jkpbba

Members

View Profile See their activity

Posts
5
Joined
July 8, 2011
Last visited
July 11, 2011

Reputation

0 Neutral

IP address from hell!

jkpbba replied to jkpbba's topic in Resolved Malware Removal Logs

So far so GOOD! You guys are the BEST!!!!
- July 11, 2011
- 10 replies
IP address from hell!

jkpbba replied to jkpbba's topic in Resolved Malware Removal Logs

ComboFix 11-07-11.02 - Kats 07/11/2011 15:43:19.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1668 [GMT -7:00] Running from: c:\users\Kats\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\readme.txt c:\users\Kats\AppData\Local\Microsoft\Windows\Temporary Internet Files\{156E4C55-6224-4C17-AA93-B4D941AC45B5}.xps c:\users\Kats\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4BBCC75F-9B14-482F-A653-5272E53B580C}.xps c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 ))))))))))))))))))))))))))))))) . . 2011-07-11 22:27 . 2011-07-11 22:27 -------- d-----w- c:\users\Kats\AppData\Roaming\Avira 2011-07-11 21:42 . 2011-07-11 21:42 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-07-11 21:12 . 2011-07-11 21:12 -------- d-----w- c:\users\Kats\AppData\Local\Apple Computer 2011-07-10 00:23 . 2011-07-10 00:23 -------- d-----w- c:\users\Kats\AppData\Roaming\Frozen Kingdom 2011-07-08 19:04 . 2011-07-09 19:05 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-08 19:04 . 2011-07-09 19:05 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-08 19:04 . 2011-07-08 19:04 -------- d-----w- c:\programdata\Avira 2011-07-08 19:04 . 2011-07-08 19:04 -------- d-----w- c:\program files (x86)\Avira 2011-07-08 16:41 . 2011-07-08 17:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-08 16:41 . 2011-07-08 16:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-07-06 06:39 . 2011-07-06 06:39 -------- d-----w- c:\windows\system32\SPReview 2011-07-06 06:38 . 2011-07-06 06:38 -------- d-----w- c:\windows\system32\EventProviders 2011-07-06 06:31 . 2011-07-06 06:31 -------- d-----w- C:\perflogs 2011-07-02 03:57 . 2011-07-02 03:57 -------- d-----w- c:\users\Kats\AppData\Roaming\ERS Game Studios 2011-07-02 03:48 . 2011-07-02 03:50 -------- d-----w- c:\program files (x86)\Grim Facade - Mystery of Venice Collectors Edition 2011-07-01 18:47 . 2010-11-20 13:33 376192 ----a-w- c:\windows\system32\drivers\netio.sys 2011-07-01 18:46 . 2010-11-20 13:27 392192 ----a-w- c:\windows\system32\WMPhoto.dll 2011-07-01 18:45 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-07-01 18:45 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-07-01 18:45 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-07-01 18:44 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-07-01 18:44 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-07-01 18:44 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-07-01 18:44 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-06-29 01:40 . 2011-06-29 01:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-06-28 19:45 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-28 19:45 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-06-28 19:45 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-06-28 19:45 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-06-28 19:45 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-06-28 19:45 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll 2011-06-15 06:40 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 06:40 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 06:40 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2011-06-15 06:38 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 06:38 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-06-12 22:15 . 2011-06-12 22:15 -------- d-----w- c:\program files\iTunes 2011-06-12 22:15 . 2011-06-12 22:15 -------- d-----w- c:\program files (x86)\iTunes 2011-06-12 22:15 . 2011-06-12 22:15 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-11 18:40 . 2011-04-13 23:41 5326 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-07-06 06:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-07-06 06:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-05-04 11:52 . 2010-04-22 02:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-02 20:07 . 2011-05-02 20:07 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll 2011-04-28 17:13 . 2011-04-28 17:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-28 17:13 . 2011-04-28 17:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-04-28 17:13 . 2011-04-28 17:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-04-28 17:13 . 2011-04-28 17:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-04-28 17:13 . 2011-04-28 17:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-04-28 17:13 . 2011-04-28 17:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-04-28 17:13 . 2011-04-28 17:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-04-28 17:13 . 2011-04-28 17:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-04-28 17:13 . 2011-04-28 17:13 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-04-28 17:13 . 2011-04-28 17:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-04-28 17:13 . 2011-04-28 17:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-04-28 17:13 . 2011-04-28 17:13 222208 ----a-w- c:\windows\system32\msls31.dll 2011-04-28 17:13 . 2011-04-28 17:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-28 17:13 . 2011-04-28 17:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-04-28 17:13 . 2011-04-28 17:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-04-28 17:13 . 2011-04-28 17:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-04-28 17:13 . 2011-04-28 17:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-04-28 17:13 . 2011-04-28 17:13 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-04-28 17:13 . 2011-04-28 17:13 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-04-28 17:13 . 2011-04-28 17:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-04-28 17:13 . 2011-04-28 17:13 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-04-28 17:13 . 2011-04-28 17:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-04-28 17:13 . 2011-04-28 17:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-04-28 17:13 . 2011-04-28 17:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-28 17:13 . 2011-04-28 17:13 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-04-28 17:13 . 2011-04-28 17:13 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-04-28 17:13 . 2011-04-28 17:13 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-04-28 17:13 . 2011-04-28 17:13 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-04-28 17:13 . 2011-04-28 17:13 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-28 17:13 . 2011-04-28 17:13 448512 ----a-w- c:\windows\system32\html.iec 2011-04-28 17:13 . 2011-04-28 17:13 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-28 17:13 . 2011-04-28 17:13 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-04-28 17:13 . 2011-04-28 17:13 160256 ----a-w- c:\windows\system32\wextract.exe 2011-04-28 17:13 . 2011-04-28 17:13 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-28 17:13 . 2011-04-28 17:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-28 17:13 . 2011-04-28 17:13 12288 ----a-w- c:\windows\system32\mshta.exe 2011-04-28 17:13 . 2011-04-28 17:13 114176 ----a-w- c:\windows\system32\admparse.dll 2011-04-28 17:13 . 2011-04-28 17:13 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-22 22:15 . 2011-05-25 16:14 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-13 20:37 . 2011-04-13 20:37 231701 --sha-w- c:\users\Kats\AppData\Local\nap.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408] "googletalk"="c:\users\Kats\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-09-01 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-05-24 30192] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Kats\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sidebar.exe.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2011-7-1 1174016] sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2011-7-1 1174016] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 135664] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-05-24 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 135664] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-01-23 120248] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 04:02] . 2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 04:02] . 2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68816363-1089987894-457957118-1000Core.job - c:\users\Kats\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-17 02:49] . 2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68816363-1089987894-457957118-1000UA.job - c:\users\Kats\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-17 02:49] . 2011-07-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2011-07-08 22:31] . 2011-07-08 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2011-07-08 22:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 410648] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-MsMpSvc Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-FF389026-F961-42C5-BACD-B4A3AA73E0F3 - c:\users\Kats\Desktop\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-68816363-1089987894-457957118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-68816363-1089987894-457957118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe . ************************************************************************** . Completion time: 2011-07-11 16:25:32 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-11 23:25 . Pre-Run: 210,055,147,520 bytes free Post-Run: 210,116,591,616 bytes free . - - End Of File - - 15AE8271F1351FB602971B0B5BF50BCA
- July 11, 2011
- 10 replies
IP address from hell!

