Jump to content

Recommended Posts

Two days ago I started to get the pop up windows that accompany the Win 7 security 2012 virus. I used the guide found here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012. But Malwarebytes did not locate anything. Then again today I got the pop-ups again confirming that I am still infected. I have tried to use other programs but nothing is finding this thing. I'm attaching my HiJackThis log. If you can help I would greatly appreciate it. Thanks!!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:26:29 PM, on 12/13/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

c:\program files (x86)\real\realplayer\RealPlay.exe

c:\program files (x86)\real\realplayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60

O4 - HKCU\..\Run: [Google Update] "C:\Users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: NexDef Plug-in.lnk = Kelly\AppData\Local\Autobahn\nexdef.exe

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1256402431414

O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab

O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://games.ca.zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe

O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15340 bytes

Link to post
Share on other sites

Welcome to the forum.

See if following this guide works.

if not..........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/12/16 19:23:59 | 000,001,730 | -HS- | M] () -- C:\Users\Kelly\AppData\Local\xluygn5w0ydf0hnr0fgh6n138r8k
    [2011/12/16 19:23:59 | 000,001,730 | -HS- | M] () -- C:\ProgramData\xluygn5w0ydf0hnr0fgh6n138r8k
    [2011/12/16 19:20:04 | 000,390,656 | ---- | M] () -- C:\Users\Kelly\Documents\I8k18.exe
    [2011/12/14 18:48:35 | 000,010,746 | -HS- | M] () -- C:\Users\Kelly\AppData\Local\a7ua56f1dc3wtt
    [2011/12/14 18:48:35 | 000,010,746 | -HS- | M] () -- C:\ProgramData\a7ua56f1dc3wtt
    [2011/12/16 19:20:04 | 000,390,656 | ---- | M] () -- C:\Users\Kelly\Documents\I8k18.exe
    [2011/12/12 19:10:43 | 000,010,176 | -HS- | M] () -- C:\Users\Kelly\AppData\Local\nyvwwc4t3eyg0eco4bml8d514w2m
    [2011/12/12 19:10:43 | 000,010,176 | -HS- | M] () -- C:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m
    [2011/12/11 14:16:18 | 000,010,840 | -HS- | M] () -- C:\Users\Kelly\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k
    [2011/12/11 14:16:18 | 000,010,840 | -HS- | M] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
    [2011/12/16 19:19:55 | 000,390,656 | ---- | C] () -- C:\Users\Kelly\Documents\I8k18.exe
    [2011/12/14 18:44:09 | 000,010,746 | -HS- | C] () -- C:\Users\Kelly\AppData\Local\a7ua56f1dc3wtt
    [2011/12/14 18:44:09 | 000,010,746 | -HS- | C] () -- C:\ProgramData\a7ua56f1dc3wtt
    [2011/12/12 19:05:44 | 000,010,176 | -HS- | C] () -- C:\Users\Kelly\AppData\Local\nyvwwc4t3eyg0eco4bml8d514w2m
    [2011/12/12 19:05:44 | 000,010,176 | -HS- | C] () -- C:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m
    [2011/12/11 13:01:49 | 000,010,840 | -HS- | C] () -- C:\Users\Kelly\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k
    [2011/11/16 07:07:21 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\6A147
    [2011/11/16 07:07:21 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\7A76A
    [2011/11/11 23:09:18 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\BdEELL8gRZ
    [2011/11/11 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\eivD3onF4m5W7E8[2011/11/11 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\fRLL99hTXqjUekB
    [2011/11/11 19:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\jTZqhYCwkVlBx0S
    [2011/11/11 18:47:33 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\KyycA1uv2b4msQ6
    [2011/11/11 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\KzzOONyyxAuvS
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE
    @Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
    :files
    C:\WINDOWS\tasks\*.job
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

MrC,

Here's the log I got.

========== OTL ==========

C:\Users\Kelly\AppData\Local\xluygn5w0ydf0hnr0fgh6n138r8k moved successfully.

C:\ProgramData\xluygn5w0ydf0hnr0fgh6n138r8k moved successfully.

C:\Users\Kelly\My Documents\I8k18.exe moved successfully.

C:\Users\Kelly\AppData\Local\a7ua56f1dc3wtt moved successfully.

C:\ProgramData\a7ua56f1dc3wtt moved successfully.

File C:\Users\Kelly\Documents\I8k18.exe not found.

C:\Users\Kelly\AppData\Local\nyvwwc4t3eyg0eco4bml8d514w2m moved successfully.

C:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m moved successfully.

C:\Users\Kelly\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k moved successfully.

C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k moved successfully.

