Jump to content

Google Redirect Virus / Popups


Recommended Posts

Hi,

Looking for some expert help to remove the google redirect virus from computer. My searches in google get redirected to other websites like gimmeanswers etc. Also, there are some pop us problems (channel 7/9 news etc). I have tried a lot of malware removal programs but to no avail. Hopefully, one of the more expert helpers here can save my and my computer's soul. My DDS Logs are follows - also please let me know what other information I can provide.

DDS.txt Log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Administrator at 16:51:18 on 2012-01-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4555 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

uRun: [AdobeBridge]

uRun: [Octoshape Streaming Services] "C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Microsoft Security Essentials] C:\Users\Administrator\AppData\Roaming\MsEss.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: mswsock.dll

Trusted Zone: newstarfin.com\citrix

Trusted Zone: rbc.com

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} - hxxps://remote-occ.rbc.com/nortel_cacheable/punblock.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0327DDAA-84DF-4EEB-87D4-2C23F1228C06} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A42449D9-266C-4427-90B3-2EA69E3711E7} : DhcpNameServer = 192.168.0.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: ulbrnii - C:\Windows\system32\config\systemprofile\AppData\Local\ulbrnii.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Defender BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

mRun-x64: [Microsoft Security Essentials] C:\Users\Administrator\AppData\Roaming\MsEss.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cvba2fr7.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]

R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]

R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]

R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-12-25 337872]

R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]

R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-5 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-31 652872]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 pctNdisMP;PC Tools Driver;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]

R3 radpms;Driver for RADPMS Device;C:\Windows\system32\DRIVERS\radpms.sys --> C:\Windows\system32\DRIVERS\radpms.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-12-31 21712]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]

S3 pctplfw;pctplfw;\??\C:\Windows\System32\drivers\pctplfw64.sys --> C:\Windows\System32\drivers\pctplfw64.sys [?]

S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-12-25 371472]

S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-12-25 1117144]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]

S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-09 06:00:51 -------- d-----w- C:\Users\Administrator\AppData\Local\Deployment

2012-01-07 16:58:04 -------- d-----r- C:\Program Files (x86)\Skype

2012-01-01 03:03:30 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes

2012-01-01 03:03:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-01 03:03:25 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-01 03:03:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-01 02:47:04 -------- d-----w- C:\ProgramData\Citrix

2012-01-01 02:46:27 -------- d-----w- C:\Program Files (x86)\Citrix

2012-01-01 02:38:36 -------- d-----w- C:\Windows\System32\appmgmt

2012-01-01 02:03:24 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2012-01-01 02:03:24 -------- d-----w- C:\Users\Administrator\AppData\Local\eSupport.com

2011-12-31 21:31:01 -------- d-----w- C:\Users\Administrator\AppData\Local\CrashDumps

2011-12-31 18:52:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com

2011-12-31 18:52:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-12-31 18:31:29 -------- d-----w- C:\Users\Administrator\AppData\Local\NPE

2011-12-31 18:31:29 -------- d-----w- C:\ProgramData\Norton

2011-12-30 15:44:54 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple

2011-12-26 07:00:00 -------- d-----w- C:\Users\Administrator\AppData\Local\Adobe

2011-12-26 06:12:55 -------- d-----w- C:\Users\Administrator\AppData\Local\Threat Expert

2011-12-26 06:12:33 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple Computer

2011-12-26 01:12:20 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PCToolsFirewallPlus

2011-12-26 01:12:19 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Spam Monitor

2011-12-26 01:11:03 180488 ----a-w- C:\Windows\System32\drivers\pctplfw64.sys

2011-12-26 01:10:56 77784 ----a-w- C:\Windows\System32\drivers\pctNdis64.sys

2011-12-26 01:10:55 42968 ----a-w- C:\Windows\System32\drivers\pctNdis-DNS64.sys

2011-12-26 01:10:55 119688 ----a-w- C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys

2011-12-26 01:09:56 74824 --s---w- C:\Windows\System32\drivers\TfSysMon.sys

2011-12-26 01:09:56 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys

2011-12-26 01:09:56 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys

2011-12-26 00:57:26 287304 ----a-w- C:\Windows\System32\drivers\TrufosAlt.sys

2011-12-26 00:44:42 767952 ----a-w- C:\Windows\BDTSupport.dll

2011-12-26 00:44:41 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2011-12-26 00:44:40 2029520 ----a-w- C:\Windows\PCTBDCore.dll

2011-12-26 00:44:40 1533904 ----a-w- C:\Windows\PCTBDRes.dll

2011-12-26 00:43:53 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2011-12-26 00:43:53 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2011-12-26 00:43:51 337048 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2011-12-26 00:43:51 143896 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2011-12-26 00:43:50 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2011-12-26 00:43:49 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2011-12-26 00:43:48 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2011-12-26 00:43:38 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-12-26 00:43:38 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-12-26 00:18:23 -------- d-----w- C:\ProgramData\PC Tools

2011-12-26 00:07:51 2 --shatr- C:\Windows\winstart.bat

2011-12-26 00:07:47 -------- d-----w- C:\Program Files (x86)\UnHackMe

2011-12-25 20:28:49 -------- d-----w- C:\Program Files\ESET

2011-12-23 23:14:24 -------- d-----we C:\Windows\system64

2011-12-15 03:14:51 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 03:14:49 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-15 03:14:47 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 03:14:47 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 03:14:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 03:14:45 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2011-12-22 03:53:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-19 20:05:45 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2011-12-19 20:05:44 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2011-12-19 20:05:44 34688 ----a-w- C:\Windows\System32\LMIport.dll

.

============= FINISH: 16:51:57.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/30/2010 11:08:45 AM

System Uptime: 1/7/2012 11:52:48 AM (53 hours ago)

.

Motherboard: ASRock | | X58 Extreme

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPUSocket | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 596 GiB total, 470.297 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP114: 1/1/2012 1:37:50 AM - Removed Skype™ 5.5

RP115: 1/1/2012 1:38:30 AM - Removed Skype Click to Call

RP116: 1/1/2012 1:43:53 AM - Removed Skype™ 5.6

RP117: 1/7/2012 11:56:19 AM - Removed Skype™ 5.5

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe After Effects CS5

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.1)

Any DVD Cloner Platinum 1.0.8

Apple Application Support

Apple Software Update

AviSynth 2.5

Browser Defender 3.0

CameraHelperMsi

Citrix online plug-in

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (PNA)

Citrix online plug-in (SSON)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

erLT

escv

Foxit PDF Editor

Google Chrome

HD Writer AE 2.0

Java Auto Updater

Java 6 Update 24

JMicron JMB36X Driver

Jurik Research Software for TradeStation®/Vista®

Logitech Webcam Software

LogMeIn

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.60.0.1800

McAfee Security Scan Plus

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

Neat Image v6.0 Pro+

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Octoshape Streaming Services

PC Tools Internet Security

PDF Settings CS5

Picasa 3

QuickTime

RapidSet 1.0

Restorator 2007 Trial Update 2

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype™ 5.6

System Requirements Lab

TradeStation 8.8

TradeStation 9.0

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Outlook 2007 Junk Email Filter (KB2596560)

VLC media player 1.1.4

Wave59 PRO 1.12

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

XP Codec Pack

.

==== Event Viewer Messages From Past Week ========

.

1/9/2012 11:53:52 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while

attempting to read the local hosts file.

.

==== End Of File ===========================

Thanks

AK

Attach.txt LOG

Link to post
Share on other sites

Hello akbegin and welcome to Malwarebytes' forums.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member akbegin only. If you are a casual viewer, do NOT try this on your system!