jkpbba replied to jkpbba's topic in Resolved Malware Removal Logs

It came back. 12:01:10 Kats MESSAGE Scheduled update executed successfully 12:03:35 Kats MESSAGE IP Protection stopped 12:03:49 Kats MESSAGE Database updated successfully 12:03:52 Kats MESSAGE IP Protection started successfully 14:13:45 Kats MESSAGE Protection started successfully 14:13:50 Kats MESSAGE IP Protection started successfully 14:28:27 Kats MESSAGE IP Protection stopped 14:28:30 Kats MESSAGE Database updated successfully 14:28:31 Kats MESSAGE IP Protection started successfully 14:34:09 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49548, Process: rundll32.exe) 14:34:09 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49549, Process: rundll32.exe) 14:34:17 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49550, Process: rundll32.exe) 14:34:17 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49551, Process: rundll32.exe) 14:36:02 Kats MESSAGE Protection started successfully 14:36:11 Kats MESSAGE IP Protection started successfully 14:56:28 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49239, Process: rundll32.exe) 14:56:36 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49240, Process: rundll32.exe) 14:56:36 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49241, Process: rundll32.exe) 14:56:36 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49242, Process: rundll32.exe) 15:02:14 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49244, Process: rundll32.exe) 15:02:22 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49245, Process: rundll32.exe) 15:02:22 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49246, Process: rundll32.exe) 15:02:22 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49247, Process: rundll32.exe) 15:08:33 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49248, Process: rundll32.exe) 15:08:33 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49249, Process: rundll32.exe) 15:08:33 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49250, Process: rundll32.exe) 15:08:33 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49251, Process: rundll32.exe) 15:12:35 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49254, Process: rundll32.exe) 15:12:43 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49255, Process: rundll32.exe) 15:12:43 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49256, Process: rundll32.exe) 15:12:43 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 49257, Process: rundll32.exe) 15:16:44 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49290, Process: rundll32.exe) 15:16:44 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49294, Process: rundll32.exe) 15:16:44 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49295, Process: rundll32.exe) 15:16:44 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 49296, Process: rundll32.exe)
- July 11, 2011
- 10 replies
IP address from hell!

