Jump to content

AVG hijacked. All .exe functions stopped


cwolf

Recommended Posts

I'm not sure how but it appears after using AVG for 11 years I finally got popped.

AVG prompted to remove a suspected malicious file out of temps. It was a .css file so I thought I should. Looked in the virus vault and it was there. No worries. Then a few minutes later went to open up a game of chess titans and it would not open. Did a restart. AVG would not boot. Firefox won't run. ie won't run. Can't install anything. Can't run Malwarebytes.

I have the dds and attach files. I will post the dds here. I can not compress the Attach file so I will wait to post it until someone requests it.

Any consideration on my behalf is greatly appreciated.

C.Wolf

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.17037

Run by Christian Wolf at 5:58:38 on 2011-12-10

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.120 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [<NO NAME>]

uRun: [Google Update] "c:\users\christian wolf\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2F093421-A941-4671-9CAD-81E2DE6E749B} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{D479584E-BE00-4F4D-901B-BE834B715A45} : DhcpNameServer = 192.168.1.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

mASetup: ccc-core-static - msiexec /fums {4DE0B33E-019A-CDBA-C2D1-C66F8598EF15} /qb

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\christian wolf\appdata\roaming\mozilla\firefox\profiles\9nt02axc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll

FF - plugin: c:\users\christian wolf\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-28 64288]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2009-1-13 503768]

.

=============== File Associations ===============

.

.exe=ah

.

=============== Created Last 30 ================

.

2011-12-05 11:43:33 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

.

==================== Find3M ====================

.

2011-11-18 11:26:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 6:00:37.53 ===============

Link to post
Share on other sites

I'm taking my lap top to a friend who is MSC and see what we can come up with.

I've learned a lot here on the site. However, I am hesitant to make a move without an extra word of advice.

Will be checking back in later today (Sunday).

Wish me luck!

Link to post
Share on other sites

BANG! It worked and REALLY quickly too. Wow. I'm shocked at how easy that was.

A couple of quick questions.

How might that have happened? (In other words did I do that or did someone pop me)

Could you recommend some other tweak programs to clean things up or a good place to look.

(ALTHOUGH, I have learned a lot here and plan on learning a lot more!)

Thank you SO much.

Link to post
Share on other sites

Glad to hear that. :) Now lets see what else is hiding there.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

TDSSKiller did not find anything wrong. However I will post the log for a look see.

I did run mbam (now that I can)and it found 2 roots of the AV virus which I removed and will post that log separately.

10:43:11.0204 0380 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

10:43:11.0626 0380 ============================================================

10:43:11.0626 0380 Current date / time: 2011/12/12 10:43:11.0626

10:43:11.0626 0380 SystemInfo:

10:43:11.0626 0380

10:43:11.0626 0380 OS Version: 6.0.6000 ServicePack: 0.0

10:43:11.0626 0380 Product type: Workstation

10:43:11.0626 0380 ComputerName: WORK-TOP

10:43:11.0626 0380 UserName: Christian Wolf

10:43:11.0626 0380 Windows directory: C:\Windows

10:43:11.0626 0380 System windows directory: C:\Windows

10:43:11.0626 0380 Processor architecture: Intel x86

10:43:11.0626 0380 Number of processors: 2

10:43:11.0626 0380 Page size: 0x1000

10:43:11.0626 0380 Boot type: Normal boot

10:43:11.0626 0380 ============================================================

10:43:13.0813 0380 Initialize success

10:43:21.0407 2884 ============================================================

10:43:21.0407 2884 Scan started

10:43:21.0407 2884 Mode: Manual;