If you are not akbegin and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, do that right then. Press Reboot Now.
    The report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt
    ". Please copy and paste the contents of that file here.

Reply with copies of the aswMBR log and the TDSSKiller log.

Do not do any websurfing or online games, or anything online until we have all this cured. I'll advise when.

We have a lot more after this.

Link to post
Share on other sites

Maurice,

Thanks very much for helping out. Here are the logs as per your steps

aswMBR Log

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software

Run date: 2012-01-09 23:50:47

-----------------------------

23:50:47.178 OS Version: Windows x64 6.1.7601 Service Pack 1

23:50:47.178 Number of processors: 8 586 0x1A05

23:50:47.179 ComputerName: HOMEPC UserName:

23:50:49.512 Initialize success

23:51:44.923 AVAST engine defs: 12010901

23:51:50.112 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-9

23:51:50.113 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3

23:51:50.123 Disk 0 MBR read successfully

23:51:50.123 Disk 0 MBR scan

23:51:50.126 Disk 0 Windows 7 default MBR code

23:51:50.130 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

23:51:50.135 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 610378 MB offset 206848

23:51:50.138 Service scanning

23:51:50.491 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21

23:51:51.138 Modules scanning

23:51:51.140 Disk 0 trace - called modules:

23:51:51.143 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys

PCIIDEX.SYS hal.dll atapi.sys

23:51:51.145 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064e6790]

23:51:51.148 3 CLASSPNP.SYS[fffff88001d6343f] -> nt!IofCallDriver -> [0xfffffa800633b850]

23:51:51.150 5 PCTCore64.sys[fffff880011b48a4] -> nt!IofCallDriver -> [0xfffffa8006201e40]

23:51:51.153 7 ACPI.sys[fffff88000f197a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-9

[0xfffffa8006224680]

23:51:52.367 AVAST engine scan C:\Windows

23:51:54.526 AVAST engine scan C:\Windows\system32

23:52:00.883 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]

23:52:56.624 AVAST engine scan C:\Windows\system32\drivers

23:53:04.212 AVAST engine scan C:\Users\Administrator

23:53:32.517 File: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Content.IE5\0IPMVHGD\Test[1].exe **INFECTED** Win32:Malware-gen

23:54:28.780 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"

23:54:28.783 The log file has been saved successfully to "C:\Users\Administrator\Desktop

\aswMBR.txt"

TDSSKiller Log

23:55:02.0829 5264 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

23:55:03.0075 5264 ============================================================

23:55:03.0075 5264 Current date / time: 2012/01/09 23:55:03.0075

23:55:03.0075 5264 SystemInfo:

23:55:03.0075 5264

23:55:03.0075 5264 OS Version: 6.1.7601 ServicePack: 1.0

23:55:03.0075 5264 Product type: Workstation

23:55:03.0075 5264 ComputerName: HOMEPC

23:55:03.0075 5264 UserName: Administrator

23:55:03.0075 5264 Windows directory: C:\Windows

23:55:03.0075 5264 System windows directory: C:\Windows

23:55:03.0075 5264 Running under WOW64

23:55:03.0075 5264 Processor architecture: Intel x64

23:55:03.0075 5264 Number of processors: 8

23:55:03.0075 5264 Page size: 0x1000

23:55:03.0075 5264 Boot type: Normal boot

23:55:03.0075 5264 ============================================================

23:55:03.0908 5264 Initialize success

23:55:12.0100 4764 ============================================================

23:55:12.0100 4764 Scan started

23:55:12.0100 4764 Mode: Manual;

23:55:12.0100 4764 ============================================================

23:55:13.0453 4764 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

23:55:13.0455 4764 1394ohci - ok

23:55:13.0489 4764 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:55:13.0492 4764 ACPI - ok

23:55:13.0526 4764 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:55:13.0526 4764 AcpiPmi - ok

23:55:13.0577 4764 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

23:55:13.0581 4764 adp94xx - ok

23:55:13.0594 4764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

23:55:13.0597 4764 adpahci - ok

23:55:13.0609 4764 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

23:55:13.0611 4764 adpu320 - ok

23:55:13.0644 4764 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

23:55:13.0648 4764 AFD - ok

23:55:13.0680 4764 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:55:13.0680 4764 agp440 - ok

23:55:13.0690 4764 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:55:13.0690 4764 aliide - ok

23:55:13.0748 4764 ALSysIO - ok

23:55:13.0763 4764 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:55:13.0763 4764 amdide - ok

23:55:13.0774 4764 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

23:55:13.0775 4764 AmdK8 - ok

23:55:13.0790 4764 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

23:55:13.0791 4764 AmdPPM - ok

23:55:13.0804 4764 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

23:55:13.0805 4764 amdsata - ok

23:55:13.0818 4764 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

23:55:13.0820 4764 amdsbs - ok

23:55:13.0831 4764 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

23:55:13.0832 4764 amdxata - ok

23:55:13.0856 4764 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:55:13.0857 4764 AppID - ok

23:55:13.0900 4764 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

23:55:13.0901 4764 arc - ok

23:55:13.0915 4764 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

23:55:13.0916 4764 arcsas - ok

23:55:13.0941 4764 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:55:13.0942 4764 AsyncMac - ok

23:55:13.0957 4764 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:55:13.0957 4764 atapi - ok

23:55:13.0991 4764 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

23:55:13.0995 4764 b06bdrv - ok

23:55:14.0006 4764 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:55:14.0008 4764 b57nd60a - ok

23:55:14.0027 4764 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:55:14.0027 4764 Beep - ok

23:55:14.0066 4764 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

23:55:14.0066 4764 blbdrive - ok

23:55:14.0109 4764 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:55:14.0110 4764 bowser - ok

23:55:14.0125 4764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:55:14.0125 4764 BrFiltLo - ok

23:55:14.0138 4764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:55:14.0138 4764 BrFiltUp - ok

23:55:14.0164 4764 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:55:14.0166 4764 Brserid - ok

23:55:14.0183 4764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:55:14.0183 4764 BrSerWdm - ok

23:55:14.0193 4764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:55:14.0194 4764 BrUsbMdm - ok

23:55:14.0208 4764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:55:14.0209 4764 BrUsbSer - ok

23:55:14.0224 4764 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

23:55:14.0225 4764 BTHMODEM - ok

23:55:14.0244 4764 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:55:14.0245 4764 cdfs - ok

23:55:14.0294 4764 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys

23:55:14.0295 4764 cdrbsdrv - ok

23:55:14.0337 4764 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

23:55:14.0338 4764 cdrom - ok

23:55:14.0357 4764 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

23:55:14.0357 4764 circlass - ok

23:55:14.0374 4764 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:55:14.0377 4764 CLFS - ok

23:55:14.0394 4764 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

23:55:14.0394 4764 CmBatt - ok

23:55:14.0424 4764 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:55:14.0425 4764 cmdide - ok

23:55:14.0455 4764 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

23:55:14.0459 4764 CNG - ok

23:55:14.0471 4764 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

23:55:14.0471 4764 Compbatt - ok

23:55:14.0498 4764 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

23:55:14.0499 4764 CompositeBus - ok

23:55:14.0521 4764 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys

23:55:14.0521 4764 cpuz132 - ok

23:55:14.0535 4764 cpuz133 (641243746597fbd650e5000d95811ea3) C:\Windows\system32\drivers\cpuz133_x64.sys

