Jump to content

Ping.exe virus post virus removal w/ MWB


Recommended Posts

Hello,

I recently used Malwarebytes to remove a virus, shortly after another virus has been giving me trouble and none of the virus protections I use can seem to find it. It is Ping.exe and it takes up 100% of the CPU. I end the process and it will come right back, I suspend it and it comes back. I am not sure what info you need as this is my first time using a forum. I will paste a log of a malwarebyte scan and please let me know what further info is needed and what steps to take. Your time and knowledge will be greatly appreciated. Thank you.

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8373

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

12/21/2011 4:19:26 PM

mbam-log-2011-12-21 (16-19-26).txt

Scan type: Full scan (C:\|E:\|Q:\|S:\|)

Objects scanned: 274723

Time elapsed: 1 hour(s), 0 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi MrC, thank you very much for your response.

Here is the Attach Log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/30/2011 3:30:54 PM

System Uptime: 12/22/2011 12:38:21 PM (1 hours ago)

.

Motherboard: LENOVO | | KIWDX

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1200/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 212 GiB total, 33.048 GiB free.

E: is CDROM ()

Q: is FIXED (NTFS) - 20 GiB total, 14.488 GiB free.

S: is FIXED (NTFS) - 1 GiB total, 0.821 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP38: 10/13/2011 10:03:02 AM - Windows Update

RP39: 10/20/2011 12:38:02 PM - Scheduled Checkpoint

RP40: 10/26/2011 1:24:38 AM - Windows Update

RP41: 11/2/2011 1:52:34 AM - Scheduled Checkpoint

RP42: 11/9/2011 7:28:44 AM - Windows Update

RP43: 11/9/2011 7:31:41 PM - Installed iTunes

RP44: 11/27/2011 3:36:02 PM - Scheduled Checkpoint

RP45: 11/28/2011 4:25:58 AM - Windows Update

RP46: 12/6/2011 6:23:53 PM - Scheduled Checkpoint

RP47: 12/13/2011 3:04:04 PM - Windows Update

RP48: 12/13/2011 5:40:49 PM - Installed Java 6 Update 30

RP49: 12/15/2011 3:00:16 AM - Windows Update

RP50: 12/16/2011 1:05:59 AM - Removed Google Talk Plugin

RP51: 12/16/2011 1:06:55 AM - Removed WinZip 15.5

RP52: 12/16/2011 1:11:40 AM - Installed HiJackThis

.

==== Installed Programs ======================

.

.

µTorrent

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9

ALPS Touch Pad Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2012

Bonjour

Broadcom Gigabit Integrated Controller

Broadcom WLAN

Canon MP495 series MP Drivers

CCleaner

Conexant HD Audio

DirectXInstallService

Drag-to-Disc

Fotobounce

GOM Player

HDAUDIO Soft Data Fax Modem with SmartCP

HiJackThis

Intel® Graphics Media Accelerator Driver

InterVideo Register Manager

InterVideo WinDVD

iTunes

Java Auto Updater

Java 6 Update 30

JMicron JMB38X Flash Media Controller

Lenovo Registration

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Malwarebytes' Anti-Malware version 1.51.2.1300

Message Center

Message Center Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.1

Microsoft IntelliType Pro 8.1

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Miro

Mozilla Firefox 8.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

On Screen Display

ooVoo

PeerBlock 1.1 (r518)

PM Driver

Power Ux Customization

Product Recovery Disc Burning Utility

Registry patch for Windows Vista USB S3 PM Enablement

Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista

Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

Registry patch to improve USB device detection on resume from sleep for Windows Vista

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Skype™ 5.5

Sonic Icons for Lenovo

Spybot - Search & Destroy

System Update

ThinkPad Hotkey Features Setup

ThinkVantage Access Connections

ThinkVantage Status Gadget

ThinkVantage Technologies Welcome Message

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Wallpapers

Windows Live Toolbar

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

12/22/2011 11:03:43 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

12/22/2011 10:41:09 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

12/22/2011 10:41:09 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

12/22/2011 10:41:09 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/22/2011 10:41:04 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/22/2011 1:13:37 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/22/2011 1:13:23 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 54-42-49-45-E8-73. Network operations on this system may be disrupted as a result.

12/21/2011 2:44:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2011 2:28:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/21/2011 2:28:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/21/2011 2:28:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/21/2011 2:28:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/21/2011 2:28:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/21/2011 2:28:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/21/2011 2:28:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/21/2011 2:28:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 1:19:44 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

12/17/2011 2:06:04 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

12/17/2011 2:06:04 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

12/15/2011 3:00:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

12/15/2011 3:00:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

.

