I am infected - PUM.hijack.taskmanager is one culprit

kevathediva · February 4, 2012

Hello, and thank you in advance for WHATEVER help I receive. I truling appreciate everyones efforts.

I ran malwarebytes and the pum.hijack.taskmanager comes up along with 2 instances of trojan.agent both as svchost.exe. I clicked to remove, rebooted but the always come back.

Spybot and Avira also keep detecting Smitfraud-C which I cant remove.

SOME of the links in the start folder under accessories do not work. I found a way to repoint them where they are suppose to be, as I nopticed that they were being redirected to the temp file first, but the actual destination was following that common so I just deleted the first half and it was fine (ex: the 'Narrator' link under Accessories\ease of access, in the properties where it shows where the link points to, it says "C:\Users\kevathediva\AppData\Local\Temp\narrator.exe C:\Windows\system32\narrator.exe". When I delete the part I underlined, the link then works.)

Some of the folders in start menu have '(empty)' in them. It appears to be only the first few folders, from like A to D, as if it started to mess stuff up alphabetically but got interrupted.

I downloaded the dss.scr and the reports are below.

Thank you again in advance for your help.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by kevathediva at 13:57:26 on 2012-02-04

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2804.1463 [GMT -5:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\SysWOW64\PSIService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273611105516l04c8z1j5t4751p592

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273611105516l04c8z1j5t4751p592

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273611105516l04c8z1j5t4751p592

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273611105516l04c8z1j5t4751p592

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk.disabled

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

Trusted Zone: intuit.com\ttlc

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.15.1

TCP: Interfaces\{EDC54EF7-B580-4ABC-9549-7D35A564A9AD} : DhcpNameServer = 192.168.15.1

TCP: Interfaces\{EDC54EF7-B580-4ABC-9549-7D35A564A9AD}\241697D6F6E64794E6E662355796475637 : DhcpNameServer = 10.61.32.1 1.1.1.1

TCP: Interfaces\{EDC54EF7-B580-4ABC-9549-7D35A564A9AD}\C696E6B6379737 : DhcpNameServer = 192.168.15.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\kevathediva\AppData\Roaming\Mozilla\Firefox\Profiles\iey6bmkc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=d6o8gqqa2mcej

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\kevathediva\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-2 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-2 110032]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-20 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-9-20 867360]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2011-9-14 102608]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-20 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-14 243232]

R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-9 135664]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-9 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-04 18:27:33 20480 ------w- C:\Windows\svchost.exe

2012-02-04 09:14:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15E7E608-EF09-4E15-83FA-7B9A116ED1B9}\offreg.dll

2012-02-03 13:49:06 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{15E7E608-EF09-4E15-83FA-7B9A116ED1B9}\mpengine.dll

2012-02-03 04:31:41 427144 ----a-w- C:\ProgramData\QFIbEoUCQmCWD.exe

2012-02-02 19:50:31 -------- d-----w- C:\Users\kevathediva\AppData\Roaming\Avira

2012-02-02 19:49:24 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-02-02 19:49:24 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2012-02-02 19:49:19 -------- d-----w- C:\ProgramData\Avira

2012-02-02 19:49:19 -------- d-----w- C:\Program Files (x86)\Avira

2012-01-30 02:02:55 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\79C2.tmp

2012-01-30 02:02:55 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\79C1.tmp

2012-01-20 18:17:39 -------- d-----w- C:\Users\kevathediva\AppData\Roaming\Malwarebytes

2012-01-20 18:17:24 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-20 18:17:23 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-20 18:17:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-12 04:31:55 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-12 04:31:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-12 04:31:54 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-12 04:31:53 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-12 04:31:50 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-12 04:31:50 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-12 04:31:49 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-12 04:31:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-09 17:00:09 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-09 17:00:09 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-09 17:00:09 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-09 17:00:09 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

.

==================== Find3M ====================

.

2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 13:58:08.43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/9/2010 11:02:07 AM

System Uptime: 2/4/2012 1:25:41 PM (0 hours ago)

.

Motherboard: Acer | | Aspire 7741

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | CPU 1 | 1999/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 219 GiB total, 63.625 GiB free.