jkpbba replied to jkpbba's topic in Resolved Malware Removal Logs

2011/07/11 14:08:07.0221 4568 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 2011/07/11 14:08:08.0041 4568 ================================================================================ 2011/07/11 14:08:08.0041 4568 SystemInfo: 2011/07/11 14:08:08.0041 4568 2011/07/11 14:08:08.0041 4568 OS Version: 6.1.7601 ServicePack: 1.0 2011/07/11 14:08:08.0041 4568 Product type: Workstation 2011/07/11 14:08:08.0041 4568 ComputerName: KATS-LAPPY 2011/07/11 14:08:08.0041 4568 UserName: Kats 2011/07/11 14:08:08.0041 4568 Windows directory: C:\windows 2011/07/11 14:08:08.0041 4568 System windows directory: C:\windows 2011/07/11 14:08:08.0041 4568 Running under WOW64 2011/07/11 14:08:08.0041 4568 Processor architecture: Intel x64 2011/07/11 14:08:08.0041 4568 Number of processors: 2 2011/07/11 14:08:08.0041 4568 Page size: 0x1000 2011/07/11 14:08:08.0041 4568 Boot type: Normal boot 2011/07/11 14:08:08.0041 4568 ================================================================================ 2011/07/11 14:08:08.0581 4568 Initialize success 2011/07/11 14:08:13.0971 4716 ================================================================================ 2011/07/11 14:08:13.0971 4716 Scan started 2011/07/11 14:08:13.0971 4716 Mode: Manual; 2011/07/11 14:08:13.0971 4716 ================================================================================ 2011/07/11 14:08:16.0301 4716 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 2011/07/11 14:08:16.0451 4716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 2011/07/11 14:08:16.0601 4716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 2011/07/11 14:08:16.0801 4716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 2011/07/11 14:08:16.0971 4716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 2011/07/11 14:08:17.0131 4716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 2011/07/11 14:08:17.0321 4716 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys 2011/07/11 14:08:17.0461 4716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 2011/07/11 14:08:17.0621 4716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 2011/07/11 14:08:17.0761 4716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 2011/07/11 14:08:17.0901 4716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 2011/07/11 14:08:18.0031 4716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 2011/07/11 14:08:18.0181 4716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 2011/07/11 14:08:18.0311 4716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 2011/07/11 14:08:18.0441 4716 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 2011/07/11 14:08:18.0661 4716 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 2011/07/11 14:08:18.0821 4716 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 2011/07/11 14:08:18.0961 4716 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 2011/07/11 14:08:19.0101 4716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 2011/07/11 14:08:19.0261 4716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 2011/07/11 14:08:19.0391 4716 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys 2011/07/11 14:08:19.0501 4716 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys 2011/07/11 14:08:19.0641 4716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 2011/07/11 14:08:19.0771 4716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 2011/07/11 14:08:19.0911 4716 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 2011/07/11 14:08:20.0071 4716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 2011/07/11 14:08:20.0221 4716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 2011/07/11 14:08:20.0361 4716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 2011/07/11 14:08:20.0471 4716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 2011/07/11 14:08:20.0601 4716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 2011/07/11 14:08:20.0751 4716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 2011/07/11 14:08:20.0881 4716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 2011/07/11 14:08:21.0011 4716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 2011/07/11 14:08:21.0151 4716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 2011/07/11 14:08:21.0281 4716 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 2011/07/11 14:08:21.0421 4716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys 2011/07/11 14:08:21.0541 4716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 2011/07/11 14:08:21.0641 4716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 2011/07/11 14:08:21.0791 4716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 2011/07/11 14:08:21.0911 4716 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 2011/07/11 14:08:22.0041 4716 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys 2011/07/11 14:08:22.0211 4716 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys 2011/07/11 14:08:22.0341 4716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 2011/07/11 14:08:22.0471 4716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys 2011/07/11 14:08:22.0601 4716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 2011/07/11 14:08:22.0791 4716 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys 2011/07/11 14:08:22.0951 4716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 2011/07/11 14:08:23.0081 4716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 2011/07/11 14:08:23.0211 4716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 2011/07/11 14:08:23.0361 4716 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 2011/07/11 14:08:23.0501 4716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 2011/07/11 14:08:23.0691 4716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 2011/07/11 14:08:23.0931 4716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys 2011/07/11 14:08:24.0061 4716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 2011/07/11 14:08:24.0221 4716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 2011/07/11 14:08:24.0341 4716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 2011/07/11 14:08:24.0481 4716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys 2011/07/11 14:08:24.0601 4716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 2011/07/11 14:08:24.0711 4716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 2011/07/11 14:08:24.0821 4716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys 2011/07/11 14:08:24.0961 4716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 2011/07/11 14:08:25.0111 4716 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 2011/07/11 14:08:25.0221 4716 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 2011/07/11 14:08:25.0351 4716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 2011/07/11 14:08:25.0481 4716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys 2011/07/11 14:08:25.0631 4716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/11 14:08:25.0771 4716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 2011/07/11 14:08:25.0911 4716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 2011/07/11 14:08:26.0061 4716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys 2011/07/11 14:08:26.0181 4716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys 2011/07/11 14:08:26.0271 4716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys 2011/07/11 14:08:26.0391 4716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys 2011/07/11 14:08:26.0541 4716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys 2011/07/11 14:08:26.0691 4716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 2011/07/11 14:08:26.0851 4716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 2011/07/11 14:08:26.0981 4716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 