==== End Of File ===========================

Here is the DDs Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30

Run by Austen at 13:23:30 on 2011-12-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.1533 [GMT -8:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Lenovo\PMDriver\PMSveH.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Lenovo\PMDriver\PMHandler.exe

C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\System32\perfmon.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://lenovo.live.com

uStart Page = hxxp://lenovo.live.com

mDefault_Page_URL = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"

mRun: [smartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c

mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe

mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHAND~1.EXE

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 12.151.47.3 69.60.160.196

TCP: Interfaces\{1EA82365-E09D-4ED7-96E7-A63076DB3036} : DhcpNameServer = 12.151.47.3 69.60.160.196

TCP: Interfaces\{1EA82365-E09D-4ED7-96E7-A63076DB3036}\2375942554639313 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{1EA82365-E09D-4ED7-96E7-A63076DB3036}\75966496253555F58336 : DhcpNameServer = 192.168.15.1

TCP: Interfaces\{1EA82365-E09D-4ED7-96E7-A63076DB3036}\C696E6B6379737 : DhcpNameServer = 192.168.20.1

TCP: Interfaces\{1EA82365-E09D-4ED7-96E7-A63076DB3036}\E4564776561627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7EBCD6C6-343E-4346-9CE8-822F35CF228B} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\austen\appdata\roaming\mozilla\firefox\profiles\lw3ugve8.default\

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2011-6-30 49472]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-10 54560]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-10 53325]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-8 855904]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-6-30 112128]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-6-30 97536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-30 1153368]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-30 1025352]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-12-19 20080]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-10 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-5 1343400]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-12-21 11:19:12 -------- d-----w- c:\users\austen\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-12-16 09:12:12 388096 ----a-r- c:\users\austen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-16 09:12:12 -------- d-----w- c:\program files\Trend Micro

2011-12-14 01:42:30 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-12-13 21:41:10 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-12-13 21:41:04 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 21:40:58 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-12-13 21:40:56 38912 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-13 21:40:54 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-13 21:40:53 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-09 01:19:04 -------- d-----w- c:\programdata\AVG Secure Search

.

==================== Find3M ====================

.

2011-11-29 16:47:02 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-10 13:54:13 472808 ------w- c:\windows\system32\deployJava1.dll

2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-07 13:23:48 230608 ------w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 13:21:28 16720 ------w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

============= FINISH: 13:24:30.77 ===============

Link to post
Share on other sites

Here is the log:

13:38:55.0838 5344 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27

13:38:56.0872 5344 ============================================================

13:38:56.0872 5344 Current date / time: 2011/12/22 13:38:56.0872

13:38:56.0872 5344 SystemInfo:

13:38:56.0872 5344

13:38:56.0872 5344 OS Version: 6.1.7601 ServicePack: 1.0

13:38:56.0872 5344 Product type: Workstation

13:38:56.0872 5344 ComputerName: AUSTEN-PC

13:38:56.0873 5344 UserName: Austen

13:38:56.0873 5344 Windows directory: C:\Windows

13:38:56.0873 5344 System windows directory: C:\Windows

13:38:56.0873 5344 Processor architecture: Intel x86

13:38:56.0873 5344 Number of processors: 2

13:38:56.0873 5344 Page size: 0x1000

13:38:56.0873 5344 Boot type: Normal boot

13:38:56.0873 5344 ============================================================

13:38:58.0787 5344 Initialize success

13:39:46.0799 1416 ============================================================

13:39:46.0799 1416 Scan started

13:39:46.0799 1416 Mode: Manual; SigCheck; TDLFS;

13:39:46.0799 1416 ============================================================

13:39:48.0281 1416 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

13:39:48.0434 1416 1394ohci - ok

13:39:48.0567 1416 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

13:39:48.0597 1416 ACPI - ok

13:39:48.0656 1416 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

13:39:48.0799 1416 AcpiPmi - ok

13:39:48.0922 1416 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

13:39:48.0966 1416 adp94xx - ok

13:39:49.0041 1416 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

13:39:49.0072 1416 adpahci - ok

13:39:49.0145 1416 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

13:39:49.0169 1416 adpu320 - ok

13:39:49.0239 1416 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

13:39:49.0352 1416 AFD - ok

13:39:49.0438 1416 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

13:39:49.0460 1416 agp440 - ok

13:39:49.0531 1416 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

13:39:49.0553 1416 aic78xx - ok

13:39:49.0658 1416 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

13:39:49.0678 1416 aliide - ok

13:39:49.0725 1416 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

13:39:49.0768 1416 amdagp - ok

13:39:49.0794 1416 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

13:39:49.0815 1416 amdide - ok

13:39:49.0911 1416 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

13:39:49.0974 1416 AmdK8 - ok

13:39:50.0109 1416 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

13:39:50.0151 1416 AmdPPM - ok

13:39:50.0209 1416 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

13:39:50.0231 1416 amdsata - ok

13:39:50.0326 1416 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

13:39:50.0352 1416 amdsbs - ok

13:39:50.0399 1416 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

13:39:50.0419 1416 amdxata - ok

13:39:50.0519 1416 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\Windows\system32\DRIVERS\Apfiltr.sys

