Jump to content

hijack.startmenu removal help


meez128

Recommended Posts

Hi... this morning I woke up to a slew of error messages on my desktop. It appears that all my files are hidden and all program icons are gone from the desktop (other than Recycle), but programs are still accessible from the start menu. I was able to restart in safe mode and ran Malwarebytes and found 2 files titled Hijack.StartMenu. I tried to remove, but that appears to have been unsuccessful. I came across this:

http://forums.malwarebytes.org/index.php?showtopic=101134

but I couldn't exactly tell what to do since there was some Combofix in the story.

I've attached the logs from MBAM and OTL. I'm pretty clueless on how to proceed. Anything you could suggest would be helpful!

Thanks!

mbam-log-2011-12-10 (13-37-48).txt

OTL.Txt

Link to post
Share on other sites

Welcome to the forum.

Download and run unhide.exe, that should restore some of the hidden features on your computer:

http://download.bleepingcomputer.com/grinler/unhide.exe

-----------------------

Then........

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (getPlus(R) Helper) getPlus(R)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2047685441-3617723361-1140268788-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2047685441-3617723361-1140268788-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [NYDKOFWtGkff.exe] C:\ProgramData\NYDKOFWtGkff.exe ()
    O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
    [2011/12/10 07:59:08 | 000,465,920 | -H-- | M] () -- C:\ProgramData\NYDKOFWtGkff.exe


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Great! I restarted since I was still in safe mode... no error messages yet! See below.

========== OTL ==========

Error: No service named getPlus® Helper) getPlus(R was found to stop!

Service\Driver key getPlus® Helper) getPlus(R not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

HKU\S-1-5-21-2047685441-3617723361-1140268788-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_USERS\S-1-5-21-2047685441-3617723361-1140268788-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NYDKOFWtGkff.exe deleted successfully.

C:\ProgramData\NYDKOFWtGkff.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:AVGRSSTX.DLL deleted successfully.

File C:\ProgramData\NYDKOFWtGkff.exe not found.

OTL by OldTimer - Version 3.2.31.0 log created on 12112011_133953

Link to post
Share on other sites

OK. See below.

15:02:20.0197 4308 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

15:02:20.0520 4308 ============================================================

15:02:20.0520 4308 Current date / time: 2011/12/11 15:02:20.0520

15:02:20.0520 4308 SystemInfo:

15:02:20.0520 4308

15:02:20.0521 4308 OS Version: 6.0.6002 ServicePack: 2.0

15:02:20.0521 4308 Product type: Workstation

15:02:20.0521 4308 ComputerName: MIESNERDELL

15:02:20.0521 4308 UserName: Andy

15:02:20.0521 4308 Windows directory: C:\Windows

15:02:20.0521 4308 System windows directory: C:\Windows

15:02:20.0521 4308 Processor architecture: Intel x86

15:02:20.0521 4308 Number of processors: 2

15:02:20.0521 4308 Page size: 0x1000

15:02:20.0521 4308 Boot type: Normal boot

15:02:20.0521 4308 ============================================================

15:02:22.0485 4308 Initialize success

15:06:17.0283 4748 ============================================================

15:06:17.0283 4748 Scan started

15:06:17.0283 4748 Mode: Manual; SigCheck; TDLFS;