2011/07/11 14:08:27.0131 4716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys 2011/07/11 14:08:27.0241 4716 iaStor (be7d72fcf442c26975942007e0831241) C:\windows\system32\DRIVERS\iaStor.sys 2011/07/11 14:08:27.0361 4716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 2011/07/11 14:08:27.0761 4716 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys 2011/07/11 14:08:28.0111 4716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys 2011/07/11 14:08:28.0251 4716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 2011/07/11 14:08:28.0361 4716 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 2011/07/11 14:08:28.0481 4716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 2011/07/11 14:08:28.0611 4716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 2011/07/11 14:08:28.0731 4716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 2011/07/11 14:08:28.0871 4716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 2011/07/11 14:08:29.0001 4716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 2011/07/11 14:08:29.0121 4716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 2011/07/11 14:08:29.0271 4716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys 2011/07/11 14:08:29.0401 4716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 2011/07/11 14:08:29.0531 4716 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys 2011/07/11 14:08:29.0661 4716 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys 2011/07/11 14:08:29.0781 4716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 2011/07/11 14:08:29.0901 4716 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys 2011/07/11 14:08:30.0031 4716 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 2011/07/11 14:08:30.0171 4716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys 2011/07/11 14:08:30.0291 4716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys 2011/07/11 14:08:30.0411 4716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys 2011/07/11 14:08:30.0531 4716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys 2011/07/11 14:08:30.0661 4716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 2011/07/11 14:08:30.0811 4716 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\windows\system32\drivers\mbam.sys 2011/07/11 14:08:30.0941 4716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 2011/07/11 14:08:31.0051 4716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys 2011/07/11 14:08:31.0161 4716 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 2011/07/11 14:08:31.0271 4716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 2011/07/11 14:08:31.0421 4716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys 2011/07/11 14:08:31.0531 4716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 2011/07/11 14:08:31.0671 4716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 2011/07/11 14:08:31.0821 4716 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\windows\system32\DRIVERS\MpFilter.sys 2011/07/11 14:08:31.0941 4716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 2011/07/11 14:08:32.0071 4716 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\windows\system32\DRIVERS\MpNWMon.sys 2011/07/11 14:08:32.0181 4716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 2011/07/11 14:08:32.0311 4716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 2011/07/11 14:08:32.0441 4716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/07/11 14:08:32.0601 4716 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys 2011/07/11 14:08:32.0711 4716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 2011/07/11 14:08:32.0831 4716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 2011/07/11 14:08:32.0961 4716 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 2011/07/11 14:08:33.0091 4716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 2011/07/11 14:08:33.0211 4716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 2011/07/11 14:08:33.0301 4716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 2011/07/11 14:08:33.0421 4716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 2011/07/11 14:08:33.0541 4716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 2011/07/11 14:08:33.0651 4716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 2011/07/11 14:08:33.0761 4716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 2011/07/11 14:08:33.0891 4716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys 2011/07/11 14:08:34.0011 4716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 2011/07/11 14:08:34.0111 4716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys 2011/07/11 14:08:34.0231 4716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 2011/07/11 14:08:34.0351 4716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 2011/07/11 14:08:34.0541 4716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 2011/07/11 14:08:34.0691 4716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 2011/07/11 14:08:34.0801 4716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 2011/07/11 14:08:34.0941 4716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 2011/07/11 14:08:35.0071 4716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 2011/07/11 14:08:35.0211 4716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 2011/07/11 14:08:35.0331 4716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 2011/07/11 14:08:35.0481 4716 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 2011/07/11 14:08:35.0631 4716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys 2011/07/11 14:08:35.0761 4716 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\windows\system32\DRIVERS\NisDrvWFP.sys 2011/07/11 14:08:35.0901 4716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 2011/07/11 14:08:36.0021 4716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 2011/07/11 14:08:36.0181 4716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 2011/07/11 14:08:36.0371 4716 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 2011/07/11 14:08:36.0501 4716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 2011/07/11 14:08:36.0651 4716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 2011/07/11 14:08:36.0811 4716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 2011/07/11 14:08:36.0931 4716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 2011/07/11 14:08:37.0081 4716 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys 2011/07/11 14:08:37.0221 4716 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 2011/07/11 14:08:37.0361 4716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 2011/07/11 14:08:37.0501 4716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 2011/07/11 14:08:37.0611 4716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys 2011/07/11 14:08:37.0731 4716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 2011/07/11 14:08:37.0841 4716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 2011/07/11 14:08:38.0041 4716 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys 2011/07/11 14:08:38.0221 4716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 2011/07/11 14:08:38.0331 4716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys 2011/07/11 14:08:38.0501 4716 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 2011/07/11 14:08:38.0701 4716 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys 2011/07/11 14:08:38.0841 4716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys 2011/07/11 14:08:38.0971 4716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys 2011/07/11 14:08:39.0081 4716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 2011/07/11 14:08:39.0191 4716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 2011/07/11 14:08:39.0311 4716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 2011/07/11 14:08:39.0441 