23:55:14.0535 4764 cpuz133 - ok

23:55:14.0540 4764 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

23:55:14.0540 4764 crcdisk - ok

23:55:14.0580 4764 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

23:55:14.0584 4764 CSC - ok

23:55:14.0637 4764 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

23:55:14.0638 4764 ctxusbm - ok

23:55:14.0674 4764 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:55:14.0675 4764 DfsC - ok

23:55:14.0687 4764 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:55:14.0688 4764 discache - ok

23:55:14.0697 4764 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

23:55:14.0698 4764 Disk - ok

23:55:14.0724 4764 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:55:14.0725 4764 drmkaud - ok

23:55:14.0778 4764 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS

23:55:14.0779 4764 DrvAgent64 - ok

23:55:14.0818 4764 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:55:14.0827 4764 DXGKrnl - ok

23:55:14.0878 4764 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

23:55:14.0918 4764 ebdrv - ok

23:55:14.0964 4764 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

23:55:14.0968 4764 elxstor - ok

23:55:15.0058 4764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:55:15.0058 4764 ErrDev - ok

23:55:15.0161 4764 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:55:15.0163 4764 exfat - ok

23:55:15.0175 4764 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:55:15.0176 4764 fastfat - ok

23:55:15.0195 4764 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

23:55:15.0195 4764 fdc - ok

23:55:15.0213 4764 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:55:15.0214 4764 FileInfo - ok

23:55:15.0220 4764 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:55:15.0220 4764 Filetrace - ok

23:55:15.0233 4764 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

23:55:15.0234 4764 flpydisk - ok

23:55:15.0261 4764 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:55:15.0264 4764 FltMgr - ok

23:55:15.0277 4764 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:55:15.0277 4764 FsDepends - ok

23:55:15.0288 4764 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

23:55:15.0288 4764 Fs_Rec - ok

23:55:15.0322 4764 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:55:15.0324 4764 fvevol - ok

23:55:15.0334 4764 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

23:55:15.0335 4764 gagp30kx - ok

23:55:15.0376 4764 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:55:15.0377 4764 GEARAspiWDM - ok

23:55:15.0378 4764 GMSIPCI - ok

23:55:15.0398 4764 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:55:15.0399 4764 hcw85cir - ok

23:55:15.0443 4764 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:55:15.0446 4764 HdAudAddService - ok

23:55:15.0465 4764 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

23:55:15.0466 4764 HDAudBus - ok

23:55:15.0481 4764 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

23:55:15.0481 4764 HidBatt - ok

23:55:15.0494 4764 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

23:55:15.0496 4764 HidBth - ok

23:55:15.0508 4764 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

23:55:15.0509 4764 HidIr - ok

23:55:15.0530 4764 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:55:15.0530 4764 HidUsb - ok

23:55:15.0578 4764 hitmanpro35 (5cd53fc677705cc5e402611c81b2ac41) C:\Windows\system32\drivers\hitmanpro35.sys

23:55:15.0579 4764 hitmanpro35 - ok

23:55:15.0606 4764 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:55:15.0606 4764 HpSAMD - ok

23:55:15.0648 4764 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:55:15.0655 4764 HTTP - ok

23:55:15.0685 4764 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:55:15.0686 4764 hwpolicy - ok

23:55:15.0715 4764 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

23:55:15.0716 4764 i8042prt - ok

23:55:15.0734 4764 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

23:55:15.0738 4764 iaStorV - ok

23:55:15.0752 4764 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

23:55:15.0752 4764 iirsp - ok

23:55:15.0785 4764 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:55:15.0785 4764 intelide - ok

23:55:15.0796 4764 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

23:55:15.0797 4764 intelppm - ok

23:55:15.0823 4764 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:55:15.0824 4764 IpFilterDriver - ok

23:55:15.0834 4764 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:55:15.0835 4764 IPMIDRV - ok

23:55:15.0847 4764 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:55:15.0848 4764 IPNAT - ok

23:55:15.0885 4764 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:55:15.0886 4764 IRENUM - ok

23:55:15.0914 4764 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:55:15.0914 4764 isapnp - ok

23:55:15.0927 4764 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:55:15.0930 4764 iScsiPrt - ok

23:55:15.0947 4764 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys

23:55:15.0948 4764 JRAID - ok

23:55:15.0961 4764 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:55:15.0962 4764 kbdclass - ok

23:55:15.0993 4764 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:55:15.0994 4764 kbdhid - ok

23:55:16.0006 4764 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

23:55:16.0007 4764 KSecDD - ok

23:55:16.0043 4764 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

23:55:16.0044 4764 KSecPkg - ok

23:55:16.0060 4764 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:55:16.0061 4764 ksthunk - ok

23:55:16.0088 4764 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:55:16.0089 4764 lltdio - ok

23:55:16.0170 4764 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

23:55:16.0171 4764 LMIInfo - ok

23:55:16.0195 4764 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

23:55:16.0195 4764 lmimirr - ok

23:55:16.0210 4764 LMIRfsClientNP - ok

23:55:16.0232 4764 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

23:55:16.0233 4764 LMIRfsDriver - ok

23:55:16.0256 4764 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

23:55:16.0257 4764 LSI_FC - ok

23:55:16.0264 4764 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

23:55:16.0265 4764 LSI_SAS - ok

23:55:16.0283 4764 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:55:16.0283 4764 LSI_SAS2 - ok

23:55:16.0301 4764 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:55:16.0302 4764 LSI_SCSI - ok

23:55:16.0321 4764 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:55:16.0322 4764 luafv - ok

23:55:16.0359 4764 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

23:55:16.0359 4764 LVPr2M64 - ok

23:55:16.0362 4764 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

23:55:16.0362 4764 LVPr2Mon - ok

23:55:16.0392 4764 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys

23:55:16.0395 4764 LVRS64 - ok

23:55:16.0476 4764 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys

23:55:16.0527 4764 LVUVC64 - ok

23:55:16.0568 4764 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

23:55:16.0569 4764 MBAMProtector - ok

23:55:16.0583 4764 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

23:55:16.0584 4764 megasas - ok

23:55:16.0592 4764 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

23:55:16.0595 4764 MegaSR - ok

23:55:16.0605 4764 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:55:16.0605 4764 Modem - ok

23:55:16.0628 4764 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:55:16.0629 4764 monitor - ok

23:55:16.0659 4764 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:55:16.0660 4764 mouclass - ok

23:55:16.0675 4764 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:55:16.0675 4764 mouhid - ok

23:55:16.0703 4764 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:55:16.0704 4764 mountmgr - ok

23:55:16.0731 4764 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:55:16.0732 4764 mpio - ok

23:55:16.0748 4764 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:55:16.0748 4764 mpsdrv - ok

23:55:16.0775 4764 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:55:16.0776 4764 MRxDAV - ok

23:55:16.0800 4764 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:55:16.0802 4764 mrxsmb - ok

23:55:16.0834 4764 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:55:16.0836 4764 mrxsmb10 - ok

23:55:16.0861 4764 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:55:16.0862 4764 mrxsmb20 - ok

23:55:16.0873 4764 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:55:16.0874 4764 msahci - ok

23:55:16.0898 4764 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:55:16.0900 4764 msdsm - ok

23:55:16.0916 4764 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:55:16.0916 4764 Msfs - ok

23:55:16.0928 4764 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:55:16.0929 4764 mshidkmdf - ok

23:55:16.0947 4764 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:55:16.0947 4764 msisadrv - ok

23:55:16.0980 4764 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:55:16.0981 4764 MSKSSRV - ok