10:43:21.0407 2884 ============================================================

10:43:23.0860 2884 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys

10:43:23.0876 2884 ac97intc - ok

10:43:23.0938 2884 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

10:43:23.0954 2884 ACPI - ok

10:43:24.0032 2884 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

10:43:24.0048 2884 adp94xx - ok

10:43:24.0220 2884 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

10:43:24.0220 2884 adpahci - ok

10:43:24.0251 2884 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

10:43:24.0266 2884 adpu160m - ok

10:43:24.0298 2884 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

10:43:24.0298 2884 adpu320 - ok

10:43:24.0391 2884 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

10:43:24.0407 2884 AFD - ok

10:43:24.0641 2884 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

10:43:24.0673 2884 AgereSoftModem - ok

10:43:24.0829 2884 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

10:43:24.0829 2884 agp440 - ok

10:43:24.0876 2884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

10:43:24.0891 2884 aic78xx - ok

10:43:24.0923 2884 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

10:43:24.0923 2884 aliide - ok

10:43:24.0954 2884 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

10:43:24.0970 2884 amdagp - ok

10:43:25.0001 2884 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

10:43:25.0001 2884 amdide - ok

10:43:25.0048 2884 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

10:43:25.0063 2884 AmdK7 - ok

10:43:25.0095 2884 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

10:43:25.0110 2884 AmdK8 - ok

10:43:25.0345 2884 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

10:43:25.0360 2884 arc - ok

10:43:25.0423 2884 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

10:43:25.0423 2884 arcsas - ok

10:43:25.0454 2884 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

10:43:25.0454 2884 AsyncMac - ok

10:43:25.0501 2884 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

10:43:25.0501 2884 atapi - ok

10:43:25.0735 2884 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

10:43:25.0751 2884 AVGIDSDriver - ok

10:43:25.0798 2884 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

10:43:25.0798 2884 AVGIDSEH - ok

10:43:25.0829 2884 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

10:43:25.0829 2884 AVGIDSFilter - ok

10:43:25.0907 2884 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

10:43:25.0923 2884 AVGIDSShim - ok

10:43:26.0048 2884 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys

10:43:26.0063 2884 Avgldx86 - ok

10:43:26.0173 2884 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

10:43:26.0173 2884 Avgmfx86 - ok

10:43:26.0266 2884 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys

10:43:26.0266 2884 Avgrkx86 - ok

10:43:26.0298 2884 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

10:43:26.0313 2884 Avgtdix - ok

10:43:26.0501 2884 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

10:43:26.0501 2884 bcm4sbxp - ok

10:43:26.0563 2884 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

10:43:26.0579 2884 Beep - ok

10:43:26.0626 2884 blbdrive - ok

10:43:26.0673 2884 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

10:43:26.0673 2884 bowser - ok

10:43:26.0720 2884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

10:43:26.0720 2884 BrFiltLo - ok

10:43:26.0798 2884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

10:43:26.0798 2884 BrFiltUp - ok

10:43:26.0891 2884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

10:43:26.0907 2884 Brserid - ok

10:43:26.0954 2884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

10:43:26.0954 2884 BrSerWdm - ok

10:43:27.0001 2884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

10:43:27.0001 2884 BrUsbMdm - ok

10:43:27.0016 2884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

10:43:27.0032 2884 BrUsbSer - ok

10:43:27.0079 2884 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

10:43:27.0095 2884 BTHMODEM - ok

10:43:27.0157 2884 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

10:43:27.0173 2884 cdfs - ok

10:43:27.0251 2884 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

10:43:27.0266 2884 cdrom - ok

10:43:27.0329 2884 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

10:43:27.0329 2884 circlass - ok

10:43:27.0391 2884 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

10:43:27.0407 2884 CLFS - ok

10:43:27.0516 2884 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

10:43:27.0516 2884 CmBatt - ok

10:43:27.0595 2884 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

10:43:27.0610 2884 cmdide - ok

10:43:27.0641 2884 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

10:43:27.0657 2884 Compbatt - ok

10:43:27.0688 2884 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

10:43:27.0688 2884 crcdisk - ok

10:43:27.0735 2884 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

10:43:27.0735 2884 Crusoe - ok

10:43:27.0829 2884 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

10:43:27.0829 2884 DfsC - ok

10:43:28.0048 2884 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

10:43:28.0048 2884 disk - ok

10:43:28.0126 2884 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

10:43:28.0126 2884 drmkaud - ok

10:43:28.0204 2884 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

10:43:28.0235 2884 DXGKrnl - ok

10:43:28.0391 2884 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

10:43:28.0391 2884 E1G60 - ok

10:43:28.0485 2884 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

10:43:28.0501 2884 Ecache - ok

10:43:28.0563 2884 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

10:43:28.0579 2884 elxstor - ok

10:43:28.0673 2884 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

10:43:28.0673 2884 fastfat - ok

10:43:28.0829 2884 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

10:43:28.0829 2884 fdc - ok

10:43:28.0876 2884 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

10:43:28.0876 2884 FileInfo - ok

10:43:28.0923 2884 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

10:43:28.0923 2884 Filetrace - ok

10:43:28.0954 2884 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

10:43:28.0954 2884 flpydisk - ok

10:43:29.0001 2884 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

10:43:29.0016 2884 FltMgr - ok

10:43:29.0063 2884 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

10:43:29.0063 2884 Fs_Rec - ok

10:43:29.0095 2884 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

10:43:29.0110 2884 gagp30kx - ok

10:43:29.0266 2884 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys

10:43:29.0266 2884 GEARAspiWDM - ok

10:43:29.0345 2884 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

10:43:29.0345 2884 HdAudAddService - ok

10:43:29.0407 2884 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:43:29.0407 2884 HDAudBus - ok