15:06:17.0283 4748 ============================================================

15:06:22.0934 4748 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

15:06:23.0073 4748 ACPI - ok

15:06:23.0250 4748 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

15:06:23.0467 4748 adp94xx - ok

15:06:23.0803 4748 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

15:06:24.0074 4748 adpahci - ok

15:06:24.0294 4748 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

15:06:24.0320 4748 adpu160m - ok

15:06:24.0773 4748 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

15:06:24.0844 4748 adpu320 - ok

15:06:25.0389 4748 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

15:06:25.0935 4748 AFD - ok

15:06:26.0440 4748 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

15:06:26.0468 4748 agp440 - ok

15:06:26.0576 4748 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

15:06:26.0613 4748 aic78xx - ok

15:06:26.0688 4748 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

15:06:26.0712 4748 aliide - ok

15:06:27.0017 4748 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

15:06:27.0030 4748 amdagp - ok

15:06:27.0077 4748 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

15:06:27.0088 4748 amdide - ok

15:06:27.0166 4748 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

15:06:28.0304 4748 AmdK7 - ok

15:06:28.0921 4748 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

15:06:29.0054 4748 AmdK8 - ok

15:06:29.0347 4748 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys

15:06:29.0463 4748 ApfiltrService - ok

15:06:29.0799 4748 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

15:06:29.0812 4748 arc - ok

15:06:30.0015 4748 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

15:06:30.0029 4748 arcsas - ok

15:06:30.0309 4748 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

15:06:30.0445 4748 AsyncMac - ok

15:06:30.0684 4748 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

15:06:30.0711 4748 atapi - ok

15:06:31.0323 4748 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys

15:06:31.0399 4748 BCM42RLY - ok

15:06:32.0044 4748 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys

15:06:32.0271 4748 BCM43XX - ok

15:06:32.0575 4748 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

15:06:32.0743 4748 Beep - ok

15:06:33.0030 4748 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

15:06:33.0108 4748 blbdrive - ok

15:06:33.0422 4748 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

15:06:33.0648 4748 bowser - ok

15:06:33.0758 4748 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

15:06:34.0342 4748 BrFiltLo - ok

15:06:34.0427 4748 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

15:06:34.0553 4748 BrFiltUp - ok

15:06:34.0719 4748 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

15:06:36.0239 4748 Brserid - ok

15:06:36.0704 4748 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

15:06:36.0843 4748 BrSerWdm - ok

15:06:37.0113 4748 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

15:06:37.0259 4748 BrUsbMdm - ok

15:06:37.0586 4748 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

15:06:37.0781 4748 BrUsbSer - ok

15:06:38.0386 4748 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

15:06:38.0523 4748 BthEnum - ok

15:06:38.0845 4748 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

15:06:39.0030 4748 BTHMODEM - ok

15:06:39.0205 4748 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

15:06:39.0372 4748 BthPan - ok

15:06:39.0788 4748 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

15:06:40.0064 4748 BthPort - ok

15:06:40.0307 4748 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

15:06:40.0380 4748 BTHUSB - ok

15:06:40.0599 4748 btwaudio (58c4b59d0ebfb637e2e296cf4a686ba0) C:\Windows\system32\drivers\btwaudio.sys

15:06:40.0610 4748 btwaudio - ok

15:06:40.0740 4748 btwavdt (e8cc9436cc464d6975adbc4aece0ba7b) C:\Windows\system32\drivers\btwavdt.sys

15:06:40.0755 4748 btwavdt - ok

15:06:40.0892 4748 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys

15:06:40.0902 4748 btwl2cap - ok

15:06:40.0955 4748 btwrchid (62ed55843f8216eb25a909a820613033) C:\Windows\system32\DRIVERS\btwrchid.sys

15:06:40.0967 4748 btwrchid - ok

15:06:41.0178 4748 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

15:06:41.0254 4748 cdfs - ok

15:06:41.0483 4748 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

15:06:41.0559 4748 cdrom - ok

15:06:41.0611 4748 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

15:06:41.0700 4748 circlass - ok

15:06:41.0861 4748 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

15:06:41.0967 4748 CLFS - ok

15:06:42.0280 4748 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

15:06:42.0345 4748 CmBatt - ok

15:06:42.0468 4748 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

15:06:42.0484 4748 cmdide - ok

15:06:42.0518 4748 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

15:06:42.0546 4748 Compbatt - ok

15:06:42.0574 4748 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

15:06:42.0587 4748 crcdisk - ok

15:06:42.0725 4748 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

15:06:42.0783 4748 Crusoe - ok

15:06:42.0958 4748 cvusbdrv (6fdbd7618935247d24a84d673d796ad0) C:\Windows\system32\Drivers\cvusbdrv.sys

15:06:43.0035 4748 cvusbdrv - ok

15:06:43.0200 4748 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

15:06:43.0305 4748 DfsC - ok

15:06:43.0703 4748 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

15:06:43.0755 4748 disk - ok

15:06:43.0960 4748 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

15:06:44.0107 4748 Dot4 - ok

15:06:44.0225 4748 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

15:06:44.0334 4748 Dot4Print - ok

15:06:44.0476 4748 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

15:06:44.0551 4748 dot4usb - ok

15:06:44.0844 4748 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

15:06:44.0937 4748 drmkaud - ok

15:06:45.0269 4748 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

15:06:45.0655 4748 DXGKrnl - ok

15:06:45.0908 4748 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

15:06:46.0097 4748 e1express - ok

15:06:46.0253 4748 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

15:06:46.0329 4748 E1G60 - ok

15:06:46.0511 4748 e1yexpress (660d34b47e65f8542dd4a573a0c11a74) C:\Windows\system32\DRIVERS\e1y6032.sys