23:55:16.0988 4764 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:55:16.0988 4764 MSPCLOCK - ok

23:55:16.0998 4764 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:55:16.0998 4764 MSPQM - ok

23:55:17.0029 4764 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:55:17.0033 4764 MsRPC - ok

23:55:17.0043 4764 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

23:55:17.0043 4764 mssmbios - ok

23:55:17.0060 4764 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:55:17.0060 4764 MSTEE - ok

23:55:17.0068 4764 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

23:55:17.0069 4764 MTConfig - ok

23:55:17.0090 4764 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:55:17.0091 4764 Mup - ok

23:55:17.0110 4764 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:55:17.0113 4764 NativeWifiP - ok

23:55:17.0151 4764 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

23:55:17.0160 4764 NDIS - ok

23:55:17.0172 4764 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:55:17.0173 4764 NdisCap - ok

23:55:17.0194 4764 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:55:17.0195 4764 NdisTapi - ok

23:55:17.0227 4764 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:55:17.0228 4764 Ndisuio - ok

23:55:17.0258 4764 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:55:17.0260 4764 NdisWan - ok

23:55:17.0289 4764 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:55:17.0289 4764 NDProxy - ok

23:55:17.0298 4764 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:55:17.0299 4764 NetBIOS - ok

23:55:17.0324 4764 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:55:17.0326 4764 NetBT - ok

23:55:17.0352 4764 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

23:55:17.0352 4764 nfrd960 - ok

23:55:17.0366 4764 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:55:17.0367 4764 Npfs - ok

23:55:17.0373 4764 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:55:17.0374 4764 nsiproxy - ok

23:55:17.0419 4764 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

23:55:17.0434 4764 Ntfs - ok

23:55:17.0452 4764 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:55:17.0452 4764 Null - ok

23:55:17.0643 4764 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:55:17.0831 4764 nvlddmkm - ok

23:55:17.0871 4764 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

23:55:17.0872 4764 nvraid - ok

23:55:17.0901 4764 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

23:55:17.0902 4764 nvstor - ok

23:55:17.0941 4764 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:55:17.0943 4764 nv_agp - ok

23:55:17.0958 4764 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:55:17.0959 4764 ohci1394 - ok

23:55:17.0980 4764 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

23:55:17.0981 4764 Parport - ok

23:55:17.0996 4764 Partizan - ok

23:55:18.0022 4764 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

23:55:18.0023 4764 partmgr - ok

23:55:18.0039 4764 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:55:18.0040 4764 pci - ok

23:55:18.0052 4764 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:55:18.0053 4764 pciide - ok

23:55:18.0073 4764 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

23:55:18.0074 4764 pcmcia - ok

23:55:18.0105 4764 PCTCore (b00029a297e54c2e2f169d83448b8508) C:\Windows\system32\drivers\PCTCore64.sys

23:55:18.0108 4764 PCTCore - ok

23:55:18.0134 4764 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys

23:55:18.0138 4764 pctDS - ok

23:55:18.0162 4764 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys

23:55:18.0169 4764 pctEFA - ok

23:55:18.0197 4764 PCTFW-PacketFilter (cf4ba30911dda294b464b6a3be387e31) C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys

23:55:18.0197 4764 PCTFW-PacketFilter - ok

23:55:18.0228 4764 pctgntdi (35ec9e1f64f4b59064ee80b16f71bd89) C:\Windows\System32\drivers\pctgntdi64.sys

23:55:18.0231 4764 pctgntdi - ok

23:55:18.0265 4764 pctNdis (aa1d53ca65dbf3c291918fa430647876) C:\Windows\system32\DRIVERS\pctNdis64.sys

23:55:18.0266 4764 pctNdis - ok

23:55:18.0268 4764 pctNdisMP (aa1d53ca65dbf3c291918fa430647876) C:\Windows\system32\DRIVERS\pctNdis64.sys

23:55:18.0268 4764 pctNdisMP - ok

23:55:18.0306 4764 pctplfw (3eba2976210dbe68483c9657b3c57a8a) C:\Windows\System32\drivers\pctplfw64.sys

23:55:18.0308 4764 pctplfw - ok

23:55:18.0331 4764 pctplsg (8bbc867ef6ceacbaaa5e2f8075c61aac) C:\Windows\System32\drivers\pctplsg64.sys

23:55:18.0331 4764 pctplsg - ok

23:55:18.0362 4764 PCTSD (dea3e7a33e268d4f1fbb4516c784646b) C:\Windows\system32\Drivers\PCTSD64.sys

23:55:18.0364 4764 PCTSD - ok

23:55:18.0373 4764 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:55:18.0374 4764 pcw - ok

23:55:18.0391 4764 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:55:18.0397 4764 PEAUTH - ok

23:55:18.0442 4764 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:55:18.0443 4764 PptpMiniport - ok

23:55:18.0460 4764 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

23:55:18.0460 4764 Processor - ok

23:55:18.0490 4764 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:55:18.0491 4764 Psched - ok

23:55:18.0519 4764 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

23:55:18.0532 4764 ql2300 - ok

23:55:18.0545 4764 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

23:55:18.0545 4764 ql40xx - ok

23:55:18.0557 4764 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:55:18.0557 4764 QWAVEdrv - ok

23:55:18.0594 4764 radpms (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys

23:55:18.0594 4764 radpms - ok

23:55:18.0605 4764 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:55:18.0605 4764 RasAcd - ok

23:55:18.0618 4764 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:55:18.0619 4764 RasAgileVpn - ok

23:55:18.0647 4764 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:55:18.0648 4764 Rasl2tp - ok

23:55:18.0659 4764 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:55:18.0660 4764 RasPppoe - ok

23:55:18.0668 4764 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:55:18.0669 4764 RasSstp - ok

23:55:18.0698 4764 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:55:18.0700 4764 rdbss - ok

23:55:18.0709 4764 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

23:55:18.0709 4764 rdpbus - ok

23:55:18.0721 4764 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:55:18.0722 4764 RDPCDD - ok

23:55:18.0754 4764 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

23:55:18.0756 4764 RDPDR - ok

23:55:18.0772 4764 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:55:18.0772 4764 RDPENCDD - ok

23:55:18.0786 4764 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:55:18.0786 4764 RDPREFMP - ok

23:55:18.0820 4764 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

23:55:18.0821 4764 RDPWD - ok

23:55:18.0849 4764 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:55:18.0851 4764 rdyboost - ok

23:55:18.0867 4764 RivaTuner64 - ok

23:55:18.0888 4764 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:55:18.0889 4764 rspndr - ok

23:55:18.0914 4764 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

23:55:18.0915 4764 RTL8167 - ok

23:55:18.0939 4764 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

23:55:18.0940 4764 s3cap - ok

23:55:18.0965 4764 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:55:18.0966 4764 sbp2port - ok

23:55:18.0990 4764 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:55:18.0990 4764 scfilter - ok

23:55:19.0025 4764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:55:19.0025 4764 secdrv - ok

23:55:19.0060 4764 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

23:55:19.0061 4764 Serenum - ok

23:55:19.0076 4764 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

23:55:19.0076 4764 Serial - ok

23:55:19.0091 4764 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

23:55:19.0092 4764 sermouse - ok

23:55:19.0124 4764 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:55:19.0125 4764 sffdisk - ok

23:55:19.0135 4764 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:55:19.0135 4764 sffp_mmc - ok

23:55:19.0145 4764 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:55:19.0145 4764 sffp_sd - ok