4716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/07/11 14:08:39.0561 4716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 2011/07/11 14:08:39.0671 4716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 2011/07/11 14:08:39.0821 4716 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 2011/07/11 14:08:39.0951 4716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 2011/07/11 14:08:40.0051 4716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/07/11 14:08:40.0171 4716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 2011/07/11 14:08:40.0271 4716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 2011/07/11 14:08:40.0381 4716 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys 2011/07/11 14:08:40.0521 4716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 2011/07/11 14:08:40.0671 4716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 2011/07/11 14:08:40.0801 4716 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys 2011/07/11 14:08:40.0931 4716 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys 2011/07/11 14:08:41.0061 4716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 2011/07/11 14:08:41.0211 4716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 2011/07/11 14:08:41.0351 4716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 2011/07/11 14:08:41.0471 4716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys 2011/07/11 14:08:41.0571 4716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys 2011/07/11 14:08:41.0691 4716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys 2011/07/11 14:08:41.0861 4716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 2011/07/11 14:08:41.0991 4716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 2011/07/11 14:08:42.0131 4716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 2011/07/11 14:08:42.0251 4716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 2011/07/11 14:08:42.0371 4716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys 2011/07/11 14:08:42.0481 4716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys 2011/07/11 14:08:42.0611 4716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 2011/07/11 14:08:42.0771 4716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 2011/07/11 14:08:42.0931 4716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 2011/07/11 14:08:43.0081 4716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 2011/07/11 14:08:43.0211 4716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 2011/07/11 14:08:43.0351 4716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys 2011/07/11 14:08:43.0481 4716 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys 2011/07/11 14:08:43.0611 4716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys 2011/07/11 14:08:43.0761 4716 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys 2011/07/11 14:08:43.0951 4716 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys 2011/07/11 14:08:44.0181 4716 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys 2011/07/11 14:08:44.0321 4716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 2011/07/11 14:08:44.0451 4716 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 2011/07/11 14:08:44.0591 4716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 2011/07/11 14:08:44.0701 4716 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys 2011/07/11 14:08:44.0861 4716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 2011/07/11 14:08:44.0981 4716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys 2011/07/11 14:08:45.0201 4716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 2011/07/11 14:08:45.0341 4716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 2011/07/11 14:08:45.0481 4716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 2011/07/11 14:08:45.0601 4716 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 2011/07/11 14:08:45.0701 4716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys 2011/07/11 14:08:45.0831 4716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 2011/07/11 14:08:45.0971 4716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 2011/07/11 14:08:46.0111 4716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys 2011/07/11 14:08:46.0211 4716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 2011/07/11 14:08:46.0371 4716 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys 2011/07/11 14:08:46.0521 4716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 2011/07/11 14:08:46.0661 4716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 2011/07/11 14:08:46.0811 4716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 2011/07/11 14:08:46.0951 4716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 2011/07/11 14:08:47.0081 4716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 2011/07/11 14:08:47.0181 4716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 2011/07/11 14:08:47.0301 4716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS 2011/07/11 14:08:47.0421 4716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys 2011/07/11 14:08:47.0551 4716 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys 2011/07/11 14:08:47.0701 4716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 2011/07/11 14:08:47.0841 4716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 2011/07/11 14:08:47.0941 4716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 2011/07/11 14:08:48.0071 4716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 2011/07/11 14:08:48.0211 4716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 2011/07/11 14:08:48.0341 4716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 2011/07/11 14:08:48.0471 4716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 2011/07/11 14:08:48.0621 4716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 2011/07/11 14:08:48.0751 4716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys 2011/07/11 14:08:48.0871 4716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 2011/07/11 14:08:48.0971 4716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 2011/07/11 14:08:49.0101 4716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys 2011/07/11 14:08:49.0251 4716 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 2011/07/11 14:08:49.0281 4716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 2011/07/11 14:08:49.0421 4716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys 2011/07/11 14:08:49.0551 4716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 2011/07/11 14:08:49.0721 4716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 2011/07/11 14:08:49.0831 4716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 2011/07/11 14:08:50.0011 4716 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 2011/07/11 14:08:50.0161 4716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 2011/07/11 14:08:50.0321 4716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 2011/07/11 14:08:50.0471 4716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 2011/07/11 14:08:50.0621 4716 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 2011/07/11 14:08:50.0701 4716 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 2011/07/11 14:08:50.0721 4716 Boot (0x1200) (aff6170ddc74f7884e1370d55838cbbd) \Device\Harddisk0\DR0\Partition0 2011/07/11 14:08:50.0731 4716 ================================================================================ 2011/07/11 14:08:50.0731 4716 Scan finished 2011/07/11 14:08:50.0731 4716 ================================================================================ 2011/07/11 14:08:50.0751 4956 Detected object count: 0 2011/07/11 14:08:50.0751 4956 Actual detected object count: 0 Seems to be doing ok so far. I haven't seen the pop up since I ran the defogger thing a couple of days ago. Thanks SO much!!!! -Kat
- July 11, 2011
- 10 replies
jkpbba

