02/15 23:12:52.0252 5736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/15 23:12:52.0361 5736 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/15 23:12:52.0626 5736 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys 2011/02/15 23:12:52.0876 5736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/02/15 23:12:52.0922 5736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/02/15 23:12:52.0969 5736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/15 23:12:53.0063 5736 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2011/02/15 23:12:53.0188 5736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/02/15 23:12:53.0234 5736 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/02/15 23:12:53.0281 5736 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2011/02/15 23:12:53.0312 5736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/02/15 23:12:53.0406 5736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/02/15 23:12:53.0515 5736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/02/15 23:12:53.0624 5736 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/02/15 23:12:53.0671 5736 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/02/15 23:12:53.0702 5736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/02/15 23:12:53.0749 5736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/02/15 23:12:53.0796 5736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/02/15 23:12:53.0921 5736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/02/15 23:12:54.0155 5736 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/15 23:12:54.0186 5736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/02/15 23:12:54.0326 5736 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/15 23:12:54.0404 5736 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys 2011/02/15 23:12:54.0545 5736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/02/15 23:12:54.0670 5736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/02/15 23:12:54.0716 5736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/15 23:12:54.0748 5736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/15 23:12:54.0810 5736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/02/15 23:12:54.0919 5736 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/15 23:12:54.0966 5736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/15 23:12:55.0013 5736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/15 23:12:55.0091 5736 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/15 23:12:55.0138 5736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/02/15 23:12:55.0169 5736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/15 23:12:55.0231 5736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/15 23:12:55.0340 5736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/02/15 23:12:55.0372 5736 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/02/15 23:12:55.0434 5736 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/02/15 23:12:55.0559 5736 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/02/15 23:12:55.0668 5736 rimsptsk (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys 2011/02/15 23:12:55.0777 5736 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 2011/02/15 23:12:55.0933 5736 risdptsk (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys 2011/02/15 23:12:56.0089 5736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/15 23:12:56.0152 5736 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys 2011/02/15 23:12:56.0276 5736 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/02/15 23:12:56.0339 5736 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/02/15 23:12:56.0401 5736 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys 2011/02/15 23:12:56.0526 5736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/02/15 23:12:56.0698 5736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/02/15 23:12:56.0744 5736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/02/15 23:12:56.0822 5736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/02/15 23:12:56.0963 5736 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys 2011/02/15 23:12:56.0994 5736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/02/15 23:12:57.0072 5736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/02/15 23:12:57.0119 5736 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/02/15 23:12:57.0166 5736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/02/15 23:12:57.0228 5736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/02/15 23:12:57.0244 5736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/02/15 23:12:57.0290 5736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/02/15 23:12:57.0462 5736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/02/15 23:12:57.0571 5736 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 2011/02/15 23:12:57.0712 5736 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/15 23:12:57.0805 5736 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 2011/02/15 23:12:57.0977 5736 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 2011/02/15 23:12:58.0117 5736 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 2011/02/15 23:12:58.0258 5736 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/15 23:12:58.0429 5736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/02/15 23:12:58.0538 5736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/02/15 23:12:58.0694 5736 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/02/15 23:12:58.0866 5736 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/15 23:12:58.0991 5736 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/15 23:12:59.0038 5736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/02/15 23:12:59.0069 5736 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/02/15 23:12:59.0116 5736 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/15 23:12:59.0225 5736 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/02/15 23:12:59.0381 5736 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/15 23:12:59.0521 5736 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/15 23:12:59.0630 5736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/02/15 23:12:59.0724 5736 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/15 23:12:59.0849 5736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/02/15 23:12:59.0911 5736 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/15 23:12:59.0942 5736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/02/15 23:13:00.0052 5736 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys 2011/02/15 23:13:00.0114 5736 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/15 23:13:00.0192 5736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/02/15 23:13:00.0254 5736 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/02/15 23:13:00.0301 5736 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/15 23:13:00.0410 5736 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/02/15 23:13:00.0473 5736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/15 23:13:00.0520 5736 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/02/15 23:13:00.0629 5736 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/15 23:13:00.0691 5736 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/02/15 23:13:00.0785 5736 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 2011/02/15 23:13:00.0925 5736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/02/15 23:13:01.0003 5736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/15 23:13:01.0050 5736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/02/15 23:13:01.0081 5736 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/02/15 23:13:01.0128 5736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/02/15 23:13:01.0175 5736 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/02/15 23:13:01.0222 5736 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/02/15 23:13:01.0300 5736 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/02/15 23:13:01.0378 5736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/02/15 23:13:01.0565 5736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/02/15 23:13:01.0658 5736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/02/15 23:13:01.0799 5736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/02/15 23:13:01.0877 5736 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/15 23:13:01.0908 5736 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/15 23:13:02.0033 5736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/02/15 23:13:02.0080 5736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/15 23:13:02.0267 5736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/02/15 23:13:02.0298 5736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/02/15 23:13:02.0438 5736 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/02/15 23:13:02.0579 5736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/02/15 23:13:02.0657 5736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/15 23:13:02.0735 5736 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/02/15 23:13:02.0828 5736 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/15 23:13:02.0922 5736 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 2011/02/15 23:13:02.0969 5736 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys 2011/02/15 23:13:03.0047 5736 ================================================================================ 2011/02/15 23:13:03.0047 5736 Scan finished 2011/02/15 23:13:03.0047 5736 ================================================================================ OTL.zip