15:06:46.0619 4748 e1yexpress - ok

15:06:46.0923 4748 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

15:06:46.0944 4748 Ecache - ok

15:06:47.0136 4748 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys

15:06:47.0299 4748 elagopro - ok

15:06:47.0617 4748 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys

15:06:47.0751 4748 elaunidr - ok

15:06:47.0873 4748 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

15:06:47.0949 4748 elxstor - ok

15:06:48.0160 4748 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

15:06:48.0299 4748 ErrDev - ok

15:06:48.0564 4748 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

15:06:48.0699 4748 exfat - ok

15:06:48.0886 4748 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

15:06:48.0938 4748 fastfat - ok

15:06:49.0088 4748 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

15:06:49.0148 4748 fdc - ok

15:06:49.0250 4748 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

15:06:49.0262 4748 FileInfo - ok

15:06:49.0294 4748 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

15:06:49.0377 4748 Filetrace - ok

15:06:49.0428 4748 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

15:06:49.0512 4748 flpydisk - ok

15:06:49.0661 4748 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

15:06:49.0680 4748 FltMgr - ok

15:06:50.0008 4748 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

15:06:50.0033 4748 fssfltr - ok

15:06:50.0112 4748 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

15:06:50.0198 4748 Fs_Rec - ok

15:06:50.0265 4748 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

15:06:50.0275 4748 gagp30kx - ok

15:06:50.0435 4748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:06:50.0457 4748 GEARAspiWDM - ok

15:06:50.0915 4748 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:06:51.0259 4748 HDAudBus - ok

15:06:51.0456 4748 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\drivers\heci.sys

15:06:51.0586 4748 HECI - ok

15:06:51.0685 4748 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

15:06:51.0805 4748 HidBth - ok

15:06:51.0892 4748 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

15:06:52.0009 4748 HidIr - ok

15:06:52.0231 4748 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

15:06:52.0292 4748 HidUsb - ok

15:06:52.0349 4748 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

15:06:52.0365 4748 HpCISSs - ok

15:06:52.0685 4748 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

15:06:52.0932 4748 HTTP - ok

15:06:52.0998 4748 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

15:06:53.0011 4748 i2omp - ok

15:06:53.0203 4748 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

15:06:53.0278 4748 i8042prt - ok

15:06:53.0402 4748 iaStor (692830b048aacd7e0d6ededf098acc01) C:\Windows\system32\drivers\iastor.sys

15:06:53.0412 4748 iaStor - ok

15:06:53.0471 4748 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

15:06:53.0610 4748 iaStorV - ok

15:06:53.0709 4748 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

15:06:53.0727 4748 iirsp - ok

15:06:53.0809 4748 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

15:06:53.0824 4748 intelide - ok

15:06:53.0944 4748 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

15:06:54.0015 4748 intelppm - ok

15:06:54.0090 4748 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:06:54.0195 4748 IpFilterDriver - ok

15:06:54.0215 4748 IpInIp - ok

15:06:54.0330 4748 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

15:06:54.0420 4748 IPMIDRV - ok

15:06:54.0552 4748 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

15:06:54.0611 4748 IPNAT - ok

15:06:54.0876 4748 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

15:06:54.0980 4748 IRENUM - ok

15:06:55.0068 4748 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

15:06:55.0083 4748 isapnp - ok

15:06:55.0286 4748 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

15:06:55.0423 4748 iScsiPrt - ok

15:06:55.0551 4748 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

15:06:55.0567 4748 iteatapi - ok

15:06:55.0753 4748 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

15:06:55.0769 4748 iteraid - ok

15:06:55.0933 4748 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:06:55.0951 4748 kbdclass - ok