23:55:19.0158 4764 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

23:55:19.0159 4764 sfloppy - ok

23:55:19.0173 4764 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:55:19.0174 4764 SiSRaid2 - ok

23:55:19.0191 4764 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

23:55:19.0191 4764 SiSRaid4 - ok

23:55:19.0214 4764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:55:19.0214 4764 Smb - ok

23:55:19.0228 4764 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:55:19.0229 4764 spldr - ok

23:55:19.0263 4764 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:55:19.0268 4764 srv - ok

23:55:19.0294 4764 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:55:19.0298 4764 srv2 - ok

23:55:19.0331 4764 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:55:19.0331 4764 srvnet - ok

23:55:19.0373 4764 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

23:55:19.0373 4764 stexstor - ok

23:55:19.0396 4764 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

23:55:19.0396 4764 storflt - ok

23:55:19.0413 4764 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

23:55:19.0413 4764 storvsc - ok

23:55:19.0430 4764 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

23:55:19.0430 4764 swenum - ok

23:55:19.0487 4764 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

23:55:19.0509 4764 Tcpip - ok

23:55:19.0551 4764 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

23:55:19.0558 4764 TCPIP6 - ok

23:55:19.0594 4764 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:55:19.0594 4764 tcpipreg - ok

23:55:19.0609 4764 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:55:19.0609 4764 TDPIPE - ok

23:55:19.0625 4764 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

23:55:19.0626 4764 TDTCP - ok

23:55:19.0655 4764 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:55:19.0656 4764 tdx - ok

23:55:19.0673 4764 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

23:55:19.0674 4764 TermDD - ok

23:55:19.0723 4764 TfFsMon (d2df419972ceb50af29309a1beb24eff) C:\Windows\system32\drivers\TfFsMon.sys

23:55:19.0724 4764 TfFsMon - ok

23:55:19.0754 4764 TfNetMon (3c98592982c41a6c6cccccdf1d0c1881) C:\Windows\system32\drivers\TfNetMon.sys

23:55:19.0754 4764 TfNetMon - ok

23:55:19.0767 4764 TFSysMon (6b9e882313f9ee9a41843077fc764196) C:\Windows\system32\drivers\TfSysMon.sys

23:55:19.0768 4764 TFSysMon - ok

23:55:19.0801 4764 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:55:19.0801 4764 tssecsrv - ok

23:55:19.0848 4764 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:55:19.0848 4764 TsUsbFlt - ok

23:55:19.0883 4764 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:55:19.0884 4764 tunnel - ok

23:55:19.0902 4764 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

23:55:19.0902 4764 uagp35 - ok

23:55:19.0928 4764 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:55:19.0931 4764 udfs - ok

23:55:19.0950 4764 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:55:19.0951 4764 uliagpkx - ok

23:55:19.0978 4764 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

23:55:19.0980 4764 umbus - ok

23:55:19.0990 4764 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

23:55:19.0990 4764 UmPass - ok

23:55:20.0011 4764 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

23:55:20.0012 4764 USBAAPL64 - ok

23:55:20.0023 4764 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

23:55:20.0024 4764 usbaudio - ok

23:55:20.0039 4764 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

23:55:20.0040 4764 usbccgp - ok

23:55:20.0081 4764 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:55:20.0082 4764 usbcir - ok

23:55:20.0098 4764 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

23:55:20.0099 4764 usbehci - ok

23:55:20.0114 4764 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys

23:55:20.0117 4764 usbhub - ok

23:55:20.0132 4764 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

23:55:20.0132 4764 usbohci - ok

23:55:20.0145 4764 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

23:55:20.0145 4764 usbprint - ok

23:55:20.0159 4764 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:55:20.0160 4764 USBSTOR - ok

23:55:20.0242 4764 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

23:55:20.0242 4764 usbuhci - ok

23:55:20.0307 4764 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

23:55:20.0350 4764 usbvideo - ok

23:55:20.0384 4764 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:55:20.0385 4764 vdrvroot - ok

23:55:20.0398 4764 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:55:20.0399 4764 vga - ok

23:55:20.0410 4764 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:55:20.0410 4764 VgaSave - ok

23:55:20.0427 4764 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:55:20.0429 4764 vhdmp - ok

23:55:20.0458 4764 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:55:20.0458 4764 viaide - ok

23:55:20.0477 4764 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

23:55:20.0479 4764 vmbus - ok

23:55:20.0493 4764 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

23:55:20.0493 4764 VMBusHID - ok

23:55:20.0510 4764 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:55:20.0511 4764 volmgr - ok

23:55:20.0539 4764 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:55:20.0543 4764 volmgrx - ok

23:55:20.0562 4764 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:55:20.0566 4764 volsnap - ok

23:55:20.0579 4764 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

23:55:20.0580 4764 vsmraid - ok

23:55:20.0596 4764 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

23:55:20.0597 4764 vwifibus - ok

23:55:20.0615 4764 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

23:55:20.0616 4764 WacomPen - ok

23:55:20.0641 4764 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:55:20.0642 4764 WANARP - ok

23:55:20.0644 4764 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:55:20.0645 4764 Wanarpv6 - ok

23:55:20.0664 4764 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

23:55:20.0665 4764 Wd - ok

23:55:20.0685 4764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:55:20.0691 4764 Wdf01000 - ok

23:55:20.0721 4764 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:55:20.0722 4764 WfpLwf - ok

23:55:20.0735 4764 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:55:20.0735 4764 WIMMount - ok

23:55:20.0767 4764 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

23:55:20.0768 4764 WinUsb - ok

23:55:20.0785 4764 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

23:55:20.0786 4764 WmiAcpi - ok

23:55:20.0804 4764 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:55:20.0805 4764 ws2ifsl - ok

23:55:20.0838 4764 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:55:20.0839 4764 WudfPf - ok

23:55:20.0860 4764 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:55:20.0861 4764 WUDFRd - ok

23:55:20.0879 4764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:55:20.0929 4764 \Device\Harddisk0\DR0 - ok

23:55:20.0930 4764 Boot (0x1200) (41f753e4a5456b54eb6a19b4442d2cdc) \Device\Harddisk0\DR0\Partition0

23:55:20.0931 4764 \Device\Harddisk0\DR0\Partition0 - ok

23:55:20.0942 4764 Boot (0x1200) (2202228a5b703e8666d9e1b2c2f90c28) \Device\Harddisk0\DR0\Partition1

23:55:20.0943 4764 \Device\Harddisk0\DR0\Partition1 - ok

23:55:20.0943 4764 ============================================================

23:55:20.0943 4764 Scan finished

23:55:20.0943 4764 ============================================================

23:55:20.0949 3436 Detected object count: 0

23:55:20.0949 3436 Actual detected object count: 0

Thanks

AKbegin

Link to post
Share on other sites

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with a copy of the latest MBAM scan log.

Link to post
Share on other sites

Here is the copy of the latest scan.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.10.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Administrator :: HOMEPC [administrator]

Protection: Enabled

1/10/2012 9:13:23 AM

mbam-log-2012-01-10 (09-13-23).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 455343

Time elapsed: 37 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

(end)

Thanks

AKbegin

Link to post
Share on other sites

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one! :excl:

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member akbegin only. If you are a casual viewer, do NOT try this on your system!

If you are not akbegin and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Link to post
Share on other sites

Here is a copy of the ComboFix.txt log

ComboFix 12-01-10.02 - Administrator 01/10/2012 19:15:12.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4424 [GMT -5:00]

Running from: c:\users\Administrator\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Administrator\AppData\Roaming\oughqsx.exe

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))

.

.