D: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP188: 1/27/2012 3:30:55 AM - Windows Update

RP189: 1/30/2012 11:09:31 AM - Windows Update

RP190: 1/31/2012 12:05:19 AM - Windows Update

RP191: 1/31/2012 1:45:41 AM - Windows Update

RP192: 2/1/2012 12:27:27 AM - Windows Update

RP193: 2/1/2012 9:08:06 AM - Windows Update

RP194: 2/3/2012 8:48:15 AM - Windows Update

RP195: 2/3/2012 9:46:16 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

18 Wheels of Steel - American Long Haul

4shared Desktop

Acer Backup Manager

Acer Crystal Eye webcam

Acer ePower Management

Acer eRecovery Management

Acer Game Console

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.2)

Agatha Christie - Death on the Nile

Alcor Micro USB Card Reader

Amazon Unbox Video

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Audacity 1.2.6

Avi to Dvd Free Converter v5.6.0.186

Avira Free Antivirus

Backup Manager Basic

Barnes & Noble Desktop Reader

Bejeweled 2 Deluxe

Blackhawk Striker 2

Build-a-lot 2

BurnAware Free 3.3

calibre

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 3.0

Chuzzle Deluxe

Corel Paint Shop Pro Photo X2

CyberLink PowerDVD 9

D3DX10

Diner Dash 2 Restaurant Rescue

Direct WAV MP3 Splitter 2.0

Dora's Carnival Adventure

DVD Flick 1.3.0.7

e-Sword

eBay Worldwide

eSobi v2

FATE

FormatFactory 2.60

Foxit Reader

Free RAR Extract Frog

FreeRIP v3.40

GOM Player

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 22

Jewel Quest - Heritage

Jewel Quest Solitaire 2

John Deere Drive Green

Junk Mail filter update

Kantaris Media Player 0.4.3

Launch Manager

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Security Scan Plus

McAfee SiteAdvisor

Medieval CUE Splitter

Microsoft .NET Framework 1.1

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Publishing Wizard 1.52

Movies2iPhone 1.24 for Windows

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

MyWinLocker Suite

Norton Online Backup

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

Penguins!

Plants vs. Zombies

Polar Bowler

Polar Golfer

Quicken 2009

QuickTime

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shockwave

Shredder

Skype™ 4.1

Smilebox

Spybot - Search & Destroy

The Print Shop 20

Times Reader

TomTom HOME 2.8.0.2146

TomTom HOME Visual Studio Merge Modules

ToneThis

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnyiper

TurboTax 2010 wrapper

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Video Magic Free 4.0.0.1

Virtual Villagers 4 - The Tree of Life

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Yahoo! BrowserPlus 2.9.8

Yahoo! Install Manager

Yahoo! Messenger

Yahoo! Widgets

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

2/4/2012 9:01:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.

2/4/2012 12:29:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/3/2012 8:48:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

2/3/2012 7:38:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/3/2012 7:38:51 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/3/2012 7:38:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/2/2012 4:29:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

2/1/2012 7:27:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

2/1/2012 7:27:23 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/30/2012 8:37:03 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2012 8:26:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/30/2012 8:24:02 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2012 8:22:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2012 8:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/30/2012 8:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/30/2012 8:22:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/30/2012 8:22:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/30/2012 8:22:19 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

1/30/2012 8:22:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6

1/30/2012 5:24:53 PM, Error: Service Control Manager [7023] - The Diagnostic System Host service terminated with the following error: The requested control is not valid for this service.

1/30/2012 5:24:52 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

1/30/2012 5:24:51 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.

1/30/2012 11:08:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

1/30/2012 11:08:59 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/30/2012 11:08:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

.

==== End Of File ===========================

OH ALSO!!! SORRY I FORGOT>>>>

I usually put my computer on hibernate because I go on and off of it SO many times a day. Recently, I can not successfully come out of hibernation without the 'black screen' of windows not closing properly...then it goes through a gray centered system recovery check (believe it is an authentic check) and then Windows starts.