gerardwil
I was told to contact an admin (is that what you are?) to change my something or other back to 0 so someone will respond to my issue. I sure hope you understand because I'm not sure I do. thanks!
- July 8, 2011
IP address from hell!

jkpbba posted a topic in Resolved Malware Removal Logs

Every few minutes I get another pop up telling me Malwarebytes is blocking a certain IP address: 94.75.207.73 . It's in the Netherlands or Amsterdam and I am in AZ,USA. I see that you have helped others. Can you help me PLEASE?!?! Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7049 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/8/2011 11:48:12 AM mbam-log-2011-07-08 (11-48-12).txt Scan type: Full scan (C:\|) Objects scanned: 379125 Time elapsed: 49 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 00:16:33 Kats IP-BLOCK 94.100.29.205 (Type: outgoing, Port: 39259, Process: utorrent.exe) 00:21:15 Kats IP-BLOCK 89.28.51.201 (Type: outgoing, Port: 39259, Process: utorrent.exe) 00:25:50 Kats IP-BLOCK 124.217.230.50 (Type: outgoing, Port: 39259, Process: utorrent.exe) 00:36:27 Kats IP-BLOCK 218.9.178.166 (Type: outgoing, Port: 39259, Process: utorrent.exe) 07:41:37 Kats MESSAGE Protection started successfully 07:41:42 Kats MESSAGE IP Protection started successfully 09:14:15 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50080, Process: rundll32.exe) 09:14:15 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50081, Process: rundll32.exe) 09:14:15 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50082, Process: rundll32.exe) 09:14:15 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50083, Process: rundll32.exe) 09:18:01 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50145, Process: rundll32.exe) 09:18:01 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50146, Process: rundll32.exe) 09:18:01 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50147, Process: rundll32.exe) 09:18:01 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50148, Process: rundll32.exe) 09:22:59 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50213, Process: rundll32.exe) 09:22:59 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50214, Process: rundll32.exe) 09:22:59 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50215, Process: rundll32.exe) 09:22:59 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50216, Process: rundll32.exe) 09:25:28 Kats MESSAGE IP Protection stopped 09:25:30 Kats MESSAGE Database updated successfully 09:25:32 Kats MESSAGE IP Protection started successfully 09:28:36 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50285, Process: rundll32.exe) 09:28:44 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50286, Process: rundll32.exe) 09:28:44 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50287, Process: rundll32.exe) 09:28:44 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50288, Process: rundll32.exe) 09:32:39 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50456, Process: rundll32.exe) 09:32:39 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50457, Process: rundll32.exe) 09:32:39 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50458, Process: rundll32.exe) 09:32:39 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50459, Process: rundll32.exe) 09:38:26 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50648, Process: rundll32.exe) 09:38:34 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50649, Process: rundll32.exe) 09:38:34 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50650, Process: rundll32.exe) 09:38:34 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50651, Process: rundll32.exe) 09:42:20 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50748, Process: rundll32.exe) 09:42:28 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50749, Process: rundll32.exe) 09:42:28 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50750, Process: rundll32.exe) 09:42:28 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50751, Process: rundll32.exe) 09:48:48 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50785, Process: rundll32.exe) 09:48:48 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50786, Process: rundll32.exe) 09:48:48 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50787, Process: rundll32.exe) 09:48:48 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50788, Process: rundll32.exe) 09:53:46 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50806, Process: rundll32.exe) 09:53:54 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50807, Process: rundll32.exe) 09:53:54 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50808, Process: rundll32.exe) 09:53:54 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 50809, Process: rundll32.exe) 09:58:29 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50810, Process: rundll32.exe) 09:58:29 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50811, Process: rundll32.exe) 09:58:29 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50812, Process: rundll32.exe) 09:58:29 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50813, Process: rundll32.exe) 10:15:18 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50828, Process: rundll32.exe) 10:15:18 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50829, Process: rundll32.exe) 10:15:18 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50830, Process: rundll32.exe) 10:15:18 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50831, Process: rundll32.exe) 10:31:10 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50967, Process: rundll32.exe) 10:31:10 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50968, Process: rundll32.exe) 10:31:10 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50969, Process: rundll32.exe) 10:31:10 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 50970, Process: rundll32.exe) 10:43:09 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51052, Process: rundll32.exe) 10:43:09 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51053, Process: rundll32.exe) 10:43:09 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51054, Process: rundll32.exe) 10:43:09 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51055, Process: rundll32.exe) 11:01:51 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51201, Process: rundll32.exe) 11:01:59 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51202, Process: rundll32.exe) 11:01:59 