15:06:56.0378 4748 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

15:06:56.0426 4748 kbdhid - ok

15:06:56.0723 4748 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

15:06:56.0801 4748 KSecDD - ok

15:06:57.0144 4748 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

15:06:57.0180 4748 lltdio - ok

15:06:57.0432 4748 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

15:06:57.0446 4748 LSI_FC - ok

15:06:57.0513 4748 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

15:06:57.0528 4748 LSI_SAS - ok

15:06:57.0629 4748 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

15:06:57.0644 4748 LSI_SCSI - ok

15:06:57.0696 4748 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

15:06:57.0772 4748 luafv - ok

15:06:57.0890 4748 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

15:06:57.0920 4748 megasas - ok

15:06:58.0144 4748 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

15:06:58.0421 4748 MegaSR - ok

15:06:58.0508 4748 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

15:06:58.0589 4748 Modem - ok

15:06:58.0657 4748 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

15:06:58.0742 4748 monitor - ok

15:06:58.0795 4748 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

15:06:58.0819 4748 mouclass - ok

15:06:58.0916 4748 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

15:06:59.0018 4748 mouhid - ok

15:06:59.0107 4748 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

15:06:59.0119 4748 MountMgr - ok

15:06:59.0228 4748 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

15:06:59.0245 4748 mpio - ok

15:06:59.0330 4748 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

15:06:59.0376 4748 mpsdrv - ok

15:06:59.0524 4748 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

15:06:59.0539 4748 Mraid35x - ok

15:06:59.0684 4748 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

15:06:59.0895 4748 MRxDAV - ok

15:07:00.0196 4748 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:07:00.0468 4748 mrxsmb - ok

15:07:00.0594 4748 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:07:00.0666 4748 mrxsmb10 - ok

15:07:00.0727 4748 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:07:00.0771 4748 mrxsmb20 - ok

15:07:01.0116 4748 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

15:07:01.0161 4748 msahci - ok

15:07:01.0211 4748 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

15:07:01.0267 4748 msdsm - ok

15:07:01.0354 4748 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

15:07:01.0461 4748 Msfs - ok

15:07:01.0527 4748 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

15:07:01.0542 4748 msisadrv - ok

15:07:01.0679 4748 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

15:07:01.0757 4748 MSKSSRV - ok

15:07:01.0851 4748 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

15:07:01.0998 4748 MSPCLOCK - ok

15:07:02.0128 4748 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

15:07:02.0265 4748 MSPQM - ok

15:07:02.0453 4748 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

15:07:02.0465 4748 MsRPC - ok

15:07:02.0582 4748 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

15:07:02.0592 4748 mssmbios - ok

15:07:02.0687 4748 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

15:07:02.0766 4748 MSTEE - ok

15:07:02.0816 4748 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

15:07:02.0828 4748 Mup - ok

15:07:02.0992 4748 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\Windows\system32\Drivers\iqvw32.sys

15:07:03.0004 4748 NAL - ok

15:07:03.0284 4748 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

15:07:03.0542 4748 NativeWifiP - ok

15:07:03.0819 4748 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

15:07:03.0934 4748 NDIS - ok

15:07:04.0062 4748 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

15:07:04.0146 4748 NdisTapi - ok

15:07:04.0287 4748 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

15:07:04.0310 4748 Ndisuio - ok

15:07:04.0486 4748 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:07:04.0556 4748 NdisWan - ok

15:07:04.0713 4748 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

15:07:04.0740 4748 NDProxy - ok

15:07:04.0761 4748 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

15:07:04.0848 4748 NetBIOS - ok

15:07:04.0988 4748 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

15:07:05.0078 4748 netbt - ok

15:07:05.0144 4748 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

15:07:05.0157 4748 nfrd960 - ok

15:07:05.0301 4748 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

15:07:05.0351 4748 Npfs - ok

15:07:05.0417 4748 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

15:07:05.0442 4748 nsiproxy - ok

15:07:06.0008 4748 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

15:07:06.0340 4748 Ntfs - ok

15:07:06.0522 4748 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

15:07:06.0580 4748 ntrigdigi - ok

15:07:06.0674 4748 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

15:07:06.0773 4748 Null - ok

15:07:09.0130 4748 nvlddmkm (f352098854d84183444c0d563a02a958) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:07:11.0648 4748 nvlddmkm - ok

15:07:12.0564 4748 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

15:07:12.0579 4748 nvraid - ok

15:07:14.0654 4748 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

15:07:14.0670 4748 nvstor - ok

15:07:14.0987 4748 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

15:07:15.0030 4748 nv_agp - ok

15:07:15.0258 4748 NwlnkFlt - ok

15:07:15.0401 4748 NwlnkFwd - ok

15:07:15.0652 4748 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys

15:07:15.0718 4748 OA001Ufd - ok

15:07:15.0794 4748 OA001Vid (2c9410571660dfd607c863c66ca56d60) C:\Windows\system32\DRIVERS\OA001Vid.sys