10:43:29.0454 2884 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

10:43:29.0470 2884 HidBth - ok

10:43:29.0579 2884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

10:43:29.0579 2884 HidIr - ok

10:43:29.0641 2884 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

10:43:29.0657 2884 HidUsb - ok

10:43:29.0704 2884 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

10:43:29.0704 2884 HpCISSs - ok

10:43:29.0813 2884 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\Windows\system32\DRIVERS\HPZid412.sys

10:43:29.0829 2884 HPZid412 - ok

10:43:29.0985 2884 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\Windows\system32\DRIVERS\HPZipr12.sys

10:43:29.0985 2884 HPZipr12 - ok

10:43:30.0063 2884 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\Windows\system32\DRIVERS\HPZius12.sys

10:43:30.0063 2884 HPZius12 - ok

10:43:30.0126 2884 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

10:43:30.0157 2884 HTTP - ok

10:43:30.0204 2884 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

10:43:30.0204 2884 i2omp - ok

10:43:30.0376 2884 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

10:43:30.0376 2884 i8042prt - ok

10:43:30.0532 2884 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys

10:43:30.0579 2884 ialm - ok

10:43:30.0735 2884 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

10:43:30.0751 2884 iaStorV - ok

10:43:30.0829 2884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

10:43:30.0829 2884 iirsp - ok

10:43:30.0907 2884 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

10:43:30.0923 2884 intelide - ok

10:43:30.0985 2884 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

10:43:30.0985 2884 intelppm - ok

10:43:31.0095 2884 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:43:31.0095 2884 IpFilterDriver - ok