File C:\Users\Kelly\Documents\I8k18.exe not found.

File C:\Users\Kelly\AppData\Local\a7ua56f1dc3wtt not found.

File C:\ProgramData\a7ua56f1dc3wtt not found.

File C:\Users\Kelly\AppData\Local\nyvwwc4t3eyg0eco4bml8d514w2m not found.

File C:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m not found.

File C:\Users\Kelly\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k not found.

C:\Users\Kelly\AppData\Roaming\6A147 folder moved successfully.

C:\Users\Kelly\AppData\Roaming\7A76A folder moved successfully.

C:\Users\Kelly\AppData\Roaming\BdEELL8gRZ folder moved successfully.

Folder C:\Users\Kelly\AppData\Roaming\eivD3onF4m5W7E8[2011/11/11 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Kelly\AppData\Roaming\fRLL99hTXqjUekB\ not found.

C:\Users\Kelly\AppData\Roaming\jTZqhYCwkVlBx0S folder moved successfully.

C:\Users\Kelly\AppData\Roaming\KyycA1uv2b4msQ6 folder moved successfully.

C:\Users\Kelly\AppData\Roaming\KzzOONyyxAuvS folder moved successfully.

ADS C:\ProgramData\Temp:0B174FAE deleted successfully.

ADS C:\Windows:nlsPreferences deleted successfully.

ADS C:\ProgramData\Temp:430C6D84 deleted successfully.

ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.

========== FILES ==========

C:\WINDOWS\tasks\At1.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3447566891-3031382510-343895390-1000Core.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3447566891-3031382510-343895390-1000UA.job moved successfully.

C:\WINDOWS\tasks\HPCeeScheduleForKelly.job moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 12172011_094509

Link to post
Share on other sites

Here's the TDSSKiller log:

10:23:45.0907 1828 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

10:23:46.0468 1828 ============================================================

10:23:46.0468 1828 Current date / time: 2011/12/17 10:23:46.0468

10:23:46.0468 1828 SystemInfo:

10:23:46.0468 1828

10:23:46.0468 1828 OS Version: 6.1.7601 ServicePack: 1.0

10:23:46.0468 1828 Product type: Workstation

10:23:46.0468 1828 ComputerName: KELLY-PC

10:23:46.0468 1828 UserName: Kelly

10:23:46.0468 1828 Windows directory: C:\Windows

10:23:46.0468 1828 System windows directory: C:\Windows

10:23:46.0468 1828 Running under WOW64

10:23:46.0468 1828 Processor architecture: Intel x64

10:23:46.0468 1828 Number of processors: 2

10:23:46.0468 1828 Page size: 0x1000

10:23:46.0468 1828 Boot type: Safe boot with network

10:23:46.0468 1828 ============================================================

10:23:48.0793 1828 Initialize success

10:23:54.0112 1876 ============================================================

10:23:54.0112 1876 Scan started

10:23:54.0112 1876 Mode: Manual; SigCheck; TDLFS;

10:23:54.0112 1876 ============================================================

10:23:56.0031 1876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:23:58.0465 1876 1394ohci - ok

10:23:58.0605 1876 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys

10:23:58.0824 1876 a2acc - ok

10:23:58.0980 1876 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

10:23:58.0980 1876 A2DDA - ok

10:23:59.0058 1876 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys

10:23:59.0073 1876 a2injectiondriver - ok

10:23:59.0198 1876 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys

10:23:59.0214 1876 a2util - ok

10:23:59.0557 1876 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys

10:23:59.0557 1876 Accelerometer - ok

10:23:59.0635 1876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:23:59.0666 1876 ACPI - ok

10:23:59.0760 1876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:23:59.0884 1876 AcpiPmi - ok

10:24:00.0056 1876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:24:00.0087 1876 adp94xx - ok

10:24:00.0165 1876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:24:00.0196 1876 adpahci - ok

10:24:00.0228 1876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:24:00.0243 1876 adpu320 - ok

10:24:00.0306 1876 AESTAud (2c4676e1b569bbe9d4d50a2b90f10064) C:\Windows\system32\drivers\AESTAu64.sys

10:24:00.0384 1876 AESTAud ( UnsignedFile.Multi.Generic ) - warning

10:24:00.0384 1876 AESTAud - detected UnsignedFile.Multi.Generic (1)

10:24:00.0446 1876 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

10:24:00.0540 1876 AFD - ok

10:24:00.0602 1876 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

10:24:00.0758 1876 AgereSoftModem - ok

10:24:00.0852 1876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:24:00.0867 1876 agp440 - ok

10:24:00.0961 1876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:24:00.0976 1876 aliide - ok