15:07:15.0985 4748 OA001Vid - ok

15:07:16.0266 4748 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

15:07:16.0329 4748 ohci1394 - ok

15:07:16.0618 4748 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

15:07:16.0764 4748 Parport - ok

15:07:16.0992 4748 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

15:07:17.0016 4748 partmgr - ok

15:07:17.0074 4748 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

15:07:17.0161 4748 Parvdm - ok

15:07:17.0369 4748 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys

15:07:17.0425 4748 PBADRV - ok

15:07:17.0605 4748 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

15:07:17.0636 4748 pci - ok

15:07:17.0712 4748 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

15:07:17.0874 4748 pciide - ok

15:07:18.0110 4748 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

15:07:18.0196 4748 pcmcia - ok

15:07:18.0422 4748 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

15:07:18.0843 4748 PEAUTH - ok

15:07:18.0996 4748 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

15:07:19.0252 4748 PptpMiniport - ok

15:07:19.0332 4748 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

15:07:19.0401 4748 Processor - ok

15:07:19.0617 4748 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

15:07:19.0686 4748 PSched - ok

15:07:19.0954 4748 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

15:07:20.0468 4748 ql2300 - ok

15:07:20.0514 4748 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

15:07:20.0527 4748 ql40xx - ok

15:07:20.0576 4748 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

15:07:20.0729 4748 QWAVEdrv - ok

15:07:21.0562 4748 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

15:07:21.0925 4748 R300 - ok

15:07:22.0423 4748 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

15:07:22.0502 4748 RasAcd - ok

15:07:22.0809 4748 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:07:22.0896 4748 Rasl2tp - ok

15:07:23.0321 4748 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

15:07:23.0443 4748 RasPppoe - ok

15:07:23.0667 4748 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

15:07:23.0732 4748 RasSstp - ok

15:07:24.0035 4748 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

15:07:24.0115 4748 rdbss - ok

15:07:24.0336 4748 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:07:24.0362 4748 RDPCDD - ok

15:07:24.0423 4748 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

15:07:24.0447 4748 rdpdr - ok

15:07:24.0468 4748 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

15:07:24.0522 4748 RDPENCDD - ok

15:07:24.0704 4748 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

15:07:24.0780 4748 RDPWD - ok

15:07:24.0960 4748 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

15:07:24.0988 4748 RFCOMM - ok

15:07:25.0218 4748 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

15:07:25.0353 4748 rimmptsk - ok

15:07:25.0425 4748 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\drivers\rimsptsk.sys

15:07:25.0604 4748 rimsptsk - ok

15:07:25.0652 4748 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\drivers\rixdptsk.sys

15:07:25.0692 4748 rismxdp - ok

15:07:25.0856 4748 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

15:07:25.0919 4748 rspndr - ok

15:07:26.0033 4748 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

15:07:26.0047 4748 sbp2port - ok

15:07:26.0279 4748 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

15:07:26.0301 4748 sdbus - ok

15:07:26.0441 4748 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

15:07:26.0534 4748 secdrv - ok

15:07:26.0888 4748 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

15:07:26.0975 4748 Serenum - ok

15:07:27.0143 4748 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

15:07:27.0249 4748 Serial - ok

15:07:27.0545 4748 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

15:07:27.0581 4748 sermouse - ok

15:07:27.0676 4748 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

15:07:27.0757 4748 sffdisk - ok

15:07:27.0815 4748 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

15:07:27.0920 4748 sffp_mmc - ok

15:07:28.0073 4748 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:07:28.0142 4748 sffp_sd - ok

15:07:28.0197 4748 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

15:07:28.0240 4748 sfloppy - ok

15:07:28.0326 4748 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

15:07:28.0337 4748 sisagp - ok

15:07:28.0547 4748 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

15:07:28.0560 4748 SiSRaid2 - ok

15:07:28.0600 4748 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

15:07:28.0613 4748 SiSRaid4 - ok

15:07:28.0724 4748 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

15:07:28.0800 4748 Smb - ok

15:07:28.0867 4748 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

15:07:28.0878 4748 spldr - ok

15:07:29.0092 4748 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

15:07:29.0188 4748 srv - ok

15:07:29.0522 4748 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

15:07:29.0634 4748 srv2 - ok

15:07:29.0701 4748 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

15:07:29.0773 4748 srvnet - ok

15:07:30.0058 4748 STHDA (1fbe4c98475d0c408469bd846d96da68) C:\Windows\system32\DRIVERS\stwrt.sys