13:39:50.0592 1416 ApfiltrService - ok

13:39:50.0653 1416 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

13:39:50.0722 1416 AppID - ok

13:39:50.0902 1416 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

13:39:50.0925 1416 arc - ok

13:39:50.0959 1416 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

13:39:50.0982 1416 arcsas - ok

13:39:51.0102 1416 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

13:39:51.0283 1416 AsyncMac - ok

13:39:51.0408 1416 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

13:39:51.0428 1416 atapi - ok

13:39:51.0549 1416 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

13:39:51.0569 1416 AVGIDSDriver - ok

13:39:51.0610 1416 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

13:39:51.0625 1416 AVGIDSEH - ok

13:39:51.0645 1416 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

13:39:51.0694 1416 AVGIDSFilter - ok

13:39:51.0808 1416 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

13:39:51.0822 1416 AVGIDSShim - ok

13:39:51.0870 1416 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys

13:39:51.0891 1416 Avgldx86 - ok

13:39:51.0996 1416 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys

13:39:52.0011 1416 Avgmfx86 - ok

13:39:52.0068 1416 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys

13:39:52.0085 1416 Avgrkx86 - ok

13:39:52.0232 1416 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys

13:39:52.0390 1416 Avgtdix - ok

13:39:52.0539 1416 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

13:39:52.0613 1416 b06bdrv - ok

13:39:52.0784 1416 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

13:39:52.0825 1416 b57nd60x - ok

13:39:53.0046 1416 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys

13:39:53.0168 1416 BCM43XX - ok

13:39:53.0416 1416 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

13:39:53.0501 1416 Beep - ok

13:39:53.0554 1416 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

13:39:53.0613 1416 blbdrive - ok

13:39:53.0733 1416 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

13:39:53.0770 1416 bowser - ok

13:39:53.0830 1416 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:39:53.0970 1416 BrFiltLo - ok

13:39:54.0084 1416 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:39:54.0158 1416 BrFiltUp - ok

13:39:54.0296 1416 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

13:39:54.0378 1416 Brserid - ok

13:39:54.0414 1416 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

13:39:54.0461 1416 BrSerWdm - ok

13:39:54.0558 1416 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:39:54.0619 1416 BrUsbMdm - ok

13:39:54.0685 1416 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

13:39:54.0740 1416 BrUsbSer - ok

13:39:54.0858 1416 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

13:39:54.0906 1416 BTHMODEM - ok

13:39:55.0148 1416 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

13:39:55.0235 1416 cdfs - ok

13:39:55.0357 1416 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

13:39:55.0399 1416 cdrom - ok

13:39:55.0557 1416 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

13:39:55.0614 1416 circlass - ok

13:39:55.0754 1416 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

13:39:55.0784 1416 CLFS - ok

13:39:55.0901 1416 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

13:39:55.0950 1416 CmBatt - ok

13:39:56.0002 1416 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

13:39:56.0029 1416 cmdide - ok

13:39:56.0068 1416 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

13:39:56.0108 1416 CNG - ok

13:39:56.0197 1416 CnxtHdAudService (8b7a0ce6613f991359ff95212900396c) C:\Windows\system32\drivers\CHDRT32.sys

13:39:56.0298 1416 CnxtHdAudService - ok

13:39:56.0389 1416 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

13:39:56.0410 1416 Compbatt - ok

13:39:56.0471 1416 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

13:39:56.0516 1416 CompositeBus - ok

13:39:56.0614 1416 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

13:39:56.0636 1416 crcdisk - ok

13:39:56.0743 1416 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) C:\Windows\system32\DRIVERS\dc3d.sys