LDTate · February 6, 2012

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

kevathediva · February 8, 2012

OH MY GOODNESS!!! I had no idea you replied!! Never came to my email and I had stopped using my computer because i was so frustrated. I am going to do what you told me to in about 3 or 4 hours...I just wanted to give a quick reply so you would not think I no longer needed the help. Thank you again in advance

The Diva

LDTate · February 8, 2012

OK

kevathediva · February 8, 2012

As for my computer's current condition, it runs much slower than usual. So much so that I started using another log on to see if that worked. At first I did see a little difference as far as the speed but eventually it was the same thing and I cannot even get that log on to fully come up before it freezes so I am back to my normal log on. The other log on always gave me a 'googletray.dll' error. When I just signed on to my current log on, TeaTimer kept alerting me that a start up value was trying to be entered for 'dsplaysvr', and since I wasn't sure what that was I chose 'deny change'. All the problems I listed in the first post are still present. Updated MBAM and posted below.

VERY IMPORTANT - I will be checking for a reply as often as I can because for some reason I am NOT getting email notifications about replys. I have checked my account here and everything is ticked where it is suppose to be so I have no idea why I am not getting it.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.08.07

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

kevathediva :: DIVA-ACER [administrator]

2/8/2012 5:13:05 PM

mbam-log-2012-02-08 (17-13-05).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 219867

Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3060 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Windows\Temp\fsfwnnrrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\Temp\hdgfsh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\Temp\tgtkko.exe (Spyware.Password) -> Quarantined and deleted successfully.

C:\Windows\Temp\yr0.2583904947763155.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\Temp\yr0.3156357773503624.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

LDTate · February 8, 2012

Looks like you have a RootKit infection

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

LDTate · February 8, 2012

Looks like you have a RootKit infection.

If TeaTimer complains please allow the changes.

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

kevathediva · February 9, 2012

19:52:22.0171 3876 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46

19:52:22.0437 3876 ============================================================

19:52:22.0437 3876 Current date / time: 2012/02/08 19:52:22.0437

19:52:22.0437 3876 SystemInfo:

19:52:22.0437 3876

19:52:22.0437 3876 OS Version: 6.1.7600 ServicePack: 0.0

19:52:22.0437 3876 Product type: Workstation

19:52:22.0437 3876 ComputerName: DIVA-ACER

19:52:22.0437 3876 UserName: kevathediva

19:52:22.0437 3876 Windows directory: C:\Windows

19:52:22.0437 3876 System windows directory: C:\Windows

19:52:22.0437 3876 Running under WOW64

19:52:22.0437 3876 Processor architecture: Intel x64

19:52:22.0437 3876 Number of processors: 2

19:52:22.0437 3876 Page size: 0x1000

19:52:22.0437 3876 Boot type: Normal boot

19:52:22.0437 3876 ============================================================

19:52:23.0778 3876 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:52:23.0778 3876 Drive \Device\Harddisk1\DR1 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

19:52:23.0778 3876 \Device\Harddisk0\DR0:

19:52:23.0778 3876 MBR used

19:52:23.0778 3876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000

19:52:23.0778 3876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x1B63A970

19:52:23.0778 3876 \Device\Harddisk1\DR1:

19:52:23.0778 3876 MBR used

19:52:23.0778 3876 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907

19:52:23.0809 3876 Initialize success

19:52:23.0809 3876 ============================================================

19:52:44.0230 4500 ============================================================

19:52:44.0230 4500 Scan started

19:52:44.0230 4500 Mode: Manual; SigCheck; TDLFS;

19:52:44.0230 4500 ============================================================

19:52:44.0589 4500 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

19:52:44.0713 4500 1394ohci - ok

19:52:44.0869 4500 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

19:52:44.0916 4500 ACPI - ok

19:52:45.0025 4500 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

19:52:45.0119 4500 AcpiPmi - ok

19:52:45.0337 4500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:52:45.0415 4500 adp94xx - ok

19:52:45.0727 4500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:52:45.0774 4500 adpahci - ok

19:52:46.0164 4500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:52:46.0195 4500 adpu320 - ok

19:52:46.0429 4500 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

19:52:46.0539 4500 AFD - ok

19:52:46.0913 4500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

19:52:46.0944 4500 agp440 - ok

19:52:47.0131 4500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

19:52:47.0163 4500 aliide - ok

19:52:47.0350 4500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

19:52:47.0365 4500 amdide - ok

19:52:47.0537 4500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:52:47.0599 4500 AmdK8 - ok

19:52:47.0802 4500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:52:47.0865 4500 AmdPPM - ok