10:24:01.0148 1876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:24:01.0164 1876 amdide - ok

10:24:01.0226 1876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:24:01.0304 1876 AmdK8 - ok

10:24:01.0335 1876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:24:01.0444 1876 AmdPPM - ok

10:24:01.0476 1876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:24:01.0476 1876 amdsata - ok

10:24:01.0600 1876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:24:01.0616 1876 amdsbs - ok

10:24:01.0632 1876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:24:01.0647 1876 amdxata - ok

10:24:01.0881 1876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:24:02.0115 1876 AppID - ok

10:24:02.0521 1876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:24:02.0536 1876 arc - ok

10:24:03.0036 1876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:24:03.0036 1876 arcsas - ok

10:24:03.0426 1876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:24:03.0582 1876 AsyncMac - ok

10:24:03.0831 1876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:24:03.0847 1876 atapi - ok

10:24:04.0564 1876 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys

10:24:04.0658 1876 athr - ok

10:24:04.0954 1876 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

10:24:04.0970 1876 AtiHdmiService - ok

10:24:05.0391 1876 atikmdag (2263eafcf5add181b7fd47b78ae6d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys

10:24:05.0641 1876 atikmdag - ok

10:24:06.0265 1876 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys

10:24:06.0265 1876 AtiPcie - ok

10:24:06.0624 1876 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

10:24:06.0624 1876 avgntflt - ok

10:24:07.0029 1876 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys

10:24:07.0029 1876 avipbb - ok

10:24:07.0638 1876 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

10:24:07.0638 1876 avkmgr - ok

10:24:08.0152 1876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:24:08.0199 1876 b06bdrv - ok

10:24:08.0979 1876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:24:09.0057 1876 b57nd60a - ok

10:24:09.0229 1876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:24:09.0291 1876 Beep - ok

10:24:09.0322 1876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:24:09.0354 1876 blbdrive - ok

10:24:09.0416 1876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:24:09.0478 1876 bowser - ok

10:24:09.0494 1876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:24:09.0588 1876 BrFiltLo - ok

10:24:09.0634 1876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:24:09.0666 1876 BrFiltUp - ok

10:24:09.0681 1876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:24:09.0728 1876 Brserid - ok

10:24:09.0759 1876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:24:09.0790 1876 BrSerWdm - ok

10:24:09.0837 1876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:24:09.0868 1876 BrUsbMdm - ok

10:24:09.0900 1876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:24:09.0931 1876 BrUsbSer - ok

10:24:09.0993 1876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:24:10.0024 1876 BTHMODEM - ok

10:24:10.0087 1876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:24:10.0149 1876 cdfs - ok

10:24:10.0212 1876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:24:10.0258 1876 cdrom - ok

10:24:10.0305 1876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:24:10.0336 1876 circlass - ok

10:24:10.0399 1876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:24:10.0414 1876 CLFS - ok

10:24:10.0461 1876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:24:10.0492 1876 CmBatt - ok

10:24:10.0539 1876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:24:10.0539 1876 cmdide - ok

10:24:10.0617 1876 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

10:24:10.0648 1876 CNG - ok

10:24:10.0695 1876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:24:10.0695 1876 Compbatt - ok

10:24:10.0758 1876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:24:10.0789 1876 CompositeBus - ok

10:24:10.0851 1876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:24:10.0867 1876 crcdisk - ok

10:24:10.0960 1876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:24:11.0023 1876 DfsC - ok

10:24:11.0085 1876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:24:11.0132 1876 discache - ok

10:24:11.0163 1876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:24:11.0179 1876 Disk - ok

10:24:11.0226 1876 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

10:24:11.0272 1876 Dot4 - ok

10:24:11.0319 1876 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

10:24:11.0366 1876 Dot4Print - ok

10:24:11.0413 1876 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

10:24:11.0460 1876 dot4usb - ok

10:24:11.0491 1876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:24:11.0538 1876 drmkaud - ok

10:24:11.0600 1876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:24:11.0631 1876 DXGKrnl - ok

10:24:11.0772 1876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:24:11.0896 1876 ebdrv - ok

10:24:11.0959 1876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:24:11.0990 1876 elxstor - ok

10:24:12.0052 1876 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys

10:24:12.0099 1876 enecir - ok

10:24:12.0146 1876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:24:12.0193 1876 ErrDev - ok

10:24:12.0240 1876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:24:12.0302 1876 exfat - ok

10:24:12.0364 1876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:24:12.0396 1876 fastfat - ok

10:24:12.0442 1876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:24:12.0630 1876 fdc - ok

10:24:13.0004 1876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:24:13.0020 1876 FileInfo - ok