2012-01-11 00:22 . 2012-01-11 00:22 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-01-10 04:47 . 2012-01-10 04:47 -------- d-----w- c:\program files (x86)\ERUNT

2012-01-09 06:00 . 2012-01-09 06:00 -------- d-----w- c:\users\Administrator\AppData\Local\Deployment

2012-01-07 16:58 . 2012-01-07 16:58 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-01-07 16:58 . 2012-01-07 16:58 -------- d-----r- c:\program files (x86)\Skype

2012-01-01 03:03 . 2012-01-01 03:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes

2012-01-01 03:03 . 2012-01-01 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-01 03:03 . 2012-01-01 03:03 -------- d-----w- c:\programdata\Malwarebytes

2012-01-01 03:03 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-01 02:47 . 2012-01-01 02:47 -------- d-----w- c:\programdata\Citrix

2012-01-01 02:46 . 2012-01-01 02:46 -------- d-----w- c:\program files (x86)\Citrix

2012-01-01 02:38 . 2012-01-01 02:38 -------- d-----w- c:\windows\system32\appmgmt

2012-01-01 02:03 . 2012-01-01 02:03 -------- d-----w- c:\users\Administrator\AppData\Local\eSupport.com

2012-01-01 02:03 . 2012-01-01 02:03 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS

2012-01-01 01:30 . 2012-01-01 01:30 -------- d-----w- c:\users\Ankush\AppData\Local\Apple Computer

2011-12-31 21:31 . 2012-01-07 16:55 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps

2011-12-31 18:52 . 2011-12-31 18:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com

2011-12-31 18:52 . 2011-12-31 18:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-31 18:31 . 2011-12-31 23:38 -------- d-----w- c:\programdata\Norton

2011-12-31 18:31 . 2011-12-31 18:40 -------- d-----w- c:\users\Administrator\AppData\Local\NPE

2011-12-30 15:44 . 2011-12-30 15:44 -------- d-----w- c:\users\Administrator\AppData\Local\Apple

2011-12-26 07:00 . 2012-01-03 05:47 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe

2011-12-26 06:12 . 2011-12-26 06:12 -------- d-----w- c:\users\Administrator\AppData\Local\Threat Expert

2011-12-26 06:12 . 2011-12-30 21:26 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer

2011-12-26 01:12 . 2011-12-26 01:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\PCToolsFirewallPlus

2011-12-26 01:12 . 2011-12-26 01:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\Spam Monitor

2011-12-26 01:11 . 2011-12-26 01:11 180488 ----a-w- c:\windows\system32\drivers\pctplfw64.sys

2011-12-26 01:10 . 2011-12-26 01:10 77784 ----a-w- c:\windows\system32\drivers\pctNdis64.sys

2011-12-26 01:10 . 2011-12-26 01:10 42968 ----a-w- c:\windows\system32\drivers\pctNdis-DNS64.sys

2011-12-26 01:10 . 2011-12-26 01:10 119688 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys

2011-12-26 01:09 . 2011-01-20 18:27 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-12-26 01:09 . 2011-01-20 18:27 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-12-26 01:09 . 2011-01-20 18:27 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-12-26 00:57 . 2011-12-26 00:57 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys

2011-12-26 00:44 . 2011-07-01 20:36 767952 ----a-w- c:\windows\BDTSupport.dll

2011-12-26 00:44 . 2011-07-01 20:36 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-12-26 00:44 . 2011-07-01 20:36 2029520 ----a-w- c:\windows\PCTBDCore.dll

2011-12-26 00:44 . 2011-07-01 20:36 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-12-26 00:43 . 2010-07-16 19:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys

2011-12-26 00:43 . 2010-06-29 15:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys

2011-12-26 00:43 . 2011-07-11 14:05 337048 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys

2011-12-26 00:43 . 2011-07-11 14:05 143896 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys

2011-12-26 00:43 . 2011-07-11 17:02 282440 ----a-w- c:\windows\system32\drivers\PCTCore64.sys

2011-12-26 00:43 . 2011-03-10 14:08 279344 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2011-12-26 00:43 . 2011-07-11 14:07 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys

2011-12-26 00:43 . 2011-12-26 06:19 -------- d-----w- c:\program files (x86)\PC Tools Security

2011-12-26 00:43 . 2011-12-26 01:10 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-12-26 00:18 . 2011-12-26 01:09 -------- d-----w- c:\programdata\PC Tools

2011-12-26 00:07 . 2011-12-26 00:07 2 --shatr- c:\windows\winstart.bat

2011-12-26 00:07 . 2011-12-26 01:13 -------- d-----w- c:\program files (x86)\UnHackMe

2011-12-25 20:28 . 2011-12-25 20:28 -------- d-----w- c:\program files\ESET

2011-12-22 03:53 . 2011-12-22 03:53 -------- d-----w- c:\windows\system32\Macromed

2011-12-15 03:14 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 03:14 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 03:14 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 03:14 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-15 03:14 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 03:14 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-22 03:53 . 2011-07-13 06:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-19 20:05 . 2010-06-25 02:43 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-19 20:05 . 2010-06-25 02:43 34688 ----a-w- c:\windows\system32\LMIport.dll

2011-12-19 20:05 . 2010-06-25 02:43 80768 ----a-w- c:\windows\system32\LMIinit.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Octoshape Streaming Services"="c:\users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ulbrnii]

2011-12-24 15:35 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\ulbrnii.dll

.

R3 ALSysIO;ALSysIO;c:\users\Ankush\AppData\Local\Temp\ALSysIO64.sys [x]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-01-01 21712]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [x]

R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [x]

R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [x]

R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-19 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [x]

S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211726436-295822087-3312626100-500Core.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 06:00]

.

2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-211726436-295822087-3312626100-500UA.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 06:00]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]

"combofix"="c:\combofix\CF30668.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: newstarfin.com\citrix

Trusted Zone: rbc.com

TCP: DhcpNameServer = 192.168.0.1

DPF: {ACDB1787-986D-434D-9857-2172CDB2108D} - hxxps://remote-occ.rbc.com/nortel_cacheable/punblock.cab

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cvba2fr7.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-Microsoft Security Essentials - c:\users\Administrator\AppData\Roaming\MsEss.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,47,

32,c6,0a,0c,0f,b7,ae,90,f6,6e,68,0f,8f

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,96,

6a,f5,61,4b,04,a8,f4,54,e3,14,7e,ee,60

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:79,84,c3,72,9d,c3,cc,01

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,9d,b4,a6,91,91,0c,4b,a6,94,5d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,9d,b4,a6,91,91,0c,4b,a6,94,5d,\

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.ac3"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AVI"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\UserChoice]

@Denied: (2) (Administrator)

"Progid"="dat_auto_file"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.divx"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.dts"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.flv"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.hdmov"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ica\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\wfica32.exe"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.INF\UserChoice]

@Denied: (2) (Administrator)

"Progid"="inffile"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="QuickTime.jpg"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.m3u"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M4A"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.mka"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.mkv"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MOV"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.mpls"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.mpv4"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.oga"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.ogg"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.ogm"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.ogv"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.ra"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.rm"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.rmvb"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="txtfile"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP64.WMP.webm"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-211726436-295822087-3312626100-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe

.

**************************************************************************

.

Completion time: 2012-01-10 19:30:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-11 00:30

.

Pre-Run: 503,465,066,496 bytes free

Post-Run: 504,046,104,576 bytes free

.

- - End Of File - - CC8256BD62F951FF8BACF636A2710DF4

Thanks

Akbegin

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log and tell me, How is your system ?