19:52:48.0052 4500 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

19:52:48.0083 4500 amdsata - ok

19:52:48.0255 4500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:52:48.0286 4500 amdsbs - ok

19:52:48.0442 4500 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

19:52:48.0473 4500 amdxata - ok

19:52:48.0629 4500 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS

19:52:48.0707 4500 AmUStor - ok

19:52:48.0941 4500 ApfiltrService (fab590e0fc28cb474b965f8267458e14) C:\Windows\system32\DRIVERS\Apfiltr.sys

19:52:49.0019 4500 ApfiltrService - ok

19:52:49.0175 4500 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

19:52:49.0284 4500 AppID - ok

19:52:49.0456 4500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:52:49.0487 4500 arc - ok

19:52:49.0659 4500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:52:49.0690 4500 arcsas - ok

19:52:49.0877 4500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:52:50.0049 4500 AsyncMac - ok

19:52:50.0220 4500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

19:52:50.0251 4500 atapi - ok

19:52:50.0439 4500 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

19:52:50.0470 4500 avgntflt - ok

19:52:50.0657 4500 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys

19:52:50.0688 4500 avipbb - ok

19:52:50.0860 4500 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

19:52:50.0875 4500 avkmgr - ok

19:52:50.0985 4500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:52:51.0078 4500 b06bdrv - ok

19:52:51.0265 4500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:52:51.0328 4500 b57nd60a - ok

19:52:51.0546 4500 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys

19:52:51.0671 4500 BCM43XX - ok

19:52:51.0827 4500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:52:51.0921 4500 Beep - ok

19:52:52.0108 4500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:52:52.0155 4500 blbdrive - ok

19:52:52.0295 4500 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

19:52:52.0373 4500 bowser - ok

19:52:52.0545 4500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:52:52.0591 4500 BrFiltLo - ok

19:52:52.0747 4500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:52:52.0794 4500 BrFiltUp - ok

19:52:52.0981 4500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:52:53.0059 4500 Brserid - ok

19:52:53.0215 4500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:52:53.0262 4500 BrSerWdm - ok

19:52:53.0434 4500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:52:53.0481 4500 BrUsbMdm - ok

19:52:53.0637 4500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:52:53.0683 4500 BrUsbSer - ok

19:52:53.0824 4500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:52:53.0886 4500 BTHMODEM - ok

19:52:54.0089 4500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:52:54.0167 4500 cdfs - ok

19:52:54.0339 4500 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

19:52:54.0401 4500 cdrom - ok

19:52:54.0557 4500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:52:54.0604 4500 circlass - ok

19:52:54.0713 4500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:52:54.0760 4500 CLFS - ok

19:52:54.0900 4500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:52:54.0947 4500 CmBatt - ok

19:52:55.0072 4500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

19:52:55.0103 4500 cmdide - ok

19:52:55.0165 4500 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

19:52:55.0275 4500 CNG - ok

19:52:55.0384 4500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:52:55.0415 4500 Compbatt - ok

19:52:55.0571 4500 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:52:55.0633 4500 CompositeBus - ok

19:52:55.0789 4500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:52:55.0821 4500 crcdisk - ok

19:52:56.0008 4500 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

19:52:56.0086 4500 DfsC - ok

19:52:56.0242 4500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:52:56.0335 4500 discache - ok

19:52:56.0507 4500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:52:56.0538 4500 Disk - ok

19:52:56.0694 4500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:52:56.0757 4500 drmkaud - ok

19:52:56.0897 4500 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys

19:52:56.0975 4500 DXGKrnl - ok

19:52:57.0115 4500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:52:57.0256 4500 ebdrv - ok

19:52:57.0427 4500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:52:57.0490 4500 elxstor - ok

19:52:57.0568 4500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

19:52:57.0630 4500 ErrDev - ok

19:52:57.0786 4500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:52:57.0864 4500 exfat - ok

19:52:57.0895 4500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:52:57.0958 4500 fastfat - ok

19:52:58.0067 4500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:52:58.0114 4500 fdc - ok

19:52:58.0176 4500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:52:58.0207 4500 FileInfo - ok

19:52:58.0223 4500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:52:58.0301 4500 Filetrace - ok

19:52:58.0410 4500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:52:58.0441 4500 flpydisk - ok