10:24:13.0082 1876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:24:13.0144 1876 Filetrace - ok

10:24:13.0176 1876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:24:13.0191 1876 flpydisk - ok

10:24:13.0254 1876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:24:13.0269 1876 FltMgr - ok

10:24:13.0316 1876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:24:13.0332 1876 FsDepends - ok

10:24:13.0347 1876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:24:13.0363 1876 Fs_Rec - ok

10:24:13.0410 1876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:24:13.0456 1876 fvevol - ok

10:24:13.0488 1876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:24:13.0488 1876 gagp30kx - ok

10:24:13.0534 1876 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:24:13.0534 1876 GEARAspiWDM - ok

10:24:13.0566 1876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:24:13.0597 1876 hcw85cir - ok

10:24:13.0659 1876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:24:13.0706 1876 HdAudAddService - ok

10:24:13.0737 1876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:24:13.0784 1876 HDAudBus - ok

10:24:13.0815 1876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:24:13.0831 1876 HidBatt - ok

10:24:13.0862 1876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:24:13.0909 1876 HidBth - ok

10:24:13.0956 1876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:24:13.0987 1876 HidIr - ok

10:24:14.0034 1876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

10:24:14.0065 1876 HidUsb - ok

10:24:14.0127 1876 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys

10:24:14.0127 1876 hpdskflt - ok

10:24:14.0190 1876 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

10:24:14.0221 1876 HpqKbFiltr - ok

10:24:14.0268 1876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:24:14.0268 1876 HpSAMD - ok

10:24:14.0361 1876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:24:14.0424 1876 HTTP - ok

10:24:14.0470 1876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:24:14.0486 1876 hwpolicy - ok

10:24:14.0486 1876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:24:14.0502 1876 i8042prt - ok

10:24:14.0564 1876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:24:14.0580 1876 iaStorV - ok

10:24:14.0626 1876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:24:14.0642 1876 iirsp - ok

10:24:14.0658 1876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:24:14.0673 1876 intelide - ok

10:24:14.0720 1876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:24:14.0751 1876 intelppm - ok

10:24:14.0814 1876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:24:14.0907 1876 IpFilterDriver - ok

10:24:14.0938 1876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:24:14.0954 1876 IPMIDRV - ok

10:24:15.0001 1876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:24:15.0063 1876 IPNAT - ok

10:24:15.0094 1876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:24:15.0157 1876 IRENUM - ok

10:24:15.0204 1876 is3srv - ok

10:24:15.0235 1876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:24:15.0250 1876 isapnp - ok

10:24:15.0297 1876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:24:15.0313 1876 iScsiPrt - ok

10:24:15.0375 1876 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys

10:24:15.0453 1876 JMCR - ok

10:24:15.0484 1876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:24:15.0500 1876 kbdclass - ok

10:24:15.0547 1876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:24:15.0578 1876 kbdhid - ok

10:24:15.0640 1876 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

10:24:15.0656 1876 KSecDD - ok

10:24:15.0718 1876 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

10:24:15.0734 1876 KSecPkg - ok

10:24:15.0796 1876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:24:15.0859 1876 ksthunk - ok

10:24:15.0937 1876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:24:15.0999 1876 lltdio - ok

10:24:16.0030 1876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:24:16.0046 1876 LSI_FC - ok

10:24:16.0077 1876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:24:16.0093 1876 LSI_SAS - ok

10:24:16.0108 1876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:24:16.0124 1876 LSI_SAS2 - ok

10:24:16.0171 1876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:24:16.0186 1876 LSI_SCSI - ok

10:24:16.0233 1876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:24:16.0296 1876 luafv - ok

10:24:16.0327 1876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:24:16.0342 1876 megasas - ok

10:24:16.0389 1876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:24:16.0405 1876 MegaSR - ok

10:24:16.0467 1876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:24:16.0530 1876 Modem - ok

10:24:16.0561 1876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:24:16.0592 1876 monitor - ok

10:24:16.0639 1876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

10:24:16.0639 1876 mouclass - ok

10:24:16.0717 1876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:24:16.0748 1876 mouhid - ok

10:24:16.0795 1876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:24:16.0810 1876 mountmgr - ok

10:24:16.0857 1876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:24:16.0873 1876 mpio - ok

10:24:16.0920 1876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:24:16.0982 1876 mpsdrv - ok

10:24:17.0029 1876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:24:17.0076 1876 MRxDAV - ok

10:24:17.0122 1876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:24:17.0169 1876 mrxsmb - ok

10:24:17.0200 1876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:24:17.0247 1876 mrxsmb10 - ok

10:24:17.0310 1876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:24:17.0325 1876 mrxsmb20 - ok