13:39:56.0762 1416 dc3d - ok

13:39:56.0878 1416 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

13:39:56.0921 1416 DfsC - ok

13:39:56.0992 1416 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

13:39:57.0053 1416 discache - ok

13:39:57.0257 1416 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

13:39:57.0290 1416 Disk - ok

13:39:57.0401 1416 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS

13:39:57.0418 1416 DLABMFSM - ok

13:39:57.0466 1416 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS

13:39:57.0482 1416 DLABOIOM - ok

13:39:57.0555 1416 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS

13:39:57.0570 1416 DLACDBHM - ok

13:39:57.0643 1416 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS

13:39:57.0657 1416 DLADResM - ok

13:39:57.0703 1416 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS

13:39:57.0720 1416 DLAIFS_M - ok

13:39:57.0762 1416 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS

13:39:57.0777 1416 DLAOPIOM - ok

13:39:57.0867 1416 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS

13:39:57.0882 1416 DLAPoolM - ok

13:39:57.0938 1416 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS

13:39:57.0954 1416 DLARTL_M - ok

13:39:58.0065 1416 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS

13:39:58.0082 1416 DLAUDFAM - ok

13:39:58.0130 1416 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS

13:39:58.0148 1416 DLAUDF_M - ok

13:39:58.0296 1416 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

13:39:58.0330 1416 drmkaud - ok

13:39:58.0391 1416 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS

13:39:58.0409 1416 DRVMCDB - ok

13:39:58.0568 1416 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS

13:39:58.0599 1416 DRVNDDM - ok

13:39:58.0703 1416 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

13:39:58.0750 1416 DXGKrnl - ok

13:39:59.0003 1416 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

13:39:59.0230 1416 ebdrv - ok

13:39:59.0406 1416 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

13:39:59.0443 1416 elxstor - ok

13:39:59.0492 1416 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

13:39:59.0550 1416 ErrDev - ok

13:39:59.0682 1416 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

13:39:59.0727 1416 exfat - ok

13:39:59.0758 1416 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

13:39:59.0831 1416 fastfat - ok

13:39:59.0940 1416 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

13:39:59.0977 1416 fdc - ok

13:40:00.0016 1416 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

13:40:00.0031 1416 FileInfo - ok

13:40:00.0050 1416 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

13:40:00.0138 1416 Filetrace - ok

13:40:00.0252 1416 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

13:40:00.0285 1416 flpydisk - ok

13:40:00.0528 1416 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

13:40:00.0547 1416 FltMgr - ok

13:40:00.0644 1416 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

13:40:00.0666 1416 FsDepends - ok

13:40:00.0683 1416 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

13:40:00.0704 1416 Fs_Rec - ok

13:40:00.0745 1416 funfrm (000b97efe617d05f197420e4112dc8a8) C:\Windows\system32\drivers\funfrm.sys

13:40:00.0772 1416 funfrm ( UnsignedFile.Multi.Generic ) - warning

13:40:00.0772 1416 funfrm - detected UnsignedFile.Multi.Generic (1)

13:40:00.0951 1416 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

13:40:00.0982 1416 fvevol - ok

13:40:01.0069 1416 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:40:01.0125 1416 gagp30kx - ok

13:40:01.0193 1416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:40:01.0209 1416 GEARAspiWDM - ok

13:40:01.0252 1416 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

13:40:01.0327 1416 hcw85cir - ok

13:40:01.0465 1416 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

13:40:01.0513 1416 HDAudBus - ok

13:40:01.0585 1416 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

13:40:01.0632 1416 HidBatt - ok

13:40:01.0743 1416 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

13:40:01.0788 1416 HidBth - ok

13:40:01.0849 1416 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

13:40:01.0899 1416 HidIr - ok

13:40:02.0050 1416 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

13:40:02.0135 1416 HidUsb - ok

13:40:02.0296 1416 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

13:40:02.0321 1416 HpSAMD - ok

13:40:02.0403 1416 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys

13:40:02.0550 1416 HSF_DPV - ok

13:40:02.0668 1416 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

13:40:02.0707 1416 HSXHWAZL - ok

13:40:02.0808 1416 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

13:40:02.0892 1416 HTTP - ok

13:40:02.0984 1416 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

13:40:03.0005 1416 hwpolicy - ok

13:40:03.0114 1416 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

13:40:03.0156 1416 i8042prt - ok

13:40:03.0281 1416 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

13:40:03.0314 1416 iaStorV - ok

13:40:03.0685 1416 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys

13:40:04.0047 1416 igfx - ok

13:40:04.0142 1416 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

13:40:04.0235 1416 iirsp - ok

13:40:04.0290 1416 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys

13:40:04.0332 1416 IntcHdmiAddService - ok

13:40:04.0428 1416 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

13:40:04.0449 1416 intelide - ok

13:40:04.0496 1416 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

13:40:04.0539 1416 intelppm - ok

13:40:04.0576 1416 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:40:04.0627 1416 IpFilterDriver - ok

13:40:04.0723 1416 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

13:40:04.0797 1416 IPMIDRV - ok

13:40:04.0847 1416 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

13:40:04.0918 1416 IPNAT - ok

13:40:05.0078 1416 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

13:40:05.0149 1416 IRENUM - ok

13:40:05.0272 1416 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

13:40:05.0312 1416 isapnp - ok

13:40:05.0356 1416 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

13:40:05.0382 1416 iScsiPrt - ok

13:40:05.0505 1416 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys

13:40:05.0585 1416 JMCR - ok

13:40:05.0699 1416 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:40:05.0721 1416 kbdclass - ok

13:40:05.0828 1416 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

13:40:05.0867 1416 kbdhid - ok

13:40:05.0957 1416 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

13:40:05.0981 1416 KSecDD - ok

13:40:06.0089 1416 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

13:40:06.0116 1416 KSecPkg - ok

13:40:06.0211 1416 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys

13:40:06.0232 1416 lenovo.smi - ok

13:40:06.0403 1416 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

13:40:06.0464 1416 lltdio - ok

13:40:06.0540 1416 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:40:06.0567 1416 LSI_FC - ok

13:40:06.0691 1416 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:40:06.0715 1416 LSI_SAS - ok

13:40:06.0774 1416 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:40:06.0796 1416 LSI_SAS2 - ok

13:40:06.0892 1416 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:40:06.0917 1416 LSI_SCSI - ok

13:40:06.0984 1416 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

13:40:07.0053 1416 luafv - ok

13:40:07.0222 1416 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:40:07.0253 1416 mdmxsdk - ok