15:07:30.0427 4748 STHDA - ok

15:07:30.0711 4748 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

15:07:30.0819 4748 StillCam - ok

15:07:31.0101 4748 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

15:07:31.0112 4748 swenum - ok

15:07:31.0161 4748 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

15:07:31.0173 4748 Symc8xx - ok

15:07:31.0220 4748 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

15:07:31.0232 4748 Sym_hi - ok

15:07:31.0288 4748 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

15:07:31.0301 4748 Sym_u3 - ok

15:07:31.0521 4748 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

15:07:31.0920 4748 Tcpip - ok

15:07:32.0677 4748 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

15:07:32.0756 4748 Tcpip6 - ok

15:07:33.0092 4748 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

15:07:33.0222 4748 tcpipreg - ok

15:07:33.0510 4748 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

15:07:33.0595 4748 TDPIPE - ok

15:07:33.0748 4748 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

15:07:33.0860 4748 TDTCP - ok

15:07:34.0065 4748 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

15:07:34.0139 4748 tdx - ok

15:07:34.0239 4748 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

15:07:34.0255 4748 TermDD - ok

15:07:34.0332 4748 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:07:34.0390 4748 tssecsrv - ok

15:07:34.0442 4748 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

15:07:34.0575 4748 tunmp - ok

15:07:34.0797 4748 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

15:07:34.0907 4748 tunnel - ok

15:07:35.0011 4748 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

15:07:35.0040 4748 uagp35 - ok

15:07:35.0189 4748 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

15:07:35.0246 4748 udfs - ok

15:07:35.0354 4748 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

15:07:35.0380 4748 uliagpkx - ok

15:07:35.0500 4748 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

15:07:35.0567 4748 uliahci - ok

15:07:35.0622 4748 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

15:07:35.0636 4748 UlSata - ok

15:07:35.0676 4748 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

15:07:35.0689 4748 ulsata2 - ok

15:07:35.0782 4748 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

15:07:35.0885 4748 umbus - ok

15:07:36.0118 4748 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

15:07:36.0252 4748 USBAAPL - ok

15:07:36.0414 4748 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

15:07:36.0488 4748 usbaudio - ok

15:07:36.0607 4748 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

15:07:36.0628 4748 usbccgp - ok

15:07:36.0770 4748 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\Windows\system32\DRIVERS\usbccid.sys

15:07:36.0960 4748 USBCCID - ok

15:07:37.0118 4748 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

15:07:37.0316 4748 usbcir - ok

15:07:37.0518 4748 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

15:07:37.0583 4748 usbehci - ok

15:07:37.0895 4748 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

15:07:37.0987 4748 usbhub - ok

15:07:38.0110 4748 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

15:07:38.0211 4748 usbohci - ok

15:07:38.0334 4748 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

15:07:38.0383 4748 usbprint - ok

15:07:38.0584 4748 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

15:07:38.0668 4748 usbscan - ok

15:07:38.0823 4748 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:07:38.0889 4748 USBSTOR - ok

15:07:39.0035 4748 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

15:07:39.0110 4748 usbuhci - ok

15:07:39.0279 4748 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys

15:07:39.0359 4748 usb_rndisx - ok

15:07:39.0501 4748 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

15:07:39.0602 4748 vga - ok

15:07:39.0693 4748 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

15:07:39.0799 4748 VgaSave - ok

15:07:39.0909 4748 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

15:07:39.0937 4748 viaagp - ok

15:07:39.0993 4748 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

15:07:40.0197 4748 ViaC7 - ok

15:07:40.0263 4748 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

15:07:40.0294 4748 viaide - ok

15:07:40.0400 4748 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

15:07:40.0427 4748 volmgr - ok

15:07:40.0663 4748 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

15:07:40.0865 4748 volmgrx - ok

15:07:41.0143 4748 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

15:07:41.0179 4748 volsnap - ok

15:07:41.0363 4748 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

15:07:41.0395 4748 vsmraid - ok

15:07:41.0476 4748 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

15:07:41.0581 4748 WacomPen - ok

15:07:41.0642 4748 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:07:41.0716 4748 Wanarp - ok

15:07:41.0725 4748 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:07:41.0741 4748 Wanarpv6 - ok

15:07:41.0898 4748 WavxDMgr (1e579390958dfc81776264213da18083) C:\Windows\system32\DRIVERS\WavxDMgr.sys