10:24:17.0356 1876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:24:17.0372 1876 msahci - ok

10:24:17.0403 1876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:24:17.0419 1876 msdsm - ok

10:24:17.0497 1876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:24:17.0528 1876 Msfs - ok

10:24:17.0559 1876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:24:17.0622 1876 mshidkmdf - ok

10:24:17.0668 1876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:24:17.0684 1876 msisadrv - ok

10:24:17.0715 1876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:24:17.0778 1876 MSKSSRV - ok

10:24:17.0809 1876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:24:17.0871 1876 MSPCLOCK - ok

10:24:17.0887 1876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:24:17.0996 1876 MSPQM - ok

10:24:18.0043 1876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:24:18.0058 1876 MsRPC - ok

10:24:18.0090 1876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:24:18.0105 1876 mssmbios - ok

10:24:18.0152 1876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:24:18.0214 1876 MSTEE - ok

10:24:18.0246 1876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:24:18.0292 1876 MTConfig - ok

10:24:18.0324 1876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:24:18.0339 1876 Mup - ok

10:24:18.0417 1876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:24:18.0448 1876 NativeWifiP - ok

10:24:18.0526 1876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:24:18.0558 1876 NDIS - ok

10:24:18.0589 1876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:24:18.0620 1876 NdisCap - ok

10:24:18.0667 1876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:24:18.0729 1876 NdisTapi - ok

10:24:18.0776 1876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:24:18.0838 1876 Ndisuio - ok

10:24:18.0916 1876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:24:18.0963 1876 NdisWan - ok

10:24:19.0010 1876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:24:19.0072 1876 NDProxy - ok

10:24:19.0135 1876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:24:19.0182 1876 NetBIOS - ok

10:24:19.0244 1876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:24:19.0322 1876 NetBT - ok

10:24:19.0384 1876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:24:19.0400 1876 nfrd960 - ok

10:24:19.0447 1876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:24:19.0509 1876 Npfs - ok

10:24:19.0556 1876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:24:19.0587 1876 nsiproxy - ok

10:24:19.0650 1876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:24:19.0728 1876 Ntfs - ok

10:24:19.0743 1876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:24:19.0806 1876 Null - ok

10:24:19.0868 1876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:24:19.0884 1876 nvraid - ok

10:24:19.0915 1876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:24:19.0930 1876 nvstor - ok

10:24:19.0977 1876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:24:19.0993 1876 nv_agp - ok

10:24:20.0040 1876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:24:20.0086 1876 ohci1394 - ok

10:24:20.0164 1876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:24:20.0180 1876 Parport - ok

10:24:20.0227 1876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:24:20.0227 1876 partmgr - ok

10:24:20.0274 1876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:24:20.0289 1876 pci - ok

10:24:20.0336 1876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:24:20.0352 1876 pciide - ok

10:24:20.0383 1876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:24:20.0398 1876 pcmcia - ok

10:24:20.0414 1876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:24:20.0430 1876 pcw - ok

10:24:20.0476 1876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:24:20.0539 1876 PEAUTH - ok

10:24:20.0648 1876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:24:20.0710 1876 PptpMiniport - ok

10:24:20.0742 1876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:24:20.0788 1876 Processor - ok

10:24:20.0835 1876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:24:20.0882 1876 Psched - ok

10:24:20.0929 1876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:24:20.0991 1876 ql2300 - ok

10:24:21.0038 1876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:24:21.0054 1876 ql40xx - ok

10:24:21.0085 1876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:24:21.0116 1876 QWAVEdrv - ok

10:24:21.0147 1876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:24:21.0210 1876 RasAcd - ok

10:24:21.0272 1876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:24:21.0319 1876 RasAgileVpn - ok

10:24:21.0381 1876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:24:21.0444 1876 Rasl2tp - ok

10:24:21.0475 1876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:24:21.0553 1876 RasPppoe - ok

10:24:21.0584 1876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:24:21.0646 1876 RasSstp - ok

10:24:21.0693 1876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:24:21.0771 1876 rdbss - ok

10:24:21.0802 1876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:24:21.0849 1876 rdpbus - ok

10:24:21.0896 1876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:24:21.0958 1876 RDPCDD - ok

10:24:21.0974 1876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:24:22.0036 1876 RDPENCDD - ok

10:24:22.0068 1876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:24:22.0114 1876 RDPREFMP - ok

10:24:22.0177 1876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:24:22.0224 1876 RDPWD - ok

10:24:22.0286 1876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:24:22.0302 1876 rdyboost - ok