10:43:31.0141 2884 IpInIp - ok

10:43:31.0173 2884 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

10:43:31.0188 2884 IPMIDRV - ok

10:43:31.0235 2884 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

10:43:31.0235 2884 IPNAT - ok

10:43:31.0298 2884 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

10:43:31.0298 2884 IRENUM - ok

10:43:31.0360 2884 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

10:43:31.0360 2884 isapnp - ok

10:43:31.0454 2884 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

10:43:31.0454 2884 iScsiPrt - ok

10:43:31.0548 2884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

10:43:31.0548 2884 iteatapi - ok

10:43:31.0610 2884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

10:43:31.0610 2884 iteraid - ok

10:43:31.0657 2884 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

10:43:31.0657 2884 kbdclass - ok

10:43:31.0688 2884 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

10:43:31.0704 2884 kbdhid - ok

10:43:31.0813 2884 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

10:43:31.0829 2884 KSecDD - ok

10:43:31.0938 2884 Lavasoft Kernexplorer - ok

10:43:32.0048 2884 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys

10:43:32.0048 2884 Lbd - ok

10:43:32.0126 2884 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

10:43:32.0141 2884 lltdio - ok

10:43:32.0220 2884 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

10:43:32.0220 2884 LSI_FC - ok

10:43:32.0251 2884 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

10:43:32.0251 2884 LSI_SAS - ok

10:43:32.0298 2884 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

10:43:32.0313 2884 LSI_SCSI - ok

10:43:32.0345 2884 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

10:43:32.0345 2884 luafv - ok

10:43:32.0516 2884 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

10:43:32.0532 2884 megasas - ok

10:43:32.0610 2884 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

10:43:32.0610 2884 Modem - ok

10:43:32.0673 2884 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

10:43:32.0673 2884 monitor - ok

10:43:32.0751 2884 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys

10:43:32.0782 2884 motccgp - ok

10:43:32.0876 2884 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys

10:43:32.0876 2884 motccgpfl - ok

10:43:32.0985 2884 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys

10:43:33.0016 2884 motmodem - ok

10:43:33.0063 2884 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys

10:43:33.0063 2884 motport - ok

10:43:33.0141 2884 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

10:43:33.0173 2884 mouclass - ok

10:43:33.0298 2884 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

10:43:33.0313 2884 mouhid - ok

10:43:33.0376 2884 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

10:43:33.0391 2884 MountMgr - ok

10:43:33.0470 2884 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

10:43:33.0485 2884 mpio - ok

10:43:33.0673 2884 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

10:43:33.0688 2884 mpsdrv - ok

10:43:33.0782 2884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

10:43:33.0798 2884 Mraid35x - ok

10:43:33.0954 2884 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

10:43:33.0985 2884 MREMP50 - ok

10:43:34.0001 2884 MREMP50a64 - ok

10:43:34.0048 2884 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

10:43:34.0063 2884 MRESP50 - ok

10:43:34.0063 2884 MRESP50a64 - ok

10:43:34.0345 2884 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

10:43:34.0360 2884 MRxDAV - ok

10:43:34.0438 2884 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:43:34.0454 2884 mrxsmb - ok

10:43:34.0688 2884 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:43:34.0704 2884 mrxsmb10 - ok

10:43:34.0751 2884 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:43:34.0782 2884 mrxsmb20 - ok