15:07:41.0911 4748 WavxDMgr - ok

15:07:42.0024 4748 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

15:07:42.0035 4748 Wd - ok

15:07:42.0440 4748 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

15:07:42.0811 4748 Wdf01000 - ok

15:07:43.0284 4748 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:07:43.0382 4748 WmiAcpi - ok

15:07:44.0080 4748 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

15:07:44.0141 4748 WpdUsb - ok

15:07:44.0272 4748 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

15:07:44.0361 4748 ws2ifsl - ok

15:07:44.0523 4748 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:07:44.0718 4748 WUDFRd - ok

15:07:44.0857 4748 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

15:07:45.0317 4748 \Device\Harddisk0\DR0 - ok

15:07:45.0385 4748 Boot (0x1200) (62e4ae53ed0d8b6cdf53f08ffd301564) \Device\Harddisk0\DR0\Partition0

15:07:45.0391 4748 \Device\Harddisk0\DR0\Partition0 - ok

15:07:45.0394 4748 Boot (0x1200) (a8f37252f0d0b1ad989b3b3ff0fa89a0) \Device\Harddisk0\DR0\Partition1

15:07:45.0396 4748 \Device\Harddisk0\DR0\Partition1 - ok

15:07:45.0397 4748 ============================================================

15:07:45.0397 4748 Scan finished

15:07:45.0397 4748 ============================================================

15:07:45.0407 0252 Detected object count: 0

15:07:45.0407 0252 Actual detected object count: 0

Link to post
Share on other sites

OK Good...That's clean.

--------------------

Lets run ComboFix now:

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

OK... See below.

ComboFix 11-12-11.02 - Andy 12/11/2011 15:41:48.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2035.1028 [GMT -6:00]

Running from: c:\users\Andy\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Andy\AppData\Roaming\Win32

.

.

((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))

.

.

2011-12-11 21:50 . 2011-12-11 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-11 19:44 . 2011-12-11 19:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FD352A0-2055-48AB-81AC-C74849B92BB7}\offreg.dll

2011-12-11 19:39 . 2011-12-11 19:39 -------- d-----w- C:\_OTL

2011-12-10 01:30 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FD352A0-2055-48AB-81AC-C74849B92BB7}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-11 19:46 . 2008-12-25 08:05 0 ----a-w- c:\users\Andy\AppData\Local\WavXMapDrive.bat

2011-12-07 02:25 . 2011-06-18 21:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-20 21:02 . 2011-11-11 03:07 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-25 01:12 . 2008-12-27 01:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"

[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]

2009-11-08 15:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"

[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]

2009-11-08 15:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 39408]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-02 196608]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-04 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-04 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-07-04 96800]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 99328]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]

"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-05-30 593920]

"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]

"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-09-09 1486848]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-19 3563520]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-11 442467]

"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-11-06 202016]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

.

c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-8-18 1186896]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-25 30192]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\aestsrv.exe [2008-07-11 77824]

S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]

S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]

S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-06-03 386328]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-08-01 808296]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-08-01 21352]

S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-08-18 453712]

S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-09-09 69632]

S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-16 29736]

S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2008-07-23 32808]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-07-01 224384]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-09-22 144672]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-22 277632]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 78275475

*Deregistered* - 78275475

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2047685441-3617723361-1140268788-1000Core.job

- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-09 13:03]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2047685441-3617723361-1140268788-1000UA.job

- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-09 13:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 97.64.168.12 97.64.183.165

FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\m5r3divf.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Adobe DLM (powered by getPlus®): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Andy\AppData\Roaming\Move Networks

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(628)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'Explorer.exe'(6068)

c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\btmmhook.dll

c:\windows\System32\NLSData0009.dll

.

Completion time: 2011-12-11 15:52:53

ComboFix-quarantined-files.txt 2011-12-11 21:52

.

Pre-Run: 34,382,176,256 bytes free

Post-Run: 35,700,580,352 bytes free

.

- - End Of File - - B516B147E9397D39A5090E1190D4C460

Link to post
Share on other sites

Looks good!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8356

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

12/12/2011 8:06:46 AM

mbam-log-2011-12-12 (08-06-46).txt

Scan type: Quick scan

Objects scanned: 176018

Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Great :)

Please uninstall ComboFix:

Click on the Start button and then in the Search field enter combofix /uninstall

Please note that there is a space between combofix and /uninstall.

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled. You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

------------------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.