10:24:22.0348 1876 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

10:24:22.0364 1876 regi - ok

10:24:22.0489 1876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:24:22.0536 1876 rspndr - ok

10:24:22.0598 1876 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:24:22.0629 1876 RTL8167 - ok

10:24:22.0676 1876 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys

10:24:22.0738 1876 RTL8169 - ok

10:24:22.0785 1876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:24:22.0801 1876 sbp2port - ok

10:24:22.0894 1876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:24:22.0957 1876 scfilter - ok

10:24:23.0035 1876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:24:23.0082 1876 secdrv - ok

10:24:23.0128 1876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:24:23.0175 1876 Serenum - ok

10:24:23.0206 1876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:24:23.0222 1876 Serial - ok

10:24:23.0269 1876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:24:23.0300 1876 sermouse - ok

10:24:23.0378 1876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:24:23.0409 1876 sffdisk - ok

10:24:23.0440 1876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:24:23.0472 1876 sffp_mmc - ok

10:24:23.0503 1876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:24:23.0534 1876 sffp_sd - ok

10:24:23.0596 1876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:24:23.0628 1876 sfloppy - ok

10:24:23.0674 1876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:24:23.0690 1876 SiSRaid2 - ok

10:24:23.0737 1876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:24:23.0752 1876 SiSRaid4 - ok

10:24:23.0830 1876 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys

10:24:23.0846 1876 SmartDefragDriver - ok

10:24:23.0893 1876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:24:23.0924 1876 Smb - ok

10:24:23.0971 1876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:24:23.0986 1876 spldr - ok

10:24:24.0064 1876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:24:24.0127 1876 srv - ok

10:24:24.0158 1876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:24:24.0205 1876 srv2 - ok

10:24:24.0236 1876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:24:24.0283 1876 srvnet - ok

10:24:24.0345 1876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:24:24.0361 1876 stexstor - ok

10:24:24.0439 1876 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys

10:24:24.0501 1876 STHDA - ok

10:24:24.0579 1876 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

10:24:24.0610 1876 StillCam - ok

10:24:24.0657 1876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:24:24.0657 1876 swenum - ok

10:24:24.0720 1876 SynTP (b432c6063d4c621241c2b6e05ca0c3e3) C:\Windows\system32\DRIVERS\SynTP.sys

10:24:24.0735 1876 SynTP - ok

10:24:24.0766 1876 szkg5 - ok

10:24:24.0844 1876 tclondrv (bb7c91d0e97aa8126212838d32dcc83c) C:\Windows\system32\DRIVERS\tclondrv.sys

10:24:24.0860 1876 tclondrv - ok

10:24:24.0954 1876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:24:25.0032 1876 Tcpip - ok

10:24:25.0094 1876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:24:25.0125 1876 TCPIP6 - ok

10:24:25.0203 1876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:24:25.0266 1876 tcpipreg - ok

10:24:25.0328 1876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:24:25.0390 1876 TDPIPE - ok

10:24:25.0437 1876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:24:25.0468 1876 TDTCP - ok

10:24:25.0515 1876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:24:25.0562 1876 tdx - ok

10:24:25.0578 1876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:24:25.0593 1876 TermDD - ok

10:24:25.0718 1876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:24:25.0765 1876 tssecsrv - ok

10:24:25.0812 1876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:24:25.0827 1876 TsUsbFlt - ok

10:24:25.0921 1876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:24:25.0968 1876 tunnel - ok

10:24:26.0014 1876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:24:26.0030 1876 uagp35 - ok

10:24:26.0092 1876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:24:26.0155 1876 udfs - ok

10:24:26.0217 1876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:24:26.0233 1876 uliagpkx - ok

10:24:26.0264 1876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:24:26.0295 1876 umbus - ok

10:24:26.0358 1876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:24:26.0389 1876 UmPass - ok

10:24:26.0451 1876 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

10:24:26.0498 1876 USBAAPL64 - ok

10:24:26.0498 1876 usbbus - ok

10:24:26.0592 1876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:24:26.0592 1876 usbccgp - ok

10:24:26.0654 1876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:24:26.0701 1876 usbcir - ok

10:24:26.0748 1876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:24:26.0794 1876 usbehci - ok

10:24:26.0826 1876 usbfilter (8fec71666aba7114f9cab9e56065ec80) C:\Windows\system32\DRIVERS\usbfilter.sys

10:24:26.0841 1876 usbfilter - ok

10:24:26.0904 1876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:24:26.0935 1876 usbhub - ok

10:24:26.0950 1876 USBModem - ok

10:24:26.0982 1876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

10:24:27.0013 1876 usbohci - ok

10:24:27.0106 1876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:24:27.0153 1876 usbprint - ok