Link to post
Share on other sites

The system does seem better. The google searhes so far seem to be working okay.

The ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=71d7b18975a86b4f86c7e401a477eb7d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-11 02:51:45

# local_time=2012-01-10 09:51:45 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 66 94 804173 77791696 0 0

# compatibility_mode=8192 67108863 100 0 1320517 1320517 0 0

# scanned=256688

# found=4

# cleaned=4

# scan_time=2058

C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Roaming\oughqsx.exe.vir a variant of Win32/Injector.DLM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Administrator\Downloads\Adobe Photoshop CS5 Extended Keygen.EXE probably a variant of Win32/Agent.EYILIJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Thanks

AKbegin

Link to post
Share on other sites

Your Java runtime is out-dated & poses a security risk; and I'd like for you to do another a-v online scan.

Step 1

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 30 from Sun Microsystems Inc.

Step 2

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor.

Do a Select ALL, Copy. Then paste contents into your next reply.

AND, Tell me How is your system now :excl:

Edited by Maurice Naggar
Link to post
Share on other sites

I have installed the updated version of Java. Also ran bitdefender which indicates 1 infected file. I have however, a new problem. The left click and double left click for my mouse has gone haywire.

- When I single left click control panel / computer from the start orb - two windows for Control panel or My computer open up.

- When i try to open a prticular file / folder by double clicking in windows explorer it does not open and I have to right click and then open / explore to enter. however, if i double click a file straight from my desktop the files open up fine.

Not sure what i did wrong. I tried to uninstall and reinstall Java (thought that might be teh problem) but that did not help. Bit defender log as follows

QuickScan 32-bit v0.9.9.103

---------------------------

Scan date: Wed Jan 11 16:09:55 2012

Machine ID: 623A33A8

Found 1 infected file!

----------------------

C:\Windows\system32\config\systemprofile\AppData\Local\ulbrnii.dll --> Trojan.Generic.KDV.497491

--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulbrnii\"DllName"

Processes

---------

(verified) Adobe Acrobat Update Service 1740 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(verified) Bonjour 1784 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(verified) Citrix ICA Client 2208 C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

(verified) Logitech Camera Software 2308 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

(verified) Malwarebytes Anti-Malware 4148 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(verified) Malwarebytes Anti-Malware 4580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(verified) MobileDeviceService 1760 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(verified) Octoshape Streaming Services 3900 C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

(verified) Skype 4012 C:\Program Files (x86)\Skype\Phone\Skype.exe

(verified) Stereo Vision Control Panel API Server 2300 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(verified) Threat Expert Ltd. Browser Defender 1868 C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe

(verified) Windows® Internet Explorer 1416 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 3576 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (3576) connected on port 443 (HTTP over SSL) --> 66.132.220.30

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 74.125.226.217

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 74.125.226.217

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 63.241.108.124

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 74.125.226.217

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 74.125.226.217

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 178.250.1.77

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 69.171.228.40

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 69.171.228.40

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 72.247.147.34

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 72.247.147.34

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 74.125.226.202

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 74.125.226.202

Process iexplore.exe (3576) connected on port 80 (HTTP) --> 80.86.110.21

Autoruns and critical files

---------------------------

(unsigned) ulbrnii.dll C:\Windows\system32\config\systemprofile\AppData\Local\ulbrnii.dll

(verified) Google Update C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

(verified) GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

(verified) LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

(verified) Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) Octoshape Streaming Services C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

(verified) Skype C:\Program Files (x86)\Skype\Phone\Skype.exe

(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

Browser plugins

---------------

(unsigned) LMIGuardianDll C:\Windows\Downloaded Program Files\CONFLICT.1\LMIGuardianDll.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

(verified) Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

(verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\CCMSDK.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\cgpcfg.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\CgpCore.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\confmgr.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\ctxlogging.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\ctxmui.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\icafile.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\icalogon.dll

(verified) Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\TcpPServ.dll

(verified) Citrix SSL SDK C:\Program Files (x86)\Mozilla Firefox\plugins\sslsdk_b.dll

(verified) Google Update C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

(verified) GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

(verified) Java Deployment Toolkit 6.0.300.12 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

(verified) LMIGuardian C:\Windows\Downloaded Program Files\CONFLICT.1\LMIGuardian.exe

(verified) LMIGuardianDll C:\Windows\Downloaded Program Files\LMIGuardianDll.dll

(verified) LMIGuardianEvt C:\Windows\Downloaded Program Files\CONFLICT.1\LMIGuardianEvt.dll

(verified) LMIGuardianEvt C:\Windows\Downloaded Program Files\LMIGuardianEvt.dll

(verified) LMIGuardianSvc C:\Windows\Downloaded Program Files\LMIGuardian.exe

(verified) LMIProxyHelper.exe C:\Windows\Downloaded Program Files\CONFLICT.1\LMIProxyHelper.exe

(verified) LMIProxyHelper.exe C:\Windows\Downloaded Program Files\LMIProxyHelper.exe

(verified) LogMeIn, Inc. Remote Access Components C:\Windows\Downloaded Program Files\avutil-51.dll

(verified) LogMeIn, Inc. Remote Access Components C:\Windows\Downloaded Program Files\swscale-2.dll

(verified) LogMeIn, Inc. Remote Access Components C:\Windows\Downloaded Program Files\CONFLICT.1\LMIBroker.exe

(verified) LogMeIn, Inc. Remote Access Components C:\Windows\Downloaded Program Files\LMIBroker.exe

(verified) Microsoft® Windows Live Login Helper c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) npicaN.dll C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

(verified) NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

(verified) NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

(verified) NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

(verified) Octoshape Streaming Services C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll

(verified) PC Tools Content Filter C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

(verified) PC Tools Content Filter C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll

(verified) Picasa C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

(verified) punblock Module C:\Windows\Downloaded Program Files\punblock.dll

(verified) RACtrl.dll C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll

(verified) RACtrl.dll C:\Windows\Downloaded Program Files\RACtrl.dll

(verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

(verified) System Requirements Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll

(verified) Threat Expert Ltd. Browser Defender c:\program files (x86)\pc tools security\bdt\pctbrowserdefender.dll

(verified) Winamp Application Detector C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

(verified) Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

(verified) Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

Missing files

-------------

File not found: c:\program files (x86)\java\jre6\bin\jp2ssv.dll

--> HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)"

Scan

----

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: 207676859dd1980d3e8358bce8a2da06 C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-libOctoshapeClient.dll

MD5: 16595b907aa1d953345c1df53b03ffa0 C:\Windows\Downloaded Program Files\CONFLICT.1\LMIGuardianDll.dll

MD5: 9b0e51d090b978bcedff8f2b8ec2a55c C:\Windows\system32\config\systemprofile\AppData\Local\ulbrnii.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll

MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

No file uploaded.

Scan finished - communication took 0 sec

Total traffic - 0.00 MB sent, 0.11 KB recvd

Scanned 378 files and modules - 1 second

==============================================================================

Link to post
Share on other sites

Please ignore the mouse click / double click issue for the time being. I was trying to remote into my computer using chrome and I believe the issues is with logmein/chrome combination rather than my computer itself. But the one trojan warning from bitdefender remains.

Link to post
Share on other sites

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

After setup is finished of the anti-virus app, be sure to do an Update run to insure it is fully up-to-date.

Then, Logoff / Restart Windows 7 for a fresh start.

Then start the anti-virus app. Do a full scan of the system. If presented with a choice when a suspect is found, choose Quarantine if offered.