13:40:07.0360 1416 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

13:40:07.0382 1416 megasas - ok

13:40:07.0491 1416 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

13:40:07.0519 1416 MegaSR - ok

13:40:07.0606 1416 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

13:40:07.0675 1416 Modem - ok

13:40:07.0803 1416 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

13:40:07.0845 1416 monitor - ok

13:40:07.0984 1416 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

13:40:08.0005 1416 mouclass - ok

13:40:08.0080 1416 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

13:40:08.0127 1416 mouhid - ok

13:40:08.0279 1416 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

13:40:08.0302 1416 mountmgr - ok

13:40:08.0362 1416 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

13:40:08.0387 1416 mpio - ok

13:40:08.0531 1416 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

13:40:08.0601 1416 mpsdrv - ok

13:40:08.0676 1416 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

13:40:08.0776 1416 MRxDAV - ok

13:40:08.0866 1416 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:40:08.0928 1416 mrxsmb - ok

13:40:09.0100 1416 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:40:09.0130 1416 mrxsmb10 - ok

13:40:09.0188 1416 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:40:09.0227 1416 mrxsmb20 - ok

13:40:09.0331 1416 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

13:40:09.0351 1416 msahci - ok

13:40:09.0390 1416 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

13:40:09.0420 1416 msdsm - ok

13:40:09.0482 1416 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

13:40:09.0525 1416 Msfs - ok

13:40:09.0630 1416 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

13:40:09.0674 1416 mshidkmdf - ok

13:40:09.0719 1416 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

13:40:09.0738 1416 msisadrv - ok

13:40:09.0860 1416 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

13:40:09.0932 1416 MSKSSRV - ok

13:40:09.0978 1416 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

13:40:10.0049 1416 MSPCLOCK - ok

13:40:10.0135 1416 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

13:40:10.0201 1416 MSPQM - ok

13:40:10.0250 1416 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

13:40:10.0276 1416 MsRPC - ok

13:40:10.0335 1416 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

13:40:10.0355 1416 mssmbios - ok

13:40:10.0470 1416 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

13:40:10.0544 1416 MSTEE - ok

13:40:10.0651 1416 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

13:40:10.0697 1416 MTConfig - ok

13:40:10.0804 1416 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

13:40:10.0825 1416 Mup - ok

13:40:10.0911 1416 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

13:40:10.0957 1416 NativeWifiP - ok

13:40:11.0088 1416 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

13:40:11.0129 1416 NDIS - ok

13:40:11.0220 1416 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

13:40:11.0271 1416 NdisCap - ok

13:40:11.0325 1416 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

13:40:11.0385 1416 NdisTapi - ok

13:40:11.0475 1416 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

13:40:11.0536 1416 Ndisuio - ok

13:40:11.0561 1416 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

13:40:11.0611 1416 NdisWan - ok

13:40:11.0691 1416 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

13:40:11.0748 1416 NDProxy - ok

13:40:11.0815 1416 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

13:40:11.0904 1416 NetBIOS - ok

13:40:11.0985 1416 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

13:40:12.0067 1416 NetBT - ok

13:40:12.0221 1416 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

13:40:12.0243 1416 nfrd960 - ok

13:40:12.0383 1416 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

13:40:12.0457 1416 Npfs - ok

13:40:12.0523 1416 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

13:40:12.0589 1416 nsiproxy - ok

13:40:12.0766 1416 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

13:40:12.0831 1416 Ntfs - ok

13:40:12.0955 1416 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

13:40:13.0012 1416 Null - ok

13:40:13.0074 1416 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

13:40:13.0098 1416 nvraid - ok

13:40:13.0226 1416 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

13:40:13.0252 1416 nvstor - ok

13:40:13.0299 1416 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

13:40:13.0314 1416 nv_agp - ok

13:40:13.0369 1416 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

13:40:13.0419 1416 ohci1394 - ok

13:40:13.0554 1416 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

13:40:13.0581 1416 Parport - ok

13:40:13.0621 1416 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

13:40:13.0644 1416 partmgr - ok

13:40:13.0667 1416 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

13:40:13.0735 1416 Parvdm - ok

13:40:13.0848 1416 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys

13:40:13.0869 1416 pbfilter - ok

13:40:13.0956 1416 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

13:40:13.0982 1416 pci - ok

13:40:14.0037 1416 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

13:40:14.0060 1416 pciide - ok

13:40:14.0095 1416 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

13:40:14.0123 1416 pcmcia - ok

13:40:14.0213 1416 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

13:40:14.0268 1416 pcw - ok

13:40:14.0313 1416 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

13:40:14.0413 1416 PEAUTH - ok

13:40:14.0622 1416 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys

13:40:14.0639 1416 Point32 - ok

13:40:14.0713 1416 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

13:40:14.0780 1416 PptpMiniport - ok

13:40:14.0884 1416 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

13:40:14.0928 1416 Processor - ok

13:40:15.0044 1416 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys

13:40:15.0061 1416 psadd - ok

13:40:15.0137 1416 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

13:40:15.0221 1416 Psched - ok

13:40:15.0393 1416 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

13:40:15.0429 1416 PxHelp20 - ok

13:40:15.0543 1416 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

13:40:15.0636 1416 ql2300 - ok

13:40:15.0823 1416 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

13:40:15.0848 1416 ql40xx - ok

13:40:15.0897 1416 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

13:40:15.0928 1416 QWAVEdrv - ok

13:40:15.0950 1416 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

13:40:16.0021 1416 RasAcd - ok

13:40:16.0096 1416 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:40:16.0159 1416 RasAgileVpn - ok