10:24:27.0216 1876 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:24:27.0247 1876 usbscan - ok

10:24:27.0294 1876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:24:27.0325 1876 USBSTOR - ok

10:24:27.0372 1876 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

10:24:27.0403 1876 usbuhci - ok

10:24:27.0465 1876 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:24:27.0481 1876 usbvideo - ok

10:24:27.0512 1876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:24:27.0528 1876 vdrvroot - ok

10:24:27.0574 1876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:24:27.0590 1876 vga - ok

10:24:27.0606 1876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:24:27.0668 1876 VgaSave - ok

10:24:27.0715 1876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:24:27.0730 1876 vhdmp - ok

10:24:27.0746 1876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:24:27.0762 1876 viaide - ok

10:24:27.0824 1876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:24:27.0824 1876 volmgr - ok

10:24:27.0902 1876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:24:27.0918 1876 volmgrx - ok

10:24:27.0964 1876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:24:27.0996 1876 volsnap - ok

10:24:28.0058 1876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:24:28.0058 1876 vsmraid - ok

10:24:28.0120 1876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:24:28.0152 1876 vwifibus - ok

10:24:28.0198 1876 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:24:28.0245 1876 vwififlt - ok

10:24:28.0308 1876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:24:28.0339 1876 WacomPen - ok

10:24:28.0386 1876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:24:28.0510 1876 WANARP - ok

10:24:28.0526 1876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:24:28.0557 1876 Wanarpv6 - ok

10:24:29.0056 1876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:24:29.0056 1876 Wd - ok

10:24:29.0166 1876 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

10:24:29.0166 1876 WDC_SAM - ok

10:24:29.0228 1876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:24:29.0259 1876 Wdf01000 - ok

10:24:29.0353 1876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:24:29.0384 1876 WfpLwf - ok

10:24:29.0431 1876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:24:29.0431 1876 WIMMount - ok

10:24:29.0524 1876 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:24:29.0571 1876 WinUsb - ok

10:24:29.0602 1876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:24:29.0618 1876 WmiAcpi - ok

10:24:29.0696 1876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:24:29.0727 1876 ws2ifsl - ok

10:24:29.0805 1876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:24:29.0868 1876 WudfPf - ok

10:24:29.0914 1876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:24:29.0992 1876 WUDFRd - ok

10:24:30.0164 1876 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

10:24:30.0180 1876 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok

10:24:30.0195 1876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:24:30.0289 1876 \Device\Harddisk0\DR0 - ok

10:24:30.0304 1876 MBR (0x1B8) (76fdaaf7db17bd1090f2da6591329e93) \Device\Harddisk1\DR1

10:24:41.0864 1876 \Device\Harddisk1\DR1 - ok

10:24:41.0880 1876 Boot (0x1200) (02c2eb1e218c6806b1eb6b8bc75a38b6) \Device\Harddisk0\DR0\Partition0

10:24:41.0880 1876 \Device\Harddisk0\DR0\Partition0 - ok

10:24:41.0895 1876 Boot (0x1200) (b4b7930e3876474594c6be0f833260f1) \Device\Harddisk0\DR0\Partition1

10:24:41.0895 1876 \Device\Harddisk0\DR0\Partition1 - ok

10:24:41.0911 1876 ============================================================

10:24:41.0911 1876 Scan finished

10:24:41.0911 1876 ============================================================

10:24:41.0926 1868 Detected object count: 1

10:24:41.0926 1868 Actual detected object count: 1

10:24:56.0684 1868 AESTAud ( UnsignedFile.Multi.Generic ) - skipped by user

10:24:56.0684 1868 AESTAud ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:24:59.0289 1824 Deinitialize success

Link to post
Share on other sites

That one file in question that TDSSKiller found is OK.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Here's the ComboFix log

ComboFix 11-12-17.02 - Kelly 12/17/2011 10:52:02.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2598 [GMT -6:00]

Running from: c:\users\Kelly\Downloads\Computer\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\users\Kelly\AppData\Roaming\Microsoft\Windows\Templates\xluygn5w0ydf0hnr0fgh6n138r8k

.

.

((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))

.

.