  9. colmac
    Hi Folks You guys helped me brilliantly out at the weekend when my own PC got infected. Now got a friends daughter's laptop with a similar issue. Hope you can help again. Much appreciated. Colin DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by User at 11:55:10.48 on 15/02/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3935.2568 [GMT 0:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files\Sony\VAIO Smart Network\VSNService.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Calendarscope\csde.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\User\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101216114202.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Calendarscope] "C:\Program Files (x86)\Calendarscope\csde.exe" uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Notify: VESWinlogon - VESWinlogon.dll BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL BHO-X64: McAfee Phishing Filter - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101216114202.dll BHO-X64: scriptproxy - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-2-12 69376] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-12-16 529128] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-15 55280] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-12-16 75032] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-12-16 283360] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1405384] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-2-8 101048] R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-12-16 355440] R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-12-16 355440] R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-12-16 355440] R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-12-16 200056] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-12-16 245352] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-12-16 149032] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-12-15 19968] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-8-17 35104] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-12-16 62800] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-12-16 190136] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-12-16 441328] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-8 5435904] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-17 11392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-17 393216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176] S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-17 139264] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-12-16 94864] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] =============== Created Last 30 ================ 2011-02-15 11:18:21 -------- d-----w- C:\Program Files\CCleaner 2011-02-15 10:58:37 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes 2011-02-15 10:56:20 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-02-15 10:56:19 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-02-15 10:56:16 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-02-15 10:56:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-02-12 23:06:17 16432 ----a-w- C:\Windows\System32\lsdelete.exe 2011-02-12 21:13:48 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-02-12 21:13:45 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-02-12 21:11:07 -------- d-----w- C:\Users\User\AppData\Local\Sunbelt Software 2011-02-12 21:10:39 -------- dc-h--w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-02-12 21:10:32 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-02-10 10:18:58 714752 ----a-w- C:\Windows\System32\kerberos.dll 2011-02-07 10:44:18 -------- d-----w- C:\Users\User\AppData\Roaming\Duality Software 2011-02-07 10:44:18 -------- d-----w- C:\Program Files (x86)\Calendarscope 2011-02-07 10:44:18 -------- d-----w- C:\PROGRA~3\Duality Software ==================== Find3M ==================== 2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll 2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys 2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll 2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll 2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll 2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll 2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll 2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll 2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll 2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll 2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll 2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll 2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll 2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec 2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts ============= FINISH: 11:56:29.99 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5750 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15/02/2011 11:09:10 mbam-log-2011-02-15 (11-08-59).txt Scan type: Quick scan Objects scanned: 159718 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\User\local settings\temporary internet files\Content.IE5\4HY7KO4O\installer_2002-8_biz8[1].exe (Trojan.FakeAlert) -> No action taken.
  10. colmac
    Borislav Thanks have just posted a small contributio, Sorry it cannot be more! Colin
  11. colmac
    Yes I can believe that. I've disconnecetd that drive. Other than that system seems fine. Thanks very much for the help. I will certainly be reccomending the forum to others. Colin I'm now going onto Paypal.
  12. colmac
    Three found on my sons external HD!!! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.7930.16406 (WIN7_IE9_Beta.100831-2345) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=7433911ef18d8b4f82960372684bcb8e # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-02-12 12:27:12 # local_time=2011-02-12 12:27:12 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 35425218 135038583 0 0 # compatibility_mode=8192 67108863 100 0 3709 3709 0 0 # scanned=219967 # found=3 # cleaned=3 # scan_time=7776 G:\Progs\Audio\Media Monkey 3\MediaMonkey 3\keygen.exe a variant of Win32/Keygen.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Progs\Photos\Breeze\DSLR Remote 1 8 3\keygen.exe.saf probably a variant of Win32/Agent.JELVFYM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\Progs\Photos\Morpheus\MorpheusPhotoMorpher-315.exe probably a variant of Win32/Adware.RK.AB application (deleted - quarantined) 00000000000000000000000000000000 C
  13. colmac
    Hi Borislav Things seems much much better, in fact, the last several steps have made no Visible/apparent change to the system, I have had no problems since yesterday afternoon, after the first few steps. But I understand your warning that several attempts may be necessary to fully remove the problems. So once again thank you very very much for your time and effort, it really is much appreciated. When you see that the world is full of unpleasant people writing these types of programs, it is great that the world is also full of people who will spend their time helping others. Well done Colin PS I did ask you to let me know what a "fair" donation via Paypal would be. Don't forget.
  14. colmac
    ComboFix 11-02-11.02 - Colin 12/02/2011 9:31.3.2 - x86 Microsoft
  15. colmac
    SystemLook 04.09.10 by jpshortstuff Log created at 23:24 on 11/02/2011 by Colin Administrator - Elevation successful No Context: CODE ========== dir ========== c:\programdata\hDnIpFn15400\hDnIpFn15400 - Unable to find folder. -= EOF =-
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.