13:40:16.0220 1416 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:40:16.0315 1416 Rasl2tp - ok

13:40:16.0418 1416 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

13:40:16.0494 1416 RasPppoe - ok

13:40:16.0579 1416 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

13:40:16.0645 1416 RasSstp - ok

13:40:16.0731 1416 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

13:40:16.0807 1416 rdbss - ok

13:40:16.0872 1416 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

13:40:16.0919 1416 rdpbus - ok

13:40:17.0014 1416 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:40:17.0094 1416 RDPCDD - ok

13:40:17.0215 1416 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

13:40:17.0282 1416 RDPENCDD - ok

13:40:17.0432 1416 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

13:40:17.0490 1416 RDPREFMP - ok

13:40:17.0683 1416 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

13:40:17.0780 1416 RDPWD - ok

13:40:17.0905 1416 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

13:40:17.0932 1416 rdyboost - ok

13:40:18.0089 1416 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

13:40:18.0151 1416 rspndr - ok

13:40:18.0235 1416 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

13:40:18.0259 1416 sbp2port - ok

13:40:18.0361 1416 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

13:40:18.0418 1416 scfilter - ok

13:40:18.0474 1416 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:40:18.0543 1416 secdrv - ok

13:40:18.0650 1416 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

13:40:18.0704 1416 Serenum - ok

13:40:18.0746 1416 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

13:40:18.0787 1416 Serial - ok

13:40:18.0875 1416 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

13:40:18.0920 1416 sermouse - ok

13:40:18.0993 1416 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

13:40:19.0022 1416 sffdisk - ok

13:40:19.0157 1416 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

13:40:19.0203 1416 sffp_mmc - ok

13:40:19.0297 1416 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

13:40:19.0337 1416 sffp_sd - ok

13:40:19.0428 1416 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

13:40:19.0465 1416 sfloppy - ok

13:40:19.0609 1416 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

13:40:19.0631 1416 sisagp - ok

13:40:19.0692 1416 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:40:19.0715 1416 SiSRaid2 - ok

13:40:19.0902 1416 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

13:40:19.0947 1416 SiSRaid4 - ok

13:40:20.0107 1416 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

13:40:20.0158 1416 Smb - ok

13:40:20.0296 1416 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

13:40:20.0318 1416 spldr - ok

13:40:20.0537 1416 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

13:40:20.0614 1416 srv - ok

13:40:20.0707 1416 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

13:40:20.0737 1416 srv2 - ok

13:40:20.0800 1416 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

13:40:20.0844 1416 srvnet - ok

13:40:20.0967 1416 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

13:40:20.0989 1416 stexstor - ok

13:40:21.0142 1416 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

13:40:21.0164 1416 swenum - ok

13:40:21.0440 1416 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

13:40:21.0510 1416 Tcpip - ok

13:40:21.0695 1416 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

13:40:21.0740 1416 TCPIP6 - ok

13:40:21.0831 1416 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

13:40:21.0901 1416 tcpipreg - ok

13:40:22.0123 1416 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

13:40:22.0228 1416 TDPIPE - ok

13:40:22.0376 1416 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

13:40:22.0448 1416 TDTCP - ok

13:40:22.0541 1416 tdx (cca7b5c53ff9d771bc67dacf96d9bdb8) C:\Windows\system32\DRIVERS\tdx.sys

13:40:22.0590 1416 tdx ( UnsignedFile.Multi.Generic ) - warning

13:40:22.0591 1416 tdx - detected UnsignedFile.Multi.Generic (1)

13:40:22.0682 1416 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

13:40:22.0706 1416 TermDD - ok

13:40:22.0894 1416 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:40:22.0954 1416 tssecsrv - ok

13:40:23.0007 1416 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

13:40:23.0075 1416 TsUsbFlt - ok

13:40:23.0203 1416 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

13:40:23.0261 1416 tunnel - ok

13:40:23.0299 1416 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

13:40:23.0314 1416 uagp35 - ok

13:40:23.0435 1416 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

13:40:23.0510 1416 udfs - ok

13:40:23.0688 1416 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

13:40:23.0736 1416 uliagpkx - ok

13:40:23.0844 1416 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

13:40:23.0887 1416 umbus - ok

13:40:23.0985 1416 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

13:40:24.0032 1416 UmPass - ok

13:40:24.0118 1416 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

13:40:24.0153 1416 usbccgp - ok

13:40:24.0329 1416 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

13:40:24.0359 1416 usbcir - ok

13:40:24.0389 1416 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

13:40:24.0434 1416 usbehci - ok

13:40:24.0608 1416 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

13:40:24.0638 1416 usbhub - ok

13:40:24.0728 1416 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

13:40:24.0773 1416 usbohci - ok

13:40:24.0875 1416 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

13:40:24.0924 1416 usbprint - ok

13:40:25.0004 1416 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

13:40:25.0077 1416 usbscan - ok

13:40:25.0188 1416 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:40:25.0327 1416 USBSTOR - ok