2011-12-17 17:03 . 2011-12-17 17:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-17 15:45 . 2011-12-17 15:45 -------- d-----w- C:\_OTL

2011-12-15 04:14 . 2011-12-15 04:14 -------- d-----w- c:\programdata\Garmin

2011-12-15 04:10 . 2011-12-15 04:10 -------- d-----w- c:\program files (x86)\Garmin

2011-12-15 04:05 . 2011-12-15 04:11 -------- d-----w- c:\users\Kelly\AppData\Roaming\Garmin

2011-12-14 23:01 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-14 22:59 . 2011-11-05 04:30 163328 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2011-12-14 22:59 . 2011-11-05 03:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-14 22:59 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-12-14 22:59 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-14 22:59 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-14 22:59 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-14 22:59 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-14 22:59 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-13 13:58 . 2011-12-17 17:07 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware

2011-12-13 03:31 . 2011-12-13 03:31 388096 ----a-r- c:\users\Kelly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-13 03:31 . 2011-12-13 03:31 -------- d-----w- c:\program files (x86)\Trend Micro

2011-12-13 01:55 . 2011-12-15 05:12 -------- d-----w- c:\program files (x86)\PC Tools

2011-12-13 01:50 . 2011-11-23 01:42 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2011-12-13 01:50 . 2011-12-15 05:12 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-12-13 01:38 . 2011-12-14 00:05 -------- d-----w- c:\programdata\PC Tools

2011-12-13 01:38 . 2011-12-13 01:38 -------- d-----w- c:\users\Kelly\AppData\Roaming\TestApp

2011-12-12 00:09 . 2011-12-17 06:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-12-12 00:09 . 2011-12-14 00:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-11-30 00:08 . 2011-10-20 05:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-11-24 02:59 . 2011-11-24 02:59 -------- d-----w- c:\users\Kelly\AppData\Local\Real

2011-11-24 02:59 . 2011-11-24 02:59 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll

2011-11-24 02:58 . 2011-11-24 02:58 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2011-11-24 02:58 . 2011-11-24 02:58 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll

2011-11-24 02:58 . 2011-11-24 02:58 108544 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

2011-11-23 04:28 . 2011-11-23 04:30 -------- d-----w- c:\programdata\boost_interprocess

2011-11-23 04:02 . 2011-11-25 16:08 -------- d-----w- c:\users\Public\entropia universe

2011-11-23 04:01 . 2011-11-23 04:02 -------- d-----w- c:\program files (x86)\Entropia Universe

2011-11-23 04:01 . 2011-11-23 04:02 -------- d-----w- c:\windows\Entropia Universe

2011-11-23 03:41 . 2011-11-23 03:51 -------- d--h--w- c:\windows\msdownld.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-17 04:47 . 2011-05-13 05:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 04:16 . 2011-11-11 16:00 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F457847-1905-4AE4-907D-E32FDB6B526E}\mpengine.dll

2011-09-29 16:29 . 2011-11-09 23:14 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-12 619352]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-10-08 322104]

"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAu64.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/10/11 16:38];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-12-09 2996272]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-12 494424]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-07-09 341312]

S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-07-09 65856]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-03 365952]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-09 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-09 116096]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]

S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]

S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]

S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447566891-3031382510-343895390-1000Core.job

- c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 14:41]

.

2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447566891-3031382510-343895390-1000UA.job

- c:\users\Kelly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 14:41]

.

2011-11-27 c:\windows\Tasks\HPCeeScheduleForKelly.job

- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-04-08 18:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\vugamuv9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3447566891-3031382510-343895390-1000\Software\SecuROM\License information*]

"datasecu"=hex:d7,39,39,2e,4b,3b,e3,5a,80,5e,dc,9d,e0,f3,71,72,aa,bf,53,b7,f5,

29,8a,42,22,d3,0b,e4,7f,d6,55,0a,81,73,14,8a,86,00,22,19,6e,d1,4b,c6,a5,85,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

.

**************************************************************************

.

Completion time: 2011-12-17 11:15:57 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-17 17:15

.

Pre-Run: 225,092,177,920 bytes free

Post-Run: 225,139,113,984 bytes free

.

- - End Of File - - 9A116AA4F419F3D50360F2D93FB2BC6E

Link to post
Share on other sites

Thank you MrC. I have not had a pop-up again. Your help has been appreciated. I'm pasting my MBAM log

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8373

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

12/17/2011 6:08:13 PM

mbam-log-2011-12-17 (18-08-13).txt

Scan type: Quick scan

Objects scanned: 180302

Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

That's Great News!! :)

Lets clean things up now......

Please uninstall ComboFix:

Click on the Start button and then in the Search field enter combofix /uninstall

Please note that there is a space between combofix and /uninstall.

Once you have typed this in, press Enter on your Keyboard.

A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

You can now delete the ComboFix.exe program from your computer.

ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

-------------------------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

------------------------------------------------

You have out of date Java on the system:

Older versions are vulnerable to malware.

Java 6 Update 7 <----uninstall this one from add/remove programs

Java 6 Update 24 <-----update this one from your control panel > Java > Update

-------------------------------------------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.