When done, copy and Paste the log from the scan.

Link to post
Share on other sites

Using the webroot trial program for the time being. It seems to have found the same file detected by bitdefender and cleared it. The entire log file was very long and got a "post too long" error when i tried to reply. here is the back end portion of the log. Let me know if I need to dig up other portions from the log.

Wed 2012-01-11 23:56:13.0501 Begin Installation

Wed 2012-01-11 23:56:13.0656 Installation successfully completed (WSAINSTALL.EXE/0)

Wed 2012-01-11 23:56:13.0711 >>> Service started [v8.0.1.44]

Wed 2012-01-11 23:56:14.0485 User process connected successfully from PID 4244, Session 1

Wed 2012-01-11 23:56:14.0550 Protection enabled

Wed 2012-01-11 23:56:14.0560 Scan Started: [iD: 1 - Flags: 551/16]

Wed 2012-01-11 23:56:14.0637 Connecting to 14 - 14

Wed 2012-01-11 23:56:14.0753 SLevel updated to CA05CZ1NBB000000NB000000OV000000RH000000SC000000MM000000

Wed 2012-01-11 23:56:36.0791 Connected to B5

Wed 2012-01-11 23:56:36.0797 SLevel updated to CA05CZ1NBB000000NB0000C8OV0000C8RH0000C8SC000064MM0000C8

Wed 2012-01-11 23:56:37.0316 SLevel updated to CA05CZ1NBB000000NB000181OV000190RH000190SC0000C8MM000190

Wed 2012-01-11 23:56:38.0516 SLevel updated to CA05CZ1NBB000000NB000181OV000258RH000258SC00012CMM000258

Wed 2012-01-11 23:56:40.0690 SLevel updated to CA05CZ1NBB000000NB000181OV000320RH000320SC000190MM000320

Wed 2012-01-11 23:56:45.0323 SLevel updated to CA05CZ1NBB000000NB000181OV0003E8RH0003E8SC0001F4MM0003E8

Wed 2012-01-11 23:56:48.0426 SLevel updated to CA05CZ1NBB000000NB000181OV0004B0RH0004B0SC000258MM0004B0

Wed 2012-01-11 23:56:50.0524 SLevel updated to CA05CZ1NBB000000NB000181OV000578RH0004EDSC000287MM000578

Wed 2012-01-11 23:56:53.0061 SLevel updated to CA05CZ1NBB000000NB000181OV000640RH0004EDSC000287MM000640

Wed 2012-01-11 23:56:56.0708 SLevel updated to CA05CZ1NBB000000NB000181OV000708RH0004EDSC000287MM000708

Wed 2012-01-11 23:56:59.0651 SLevel updated to CA05CZ1NBB000000NB000181OV0007D0RH0004EDSC000287MM0007D0

Wed 2012-01-11 23:57:03.0089 SLevel updated to CA05CZ1NBB000000NB000181OV000898RH0004EDSC000287MM000898

Wed 2012-01-11 23:57:15.0778 SLevel updated to CA05CZ1NBB000000NB000181OV000960RH0004EDSC000287MM000960

Wed 2012-01-11 23:57:15.0971 SLevel updated to CA05CZ1NBB000000NB000181OV000A28RH0004EDSC000287MM000A28

Wed 2012-01-11 23:57:17.0188 Infection detected: c:\windows\system32\config\systemprofile\appdata\local\ulbrnii.dll [MD5: 9B0E51D090B978BCEDFF8F2B8EC2A55C] [3/40080000]

Wed 2012-01-11 23:57:17.0193 SLevel updated to CA05CZ1NBB000000NB000181OV000AF0RH0004EDSC000287MM000AF0

Wed 2012-01-11 23:57:17.0390 Scan Results: Files Scanned: 28012, Duration: 1m 2s, Malicious Files: 1

Wed 2012-01-11 23:57:17.0470 Scan Finished: [iD: 1 - Seq: 24728193]

Wed 2012-01-11 23:57:32.0054 Determination flags modified: MD5: 9B0E51D090B978BCEDFF8F2B8EC2A55C, Size: 11264 bytes, Flags: 00000020

Wed 2012-01-11 23:57:59.0579 Performing cleanup entry: 1

Wed 2012-01-11 23:58:00.0772 Begin passive write scan (1 file(s))

Wed 2012-01-11 23:58:01.0014 End passive write scan (1 file(s))

Wed 2012-01-11 23:58:09.0933 SLevel updated to CA05CZ1NBB000000NB000181OV000BB8RH0004EDSC000287MM000BB8

Wed 2012-01-11 23:58:10.0637 System shutting down.

Wed 2012-01-11 23:58:13.0606 Configuration Saved: CSCS9BBD39A1599A7C1F378C0DE1A6FB93AB,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001027,001140,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00430,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00612,00621,00631,00641,00653,00662,00672,00681,00692,006A1,006B1,006C1,006D2,006E1,006F1,00701,00711,00721,00731,00741,00753,00761,00771,00781,00791,

Wed 2012-01-11 23:58:13.0606 <<< Service shut down successfully. Uptime: 1 minute(s)

Wed 2012-01-11 23:58:59.0836 >>> Service started [v8.0.1.44]

Wed 2012-01-11 23:59:14.0446 User process connected successfully from PID 904, Session 1

Wed 2012-01-11 23:59:14.0461 Scan Started: [iD: 2 - Flags: 551/176]

Wed 2012-01-11 23:59:14.0618 Connecting to 14 - 14

Wed 2012-01-11 23:59:14.0883 SLevel updated to CA000000BB000000NB000181OV000C80RH0004EDSC000287MM000C80

Wed 2012-01-11 23:59:14.0978 SLevel updated to CA000000BB000000NB000181OV000C80RH0004EDSC000287MM000C80

Wed 2012-01-11 23:59:15.0369 Begin passive write scan (2 file(s))

Wed 2012-01-11 23:59:15.0447 SLevel updated to CA000000BB000000NB000181OV000D48RH0004EDSC000287MM000CEA

Wed 2012-01-11 23:59:15.0611 End passive write scan (2 file(s))

Wed 2012-01-11 23:59:15.0658 SLevel updated to CA000000BB000000NB000181OV000E10RH0004EDSC000287MM000CEA

Wed 2012-01-11 23:59:19.0787 SLevel updated to CA000000BB000000NB000181OV000ED8RH0004EDSC000287MM000CEA

Wed 2012-01-11 23:59:22.0845 SLevel updated to CA000000BB000000NB000181OV000FA0RH0004EDSC000287MM000CEA

Wed 2012-01-11 23:59:23.0392 SLevel updated to CA000000BB000000NB000181OV00102ARH0004EDSC000287MM000CEA

Wed 2012-01-11 23:59:33.0625 Begin passive write scan (1 file(s))

Wed 2012-01-11 23:59:33.0875 End passive write scan (1 file(s))

Thu 2012-01-12 00:00:00.0697 Connected to B5

Thu 2012-01-12 00:00:36.0143 Scan Results: Files Scanned: 37463, Duration: 1m 21s, Malicious Files: 0

Thu 2012-01-12 00:00:36.0226 Scan Finished: [iD: 2 - Seq: 24728396]

Thu 2012-01-12 00:02:41.0411 Saved the product log to C:\Users\Administrator\Desktop\webroot.log

Link to post
Share on other sites

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combofix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the text box that opens, type or copy/paste ComboFix /uninstall and then click OK.

IF in the case Combofix un-install has an issue, skip that step.

    • Download OTC to your desktop and run it
    • Click Yes to beginning the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.