13:40:25.0431 1416 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

13:40:25.0456 1416 usbuhci - ok

13:40:25.0541 1416 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

13:40:25.0626 1416 usbvideo - ok

13:40:25.0773 1416 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

13:40:25.0796 1416 vdrvroot - ok

13:40:25.0860 1416 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

13:40:25.0917 1416 vga - ok

13:40:26.0018 1416 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

13:40:26.0069 1416 VgaSave - ok

13:40:26.0140 1416 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

13:40:26.0167 1416 vhdmp - ok

13:40:26.0297 1416 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

13:40:26.0324 1416 viaagp - ok

13:40:26.0386 1416 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

13:40:26.0431 1416 ViaC7 - ok

13:40:26.0528 1416 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

13:40:26.0563 1416 viaide - ok

13:40:26.0638 1416 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

13:40:26.0659 1416 volmgr - ok

13:40:26.0782 1416 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

13:40:26.0812 1416 volmgrx - ok

13:40:26.0867 1416 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

13:40:26.0896 1416 volsnap - ok

13:40:27.0038 1416 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

13:40:27.0066 1416 vsmraid - ok

13:40:27.0204 1416 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

13:40:27.0284 1416 vwifibus - ok

13:40:27.0571 1416 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

13:40:27.0605 1416 vwififlt - ok

13:40:27.0662 1416 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

13:40:27.0697 1416 WacomPen - ok

13:40:27.0791 1416 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:40:27.0832 1416 WANARP - ok

13:40:27.0837 1416 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:40:27.0870 1416 Wanarpv6 - ok

13:40:27.0947 1416 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

13:40:27.0962 1416 Wd - ok

13:40:28.0071 1416 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

13:40:28.0163 1416 WDC_SAM - ok

13:40:28.0294 1416 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:40:28.0333 1416 Wdf01000 - ok

13:40:28.0514 1416 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

13:40:28.0565 1416 WfpLwf - ok

13:40:28.0628 1416 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

13:40:28.0653 1416 WimFltr - ok

13:40:28.0790 1416 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

13:40:28.0813 1416 WIMMount - ok

13:40:28.0890 1416 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:40:28.0930 1416 winachsf - ok

13:40:29.0094 1416 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

13:40:29.0125 1416 WinUsb - ok

13:40:29.0170 1416 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

13:40:29.0216 1416 WmiAcpi - ok

13:40:29.0381 1416 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

13:40:29.0453 1416 ws2ifsl - ok

13:40:29.0640 1416 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

13:40:29.0703 1416 WudfPf - ok

13:40:29.0910 1416 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:40:29.0977 1416 WUDFRd - ok

13:40:30.0085 1416 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

13:40:30.0165 1416 XAudio - ok

13:40:30.0218 1416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:40:30.0311 1416 \Device\Harddisk0\DR0 - ok

13:40:30.0313 1416 Boot (0x1200) (1ee06d453b577347c09dbf0a45c3c933) \Device\Harddisk0\DR0\Partition0

13:40:30.0315 1416 \Device\Harddisk0\DR0\Partition0 - ok

13:40:30.0349 1416 Boot (0x1200) (75814b5f7bee7835610cbe0c0b3d0209) \Device\Harddisk0\DR0\Partition1

13:40:30.0350 1416 \Device\Harddisk0\DR0\Partition1 - ok

13:40:30.0402 1416 Boot (0x1200) (9e897ba980548eae22f1048874283385) \Device\Harddisk0\DR0\Partition2

13:40:30.0448 1416 \Device\Harddisk0\DR0\Partition2 - ok

13:40:30.0450 1416 ============================================================

13:40:30.0450 1416 Scan finished

13:40:30.0450 1416 ============================================================

13:40:30.0472 5116 Detected object count: 2

13:40:30.0472 5116 Actual detected object count: 2

13:40:50.0043 5116 funfrm ( UnsignedFile.Multi.Generic ) - skipped by user

13:40:50.0043 5116 funfrm ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:40:50.0044 5116 tdx ( UnsignedFile.Multi.Generic ) - skipped by user

13:40:50.0044 5116 tdx ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Farbar Service Scanner

Ran by Austen (administrator) on 22-12-2011 at 15:08:37

Windows 7 Home Premium Service Pack 1 (X86)

************************************************

================== Search: "tdx.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

[2009-07-13 15:12] - [2009-07-13 15:12] - 0074240 ____A (Microsoft Corporation) CB39E896A2A83702D1737BFD402B3542