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51203, Process: rundll32.exe) 11:01:59 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51204, Process: rundll32.exe) 11:16:00 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51325, Process: rundll32.exe) 11:16:00 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51326, Process: rundll32.exe) 11:16:00 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51327, Process: rundll32.exe) 11:16:00 Kats IP-BLOCK 94.75.207.72 (Type: outgoing, Port: 51328, Process: rundll32.exe) 11:26:39 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51345, Process: rundll32.exe) 11:26:39 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51346, Process: rundll32.exe) 11:26:39 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51347, Process: rundll32.exe) 11:26:39 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51348, Process: rundll32.exe) 11:45:07 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51372, Process: rundll32.exe) 11:45:15 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51373, Process: rundll32.exe) 11:45:15 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51374, Process: rundll32.exe) 11:45:15 Kats IP-BLOCK 94.75.207.73 (Type: outgoing, Port: 51375, Process: rundll32.exe) Avira AntiVir Personal Report file date: Friday, July 08, 2011 12:06 Scanning for 2803752 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 x64 Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : Kats Computer name : KATS-LAPPY Version information: BUILD.DAT : 10.0.0.650 31822 Bytes 6/17/2011 15:43:00 AVSCAN.EXE : 10.0.4.2 442024 Bytes 6/17/2011 19:36:21 AVSCAN.DLL : 10.0.3.0 46440 Bytes 6/17/2011 19:37:04 LUKE.DLL : 10.0.3.2 104296 Bytes 6/17/2011 19:36:49 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 14:53:55 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 14:53:56 VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 19:36:57 VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 19:18:22 VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 19:05:17 VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 19:05:17 VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 19:05:17 VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 19:05:17 VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 19:05:17 VBASE010.VDF : 7.11.11.0 2048 Bytes 7/7/2011 19:05:17 VBASE011.VDF : 7.11.11.1 2048 Bytes 7/7/2011 19:05:17 VBASE012.VDF : 7.11.11.2 2048 Bytes 7/7/2011 19:05:17 VBASE013.VDF : 7.11.11.3 2048 Bytes 7/7/2011 19:05:17 VBASE014.VDF : 7.11.11.4 2048 Bytes 7/7/2011 19:05:17 VBASE015.VDF : 7.11.11.5 2048 Bytes 7/7/2011 19:05:17 VBASE016.VDF : 7.11.11.6 2048 Bytes 7/7/2011 19:05:17 VBASE017.VDF : 7.11.11.7 2048 Bytes 7/7/2011 19:05:17 VBASE018.VDF : 7.11.11.8 2048 Bytes 7/7/2011 19:05:18 VBASE019.VDF : 7.11.11.9 2048 Bytes 7/7/2011 19:05:18 VBASE020.VDF : 7.11.11.10 2048 Bytes 7/7/2011 19:05:18 VBASE021.VDF : 7.11.11.11 2048 Bytes 7/7/2011 19:05:18 VBASE022.VDF : 7.11.11.12 2048 Bytes 7/7/2011 19:05:18 VBASE023.VDF : 7.11.11.13 2048 Bytes 7/7/2011 19:05:18 VBASE024.VDF : 7.11.11.14 2048 Bytes 7/7/2011 19:05:18 VBASE025.VDF : 7.11.11.15 2048 Bytes 7/7/2011 19:05:18 VBASE026.VDF : 7.11.11.16 2048 Bytes 7/7/2011 19:05:18 VBASE027.VDF : 7.11.11.17 2048 Bytes 7/7/2011 19:05:18 VBASE028.VDF : 7.11.11.18 2048 Bytes 7/7/2011 19:05:18 VBASE029.VDF : 7.11.11.19 2048 Bytes 7/7/2011 19:05:18 VBASE030.VDF : 7.11.11.20 2048 Bytes 7/7/2011 19:05:18 VBASE031.VDF : 7.11.11.45 83456 Bytes 7/8/2011 19:05:19 Engineversion : 8.2.6.6 AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 14:53:28 AESCRIPT.DLL : 8.1.3.69 1614203 Bytes 7/8/2011 19:05:26 AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 14:53:27 AESBX.DLL : 8.2.1.34 323957 Bytes 6/16/2011 07:54:00 AERDL.DLL : 8.1.9.12 639348 Bytes 7/8/2011 19:05:25 AEPACK.DLL : 8.2.6.10 557430 Bytes 7/8/2011 19:05:24 AEOFFICE.DLL : 8.1.2.9 196985 Bytes 7/8/2011 19:05:23 AEHEUR.DLL : 8.1.2.138 3596663 Bytes 7/8/2011 19:05:23 AEHELP.DLL : 8.1.17.3 246134 Bytes 7/8/2011 19:05:21 AEGEN.DLL : 8.1.5.6 401780 Bytes 6/16/2011 07:54:00 AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 14:53:14 AECORE.DLL : 8.1.21.1 196983 Bytes 6/16/2011 07:54:00 AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 14:53:14 AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 14:53:36 AVPREF.DLL : 10.0.0.0 44904 Bytes 6/17/2011 19:36:20 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2011 19:36:20 AVREG.DLL : 10.0.3.2 53096 Bytes 6/17/2011 19:36:20 AVSCPLR.DLL : 10.0.4.2 84840 Bytes 6/17/2011 19:36:21 AVARKT.DLL : 10.0.22.6 231784 Bytes 6/17/2011 19:36:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 6/17/2011 19:36:18 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 14:53:36 NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 14:53:46 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 6/17/2011 19:37:06 RCTEXT.DLL : 10.0.58.0 97128 Bytes 6/17/2011 19:37:06 Configuration settings for the scan: Jobname.............................: Short system scan after installation Configuration file..................: c:\program files (x86)\avira\antivir desktop\setupprf.dat Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Friday, July 08, 2011 12:06 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'setup.exe' - '1' Module(s) have been scanned Scan process 'presetup.exe' - '1' Module(s) have been scanned Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'IELowutil.exe' - '1' Module(s) have been scanned Scan process 'mbamservice.exe' - '1' Module(s) have been scanned Scan process 'BrYNSvc.exe' - '1' Module(s) have been scanned Scan process 'mbamgui.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned Scan process 'BrStMonW.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'wfcrun32.exe' - '1' Module(s) have been scanned Scan process 'concentr.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'qbupdate.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned Scan process 'SymcPCCULaunchSvc.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'armsvc.exe' - '1' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Starting to scan executable files (registry). The registry was scanned ( '200' files ). End of the scan: Friday, July 08, 2011 12:06 Used time: 00:27 Minute(s) The scan has been done completely. 0 Scanned directories 796 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 796 Files not concerned 6 Archives were scanned 0 Warnings 0 Notes . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kats at 12:08:32 on 2011-07-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1311 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\taskeng.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\rundll32.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Kats\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kats\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kats\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kats\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\NOTEPAD.EXE C:\windows\system32\taskeng.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Users\Kats\Downloads\Defogger.exe C:\windows\system32\conhost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "C:\Users\Kats\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [googletalk] C:\Users\Kats\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min StartupFolder: C:\Users\Kats\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SIDEBA~1.LNK - C:\Program Files (x86)\Windows Sidebar\sidebar.exe StartupFolder: C:\Users\Kats\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{81948DF2-5649-4FA4-8F05-3E3216BAA9FC} : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{81948DF2-5649-4FA4-8F05-3E3216BAA9FC}\3547574656E647 : DhcpNameServer = 10.131.241.32 10.130.241.32 TCP: Interfaces\{81948DF2-5649-4FA4-8F05-3E3216BAA9FC}\76C6F616C2C6C636 : DhcpNameServer = 192.168.0.1 205.171.3.25 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL . ============= SERVICES / DRIVERS =============== . R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-8 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-8 269480] R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-14 366640] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-8-16 120248] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-8-16 126392] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-5-19 245760] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 135664] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-8 1153368] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-5-24 30192] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 135664] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-07-08 19:04:34 83120 ----a-w- C:\windows\System32\drivers\avgntflt.sys 2011-07-08 19:04:33 -------- d-----w- C:\ProgramData\Avira 2011-07-08 19:04:33 -------- d-----w- C:\Program Files (x86)\Avira 2011-07-08 16:41:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-07-08 16:41:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-07-06 06:39:20 -------- d-----w- C:\windows\System32\SPReview 2011-07-06 06:38:28 -------- d-----w- C:\windows\System32\EventProviders 2011-07-06 06:31:25 -------- d-----w- C:\perflogs 2011-07-04 15:39:30 -------- d-----w- C:\Users\Kats\AppData\Local\{941BA8DA-F770-4F3E-BD05-A688D005C975} 2011-07-02 03:57:38 -------- d-----w- C:\Users\Kats\AppData\Roaming\ERS Game Studios 2011-07-02 03:48:55 -------- d-----w- C:\Program Files (x86)\Grim Facade - Mystery of Venice Collectors Edition 2011-07-01 18:47:59 395776 ----a-w- C:\windows\System32\webio.dll 2011-07-01 18:46:59 98304 ----a-w- C:\windows\SysWow64\fphc.dll 2011-07-01 18:45:01 529408 ----a-w- C:\windows\System32\wbemcomn.dll 2011-07-01 18:45:01 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll 2011-07-01 18:45:01 1225216 ----a-w- C:\windows\System32\wbem\wbemcore.dll 2011-07-01 18:44:53 933376 ----a-w- C:\windows\System32\SmiEngine.dll 2011-07-01 18:44:51 199168 ----a-w- C:\windows\System32\PkgMgr.exe 2011-07-01 18:44:35 422912 ----a-w- C:\windows\System32\drvstore.dll 2011-07-01 18:44:35 399872 ----a-w- C:\windows\System32\dpx.dll 2011-06-28 19:45:02 64512 ----a-w- C:\windows\SysWow64\devobj.dll 2011-06-28 19:45:02 44544 ----a-w- C:\windows\SysWow64\devrtl.dll 2011-06-28 19:45:02 404480 ----a-w- C:\windows\System32\umpnpmgr.dll 2011-06-28 19:45:02 252928 ----a-w- C:\windows\SysWow64\drvinst.exe 2011-06-28 19:45:02 207872 ----a-w- C:\windows\System32\cfgmgr32.dll 2011-06-28 19:45:02 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll 2011-06-16 15:32:37 -------- d-----w- C:\Users\Kats\AppData\Local\{6AB1BB70-54A1-4CCE-AED5-FB9F7BFC74E6} 2011-06-15 06:40:01 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys 2011-06-15 06:40:00 499200 ----a-w- C:\windows\System32\drivers\afd.sys 2011-06-15 06:40:00 288640 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2011-06-15 06:38:49 976896 ----a-w- C:\windows\System32\inetcomm.dll 2011-06-15 06:38:49 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll 2011-06-12 22:15:29 -------- d-----w- C:\Program Files\iTunes 2011-06-12 22:15:29 -------- d-----w- C:\Program Files\iPod 2011-06-12 22:15:29 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2011-07-08 05:28:06 5326 ----a-w- C:\windows\System32\PerfStringBackup.TMP 2011-07-07 22:38:22 59 ----a-w- C:\windows\wpd99.drv 2011-07-06 06:52:03 152576 ----a-w- C:\windows\SysWow64\msclmd.dll 2011-07-06 06:52:02 175616 ----a-w- C:\windows\System32\msclmd.dll 2011-05-29 16:11:30 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 25912 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-05-28 03:06:58 3135488 ----a-w- C:\windows\System32\win32k.sys 2011-05-04 05:25:03 2315776 ----a-w- C:\windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe 2011-05-02 20:07:56 47616 ----a-w- C:\windows\SysWow64\pdf995mon64.dll 2011-04-29 03:06:10 467456 ----a-w- C:\windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\windows\System32\drivers\srvnet.sys 2011-04-27 02:40:40 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys 2011-04-23 01:29:25 2303488 ----a-w- C:\windows\System32\jscript9.dll 2011-04-23 01:19:19 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-04-22 23:35:56 1797632 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-04-22 23:25:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-04-22 22:15:29 27520 ----a-w- C:\windows\System32\drivers\Diskdump.sys 2011-04-14 12:07:59 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2011-04-13 19:48:10 200704 --sha-r- C:\windows\SysWow64\ifsutilxs.dll . ============= FINISH: 12:09:47.51 ===============
- July 8, 2011
- 10 replies

Sign In

jkpbba

Posts

Joined

Last visited

Reputation

IP address from hell!

IP address from hell!

IP address from hell!

IP address from hell!

jkpbba

gerardwil

IP address from hell!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information