10:43:34.0954 2884 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

10:43:34.0970 2884 msahci - ok

10:43:35.0016 2884 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

10:43:35.0016 2884 msdsm - ok

10:43:35.0063 2884 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

10:43:35.0079 2884 Msfs - ok

10:43:35.0188 2884 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

10:43:35.0220 2884 msisadrv - ok

10:43:35.0470 2884 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

10:43:35.0470 2884 MSKSSRV - ok

10:43:35.0532 2884 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

10:43:35.0548 2884 MSPCLOCK - ok

10:43:35.0751 2884 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

10:43:35.0782 2884 MSPQM - ok

10:43:35.0845 2884 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

10:43:35.0860 2884 MsRPC - ok

10:43:36.0016 2884 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

10:43:36.0032 2884 mssmbios - ok

10:43:36.0173 2884 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

10:43:36.0204 2884 MSTEE - ok

10:43:36.0329 2884 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

10:43:36.0345 2884 Mup - ok

10:43:36.0485 2884 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

10:43:36.0501 2884 NativeWifiP - ok

10:43:36.0688 2884 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

10:43:36.0704 2884 NDIS - ok

10:43:36.0860 2884 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

10:43:36.0860 2884 NdisTapi - ok

10:43:37.0063 2884 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

10:43:37.0079 2884 Ndisuio - ok

10:43:37.0204 2884 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

10:43:37.0235 2884 NdisWan - ok

10:43:37.0376 2884 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

10:43:37.0376 2884 NDProxy - ok

10:43:37.0579 2884 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

10:43:37.0595 2884 NetBIOS - ok

10:43:37.0673 2884 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

10:43:37.0688 2884 netbt - ok

10:43:38.0595 2884 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys

10:43:38.0782 2884 NETw2v32 - ok

10:43:38.0938 2884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

10:43:38.0954 2884 nfrd960 - ok

10:43:39.0001 2884 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

10:43:39.0001 2884 Npfs - ok

10:43:39.0032 2884 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

10:43:39.0048 2884 nsiproxy - ok

10:43:39.0157 2884 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

10:43:39.0204 2884 Ntfs - ok

10:43:39.0345 2884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

10:43:39.0345 2884 ntrigdigi - ok

10:43:39.0376 2884 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

10:43:39.0391 2884 Null - ok

10:43:39.0438 2884 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

10:43:39.0438 2884 nvraid - ok

10:43:39.0485 2884 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

10:43:39.0485 2884 nvstor - ok

10:43:39.0532 2884 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

10:43:39.0532 2884 nv_agp - ok

10:43:39.0563 2884 NwlnkFlt - ok

10:43:39.0579 2884 NwlnkFwd - ok

10:43:39.0657 2884 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

10:43:39.0657 2884 ohci1394 - ok

10:43:39.0860 2884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

10:43:39.0860 2884 Parport - ok

10:43:39.0891 2884 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

10:43:39.0907 2884 partmgr - ok

10:43:39.0923 2884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

10:43:39.0938 2884 Parvdm - ok

10:43:39.0970 2884 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

10:43:39.0985 2884 pci - ok

10:43:40.0048 2884 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys

10:43:40.0048 2884 pciide - ok

10:43:40.0079 2884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

10:43:40.0095 2884 pcmcia - ok

10:43:40.0313 2884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

10:43:40.0345 2884 PEAUTH - ok

10:43:40.0548 2884 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

10:43:40.0548 2884 PptpMiniport - ok

10:43:40.0579 2884 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

10:43:40.0595 2884 Processor - ok

10:43:40.0673 2884 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

10:43:40.0673 2884 PSched - ok

10:43:40.0782 2884 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

10:43:40.0813 2884 ql2300 - ok

10:43:41.0001 2884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

10:43:41.0001 2884 ql40xx - ok

10:43:41.0048 2884 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

10:43:41.0048 2884 QWAVEdrv - ok

10:43:41.0220 2884 R300 (15b131177ec8a6dd6cbec2c124712ee4) C:\Windows\system32\DRIVERS\atikmdag.sys

10:43:41.0298 2884 R300 - ok

10:43:41.0438 2884 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

10:43:41.0438 2884 RasAcd - ok

10:43:41.0485 2884 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:43:41.0485 2884 Rasl2tp - ok

10:43:41.0532 2884 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

10:43:41.0532 2884 RasPppoe - ok

10:43:41.0579 2884 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

10:43:41.0579 2884 rdbss - ok

10:43:41.0610 2884 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:43:41.0610 2884 RDPCDD - ok

10:43:41.0673 2884 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

10:43:41.0688 2884 rdpdr - ok

10:43:41.0845 2884 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

10:43:41.0845 2884 RDPENCDD - ok

10:43:41.0891 2884 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

10:43:41.0907 2884 RDPWD - ok

10:43:41.0970 2884 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

10:43:41.0970 2884 rspndr - ok

10:43:42.0110 2884 RTL85n86 (ef4e51bf08b4d772c1caafcf48628679) C:\Windows\system32\DRIVERS\RTL85n86.sys

10:43:42.0157 2884 RTL85n86 - ok

10:43:42.0313 2884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

10:43:42.0329 2884 sbp2port - ok

10:43:42.0391 2884 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys

10:43:42.0391 2884 sdbus - ok

10:43:42.0438 2884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:43:42.0438 2884 secdrv - ok

10:43:42.0501 2884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

10:43:42.0501 2884 Serenum - ok

10:43:42.0548 2884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

10:43:42.0548 2884 Serial - ok

10:43:42.0595 2884 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

10:43:42.0610 2884 sermouse - ok

10:43:42.0782 2884 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

10:43:42.0798 2884 sffdisk - ok

10:43:42.0829 2884 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

10:43:42.0829 2884 sffp_mmc - ok

10:43:42.0860 2884 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

10:43:42.0876 2884 sffp_sd - ok

10:43:42.0907 2884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

10:43:42.0907 2884 sfloppy - ok

10:43:42.0954 2884 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

10:43:42.0970 2884 sisagp - ok

10:43:43.0016 2884 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

10:43:43.0016 2884 SiSRaid2 - ok

10:43:43.0063 2884 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

10:43:43.0063 2884 SiSRaid4 - ok

10:43:43.0110 2884 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

10:43:43.0126 2884 Smb - ok

10:43:43.0266 2884 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

10:43:43.0282 2884 spldr - ok

10:43:43.0345 2884 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

10:43:43.0360 2884 srv - ok

10:43:43.0407 2884 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

10:43:43.0407 2884 srv2 - ok

10:43:43.0454 2884 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

10:43:43.0454 2884 srvnet - ok

10:43:43.0579 2884 STHDA (569758fbaba0330d1b7f1e141b8bc2a0) C:\Windows\system32\drivers\stwrt.sys

10:43:43.0595 2884 STHDA - ok

10:43:43.0751 2884 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

10:43:43.0751 2884 swenum - ok

10:43:43.0798 2884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

10:43:43.0798 2884 Symc8xx - ok

10:43:43.0845 2884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

10:43:43.0845 2884 Sym_hi - ok

10:43:43.0891 2884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

10:43:43.0891 2884 Sym_u3 - ok

10:43:43.0954 2884 SynTP (1f452f22df0c00dd2529867e1ea0dc25) C:\Windows\system32\DRIVERS\SynTP.sys