19:52:58.0488 4500 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

19:52:58.0504 4500 FltMgr - ok

19:52:58.0535 4500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:52:58.0551 4500 FsDepends - ok

19:52:58.0566 4500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:52:58.0582 4500 Fs_Rec - ok

19:52:58.0660 4500 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:52:58.0722 4500 fvevol - ok

19:52:58.0831 4500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:52:58.0863 4500 gagp30kx - ok

19:52:59.0081 4500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:52:59.0159 4500 hcw85cir - ok

19:52:59.0315 4500 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

19:52:59.0409 4500 HdAudAddService - ok

19:52:59.0565 4500 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:52:59.0611 4500 HDAudBus - ok

19:52:59.0674 4500 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

19:52:59.0705 4500 HECIx64 - ok

19:52:59.0736 4500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:52:59.0783 4500 HidBatt - ok

19:52:59.0799 4500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:52:59.0845 4500 HidBth - ok

19:52:59.0892 4500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:52:59.0939 4500 HidIr - ok

19:53:00.0064 4500 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

19:53:00.0111 4500 HidUsb - ok

19:53:00.0282 4500 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

19:53:00.0313 4500 HpSAMD - ok

19:53:00.0391 4500 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

19:53:00.0469 4500 HTTP - ok

19:53:00.0594 4500 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

19:53:00.0625 4500 hwpolicy - ok

19:53:00.0719 4500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:53:00.0750 4500 i8042prt - ok

19:53:00.0813 4500 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

19:53:00.0844 4500 iaStor - ok

19:53:01.0000 4500 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

19:53:01.0062 4500 iaStorV - ok

19:53:01.0421 4500 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:53:01.0842 4500 igfx - ok

19:53:01.0998 4500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:53:02.0029 4500 iirsp - ok

19:53:02.0139 4500 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

19:53:02.0201 4500 Impcd - ok

19:53:02.0373 4500 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys

19:53:02.0513 4500 IntcAzAudAddService - ok

19:53:02.0685 4500 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

19:53:02.0747 4500 IntcDAud - ok

19:53:02.0872 4500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

19:53:02.0903 4500 intelide - ok

19:53:02.0950 4500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:53:02.0981 4500 intelppm - ok

19:53:03.0199 4500 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:53:03.0277 4500 IpFilterDriver - ok

19:53:03.0433 4500 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

19:53:03.0480 4500 IPMIDRV - ok

19:53:03.0496 4500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:53:03.0574 4500 IPNAT - ok

19:53:03.0730 4500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:53:03.0792 4500 IRENUM - ok

19:53:03.0933 4500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

19:53:03.0964 4500 isapnp - ok

19:53:03.0995 4500 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

19:53:04.0026 4500 iScsiPrt - ok

19:53:04.0089 4500 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys

19:53:04.0135 4500 k57nd60a - ok

19:53:04.0276 4500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:53:04.0307 4500 kbdclass - ok

19:53:04.0354 4500 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

19:53:04.0401 4500 kbdhid - ok

19:53:04.0447 4500 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

19:53:04.0494 4500 KSecDD - ok

19:53:04.0510 4500 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

19:53:04.0525 4500 KSecPkg - ok

19:53:04.0603 4500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:53:04.0697 4500 ksthunk - ok

19:53:04.0837 4500 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys

19:53:04.0884 4500 L1E - ok

19:53:05.0040 4500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:53:05.0118 4500 lltdio - ok

19:53:05.0305 4500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:53:05.0321 4500 LSI_FC - ok

19:53:05.0337 4500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:53:05.0368 4500 LSI_SAS - ok

19:53:05.0399 4500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:53:05.0415 4500 LSI_SAS2 - ok

19:53:05.0430 4500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:53:05.0461 4500 LSI_SCSI - ok

19:53:05.0508 4500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:53:05.0617 4500 luafv - ok

19:53:05.0664 4500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:53:05.0680 4500 megasas - ok

19:53:05.0711 4500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:53:05.0727 4500 MegaSR - ok

19:53:05.0789 4500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:53:05.0867 4500 Modem - ok

19:53:05.0929 4500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:53:05.0976 4500 monitor - ok

19:53:06.0085 4500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:53:06.0117 4500 mouclass - ok