====== End Of Search ======

Austen

Link to post
Share on other sites

OK...Good

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Here is the Combofix Log:

ComboFix 11-12-23.01 - Austen 12/23/2011 16:12:19.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2199 [GMT -8:00]

Running from: c:\users\Austen\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\126286f2l228e818f077w0jcy6l8

c:\programdata\PCDr\5849\AddOnDownloaded\070ba803-49f8-4fe7-8a18-40930827162f.dll

c:\programdata\PCDr\5849\AddOnDownloaded\2d662263-8349-40fc-8bca-552cc5d7cfda.dll

c:\programdata\PCDr\5849\AddOnDownloaded\a2010314-d0e4-41be-bfeb-ca5bf837f119.dll

c:\programdata\PCDr\5849\AddOnDownloaded\d97b7615-5719-44f8-a032-b5cae54a0299.dll

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico

c:\users\Austen\AppData\Local\grlx.exe

c:\users\Austen\AppData\Local\nhqk.exe

c:\users\Austen\AppData\Local\nvlq.exe

c:\users\Austen\AppData\Local\xwsg.exe

c:\users\Austen\AppData\Roaming\Microsoft\Windows\Templates\126286f2l228e818f077w0jcy6l8

c:\windows\$NtUninstallKB49032$

c:\windows\$NtUninstallKB49032$\2171912654

c:\windows\$NtUninstallKB49032$\2812614701\@

c:\windows\$NtUninstallKB49032$\2812614701\bckfg.tmp

c:\windows\$NtUninstallKB49032$\2812614701\cfg.ini

c:\windows\$NtUninstallKB49032$\2812614701\Desktop.ini

c:\windows\$NtUninstallKB49032$\2812614701\keywords

c:\windows\$NtUninstallKB49032$\2812614701\kwrd.dll

c:\windows\$NtUninstallKB49032$\2812614701\L\omgbrntc

c:\windows\$NtUninstallKB49032$\2812614701\lsflt7.ver

c:\windows\$NtUninstallKB49032$\2812614701\U\00000001.@

c:\windows\$NtUninstallKB49032$\2812614701\U\00000002.@

c:\windows\$NtUninstallKB49032$\2812614701\U\00000004.@

c:\windows\$NtUninstallKB49032$\2812614701\U\80000000.@

c:\windows\$NtUninstallKB49032$\2812614701\U\80000004.@

c:\windows\$NtUninstallKB49032$\2812614701\U\80000032.@

c:\windows\system32\Thumbs.db

Q:\Autorun.inf

S:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))

.

.

2011-12-23 22:27 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys

2011-12-21 11:19 . 2011-12-21 11:19 -------- d-----w- c:\users\Austen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-12-16 09:12 . 2011-12-16 09:12 388096 ----a-r- c:\users\Austen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-16 09:12 . 2011-12-16 09:12 -------- d-----w- c:\program files\Trend Micro

2011-12-14 01:45 . 2011-12-14 01:45 -------- d-----w- c:\program files\Common Files\Java

2011-12-14 01:42 . 2011-11-10 13:54 476904 ----a-w- c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll

2011-12-13 21:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-12-13 21:41 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 21:40 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-12-13 21:40 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-13 21:40 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-13 21:40 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-29 16:47 . 2011-07-11 23:34 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-10 13:54 . 2011-06-30 22:47 472808 ------w- c:\windows\system32\deployJava1.dll

2011-09-29 16:03 . 2011-11-09 03:43 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 04:59 . 2011-06-30 22:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]

"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]

"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]

"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-06 1343400]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

S1 funfrm;funfrm; [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2008-03-14 54560]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-08-08 53325]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

.

2011-11-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

2011-12-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://lenovo.live.com

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 12.151.47.3 69.60.160.196

FF - ProfilePath - c:\users\Austen\AppData\Roaming\Mozilla\Firefox\Profiles\lw3ugve8.default\

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3344)

c:\program files\Lenovo\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Lenovo\PMDriver\PMSveH.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\windows\system32\conhost.exe

c:\program files\Lenovo\PMDriver\PMHandler.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\program files\Lenovo\System Update\SUService.exe

.

**************************************************************************

.

Completion time: 2011-12-23 16:25:42 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-24 00:25

.

Pre-Run: 39,236,698,112 bytes free

Post-Run: 39,212,425,216 bytes free

.

- - End Of File - - A80AD9DC41CA9C8BD55D91EB964D7C53

Thanks, Austen

Link to post
Share on other sites

MrC, the scan came back with 0 infections, here is the report:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122402

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

12/24/2011 3:31:40 AM

mbam-log-2011-12-24 (03-31-40).txt

Scan type: Quick scan

Objects scanned: 165162

Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Great :)

Please uninstall ComboFix:

Click on the Start button and then in the Search field enter combofix /uninstall

Please note that there is a space between combofix and /uninstall.

Once you have typed this in, press Enter on your Keyboard.

A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

You can now delete the ComboFix.exe program from your computer.

ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

---------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.