10:43:43.0970 2884 SynTP - ok

10:43:44.0079 2884 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

10:43:44.0110 2884 Tcpip - ok

10:43:44.0298 2884 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

10:43:44.0313 2884 Tcpip6 - ok

10:43:44.0360 2884 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

10:43:44.0360 2884 tcpipreg - ok

10:43:44.0485 2884 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

10:43:44.0485 2884 TDPIPE - ok

10:43:44.0516 2884 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

10:43:44.0532 2884 TDTCP - ok

10:43:44.0563 2884 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

10:43:44.0563 2884 tdx - ok

10:43:44.0595 2884 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

10:43:44.0595 2884 TermDD - ok

10:43:44.0688 2884 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:43:44.0688 2884 tssecsrv - ok

10:43:44.0751 2884 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

10:43:44.0751 2884 tunmp - ok

10:43:44.0782 2884 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

10:43:44.0798 2884 tunnel - ok

10:43:44.0938 2884 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

10:43:44.0954 2884 uagp35 - ok

10:43:44.0985 2884 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

10:43:45.0001 2884 udfs - ok

10:43:45.0063 2884 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

10:43:45.0079 2884 uliagpkx - ok

10:43:45.0126 2884 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

10:43:45.0141 2884 uliahci - ok

10:43:45.0188 2884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

10:43:45.0188 2884 UlSata - ok

10:43:45.0235 2884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

10:43:45.0235 2884 ulsata2 - ok

10:43:45.0391 2884 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

10:43:45.0391 2884 umbus - ok

10:43:45.0470 2884 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

10:43:45.0470 2884 usbccgp - ok

10:43:45.0516 2884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

10:43:45.0516 2884 usbcir - ok

10:43:45.0579 2884 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

10:43:45.0595 2884 usbehci - ok

10:43:45.0641 2884 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

10:43:45.0657 2884 usbhub - ok

10:43:45.0798 2884 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys

10:43:45.0798 2884 usbohci - ok

10:43:45.0845 2884 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

10:43:45.0845 2884 usbprint - ok

10:43:45.0891 2884 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

10:43:45.0907 2884 usbscan - ok

10:43:45.0954 2884 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:43:45.0954 2884 USBSTOR - ok

10:43:46.0001 2884 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

10:43:46.0001 2884 usbuhci - ok

10:43:46.0188 2884 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

10:43:46.0188 2884 vga - ok

10:43:46.0220 2884 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

10:43:46.0235 2884 VgaSave - ok

10:43:46.0266 2884 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

10:43:46.0266 2884 viaagp - ok

10:43:46.0313 2884 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

10:43:46.0329 2884 ViaC7 - ok

10:43:46.0360 2884 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

10:43:46.0360 2884 viaide - ok

10:43:46.0391 2884 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

10:43:46.0407 2884 volmgr - ok

10:43:46.0454 2884 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

10:43:46.0454 2884 volmgrx - ok

10:43:46.0610 2884 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

10:43:46.0626 2884 volsnap - ok

10:43:46.0688 2884 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

10:43:46.0688 2884 vsmraid - ok

10:43:46.0751 2884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

10:43:46.0766 2884 WacomPen - ok

10:43:46.0813 2884 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

10:43:46.0829 2884 Wanarp - ok

10:43:46.0845 2884 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

10:43:46.0845 2884 Wanarpv6 - ok

10:43:47.0016 2884 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

10:43:47.0032 2884 Wd - ok

10:43:47.0095 2884 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

10:43:47.0126 2884 Wdf01000 - ok

10:43:47.0391 2884 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

10:43:47.0407 2884 WmiAcpi - ok

10:43:47.0485 2884 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

10:43:47.0501 2884 WpdUsb - ok

10:43:47.0532 2884 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

10:43:47.0532 2884 ws2ifsl - ok

10:43:47.0595 2884 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:43:47.0595 2884 WUDFRd - ok

10:43:47.0704 2884 XIRLINK (6fa5533d5b1b5b1102929ec321e1bdda) C:\Windows\system32\DRIVERS\C-itnt.sys

10:43:47.0720 2884 XIRLINK - ok

10:43:47.0876 2884 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys

10:43:47.0891 2884 yukonwlh - ok

10:43:47.0954 2884 MBR (0x1B8) (d0a37b66a9b60f135b25640cb1aa1477) \Device\Harddisk0\DR0

10:43:47.0970 2884 \Device\Harddisk0\DR0 - ok

10:43:47.0985 2884 Boot (0x1200) (ad340e3a443c2639b92b735a9b79a57a) \Device\Harddisk0\DR0\Partition0

10:43:47.0985 2884 \Device\Harddisk0\DR0\Partition0 - ok

10:43:48.0001 2884 Boot (0x1200) (8d6cf587a7388d4f4ceffa2cfc213b15) \Device\Harddisk0\DR0\Partition1

10:43:48.0001 2884 \Device\Harddisk0\DR0\Partition1 - ok

10:43:48.0001 2884 ============================================================

10:43:48.0001 2884 Scan finished

10:43:48.0001 2884 ============================================================

10:43:48.0032 1112 Detected object count: 0

10:43:48.0048 1112 Actual detected object count: 0

10:44:10.0907 3304 Deinitialize success

Link to post
Share on other sites

Hi, besides posting the MBAM log, please run also the following.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

mbam-log...

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8357

Windows 6.0.6000

Internet Explorer 7.0.6000.17037

12/12/2011 1:18:09 PM

mbam-log-2011-12-12 (13-18-09).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 266908

Time elapsed: 1 hour(s), 14 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Here's the Combofix log. While it was running it said it deleted some files. I am still looking at the report and trying to decipher what it did.

Wow, you (and all the information here) have been such a big help. :-D

ComboFix 11-12-12.03 - Christian Wolf 12/12/2011 15:27:17.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.352 [GMT -5:00]

Running from: c:\users\Christian Wolf\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\vlc-1.1.4-win32.exe

c:\programdata\vlc-1.1.5-win32.exe

c:\programdata\Windows

c:\users\Christian Wolf\AppData\Roaming\Microsoft\Windows\Templates\y1ht4fe4e3s6qsblvl60voo1ke7e2lr7wd640

c:\users\Christian Wolf\Documents\~WRL0351.tmp

c:\users\Christian Wolf\Documents\~WRL0702.tmp

D:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))

.

.

2011-12-12 20:36 . 2011-12-12 20:40 -------- d-----w- c:\users\Christian Wolf\AppData\Local\temp

2011-12-12 20:36 . 2011-12-12 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-05 11:43 . 2011-12-05 11:43 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-18 11:26 . 2011-06-03 13:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-09 21:02 . 2011-04-20 15:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

.

c:\users\Christian Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-06-28 13:14 270648 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-04-27 13:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100950283-1507416480-3796808343-1000]

"EnableNotificationsRef"=dword:00000002

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2100950283-1507416480-3796808343-500]

"EnableNotificationsRef"=dword:00000002

.

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]

R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]

R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-10-31 503768]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]

S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1170464]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 27583703

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - 27583703

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100950283-1507416480-3796808343-1000Core.job

- c:\users\Christian Wolf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 18:00]

.

2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100950283-1507416480-3796808343-1000UA.job

- c:\users\Christian Wolf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 18:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Christian Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9nt02axc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_ActiveSetup-ccc-core-static - msiexec

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-12 15:40

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-12-12 15:43:50

ComboFix-quarantined-files.txt 2011-12-12 20:43

.

Pre-Run: 38,469,054,464 bytes free

Post-Run: 40,383,066,112 bytes free

.

- - End Of File - - 969D9681843CBCE199B4D86E53FBFB66

Link to post
Share on other sites

Thank you again!!!!! :D

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.17037

Run by Christian Wolf at 16:37:35 on 2011-12-12

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.423 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3705

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\google\BAE.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2F093421-A941-4671-9CAD-81E2DE6E749B} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{D479584E-BE00-4F4D-901B-BE834B715A45} : DhcpNameServer = 192.168.1.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\christian wolf\appdata\roaming\mozilla\firefox\profiles\9nt02axc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll

FF - plugin: c:\users\christian wolf\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-28 64288]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2009-1-13 503768]

.

=============== Created Last 30 ================

.

2011-12-12 20:44:01 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-12 20:43:53 -------- d-----w- c:\users\christian wolf\appdata\local\temp

2011-12-12 20:24:56 256000 ----a-w- c:\windows\PEV.exe

2011-12-12 20:24:56 208896 ----a-w- c:\windows\MBR.exe

2011-12-12 20:24:55 98816 ----a-w- c:\windows\sed.exe

2011-12-12 20:24:55 518144 ----a-w- c:\windows\SWREG.exe

2011-12-05 11:43:33 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

.

==================== Find3M ====================

.

2011-11-18 11:26:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 16:38:57.85 ===============

Link to post
Share on other sites

This is DDS.txt, I need to see attach.txt (will be minimized). :)

Just going to look at another anti-virus besides AVG.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.