19:53:06.0179 4500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:53:06.0210 4500 mouhid - ok

19:53:06.0241 4500 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

19:53:06.0257 4500 mountmgr - ok

19:53:06.0288 4500 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

19:53:06.0304 4500 mpio - ok

19:53:06.0319 4500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:53:06.0382 4500 mpsdrv - ok

19:53:06.0413 4500 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

19:53:06.0460 4500 MRxDAV - ok

19:53:06.0491 4500 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:53:06.0538 4500 mrxsmb - ok

19:53:06.0585 4500 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:53:06.0631 4500 mrxsmb10 - ok

19:53:06.0678 4500 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:53:06.0725 4500 mrxsmb20 - ok

19:53:06.0787 4500 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

19:53:06.0819 4500 msahci - ok

19:53:06.0834 4500 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

19:53:06.0865 4500 msdsm - ok

19:53:06.0881 4500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:53:06.0928 4500 Msfs - ok

19:53:06.0975 4500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:53:07.0037 4500 mshidkmdf - ok

19:53:07.0068 4500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

19:53:07.0084 4500 msisadrv - ok

19:53:07.0131 4500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:53:07.0193 4500 MSKSSRV - ok

19:53:07.0240 4500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:53:07.0318 4500 MSPCLOCK - ok

19:53:07.0349 4500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:53:07.0427 4500 MSPQM - ok

19:53:07.0458 4500 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

19:53:07.0474 4500 MsRPC - ok

19:53:07.0505 4500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

19:53:07.0505 4500 mssmbios - ok

19:53:07.0567 4500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:53:07.0661 4500 MSTEE - ok

19:53:07.0677 4500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:53:07.0692 4500 MTConfig - ok

19:53:07.0723 4500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:53:07.0739 4500 Mup - ok

19:53:07.0817 4500 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

19:53:07.0833 4500 mwlPSDFilter - ok

19:53:07.0864 4500 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

19:53:07.0879 4500 mwlPSDNServ - ok

19:53:07.0895 4500 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

19:53:07.0926 4500 mwlPSDVDisk - ok

19:53:08.0051 4500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:53:08.0129 4500 NativeWifiP - ok

19:53:08.0223 4500 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

19:53:08.0285 4500 NDIS - ok

19:53:08.0410 4500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:53:08.0503 4500 NdisCap - ok

19:53:08.0550 4500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:53:08.0628 4500 NdisTapi - ok

19:53:08.0753 4500 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

19:53:08.0831 4500 Ndisuio - ok

19:53:08.0862 4500 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:53:08.0925 4500 NdisWan - ok

19:53:08.0956 4500 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

19:53:09.0018 4500 NDProxy - ok

19:53:09.0081 4500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:53:09.0159 4500 NetBIOS - ok

19:53:09.0190 4500 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

19:53:09.0283 4500 NetBT - ok

19:53:09.0424 4500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:53:09.0455 4500 nfrd960 - ok

19:53:09.0549 4500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:53:09.0642 4500 Npfs - ok

19:53:09.0658 4500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:53:09.0736 4500 nsiproxy - ok

19:53:09.0814 4500 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

19:53:09.0939 4500 Ntfs - ok

19:53:10.0095 4500 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

19:53:10.0110 4500 NTIDrvr - ok

19:53:10.0173 4500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:53:10.0251 4500 Null - ok

19:53:10.0344 4500 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

19:53:10.0375 4500 nvraid - ok

19:53:10.0453 4500 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

19:53:10.0469 4500 nvstor - ok

19:53:10.0531 4500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

19:53:10.0578 4500 nv_agp - ok

19:53:10.0625 4500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

19:53:10.0656 4500 ohci1394 - ok

19:53:10.0719 4500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:53:10.0750 4500 Parport - ok

19:53:10.0765 4500 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

19:53:10.0781 4500 partmgr - ok

19:53:10.0812 4500 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

19:53:10.0828 4500 pci - ok

19:53:10.0859 4500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

19:53:10.0875 4500 pciide - ok

19:53:10.0890 4500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:53:10.0921 4500 pcmcia - ok

19:53:10.0937 4500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:53:10.0953 4500 pcw - ok

19:53:10.0999 4500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:53:11.0093 4500 PEAUTH - ok

19:53:11.0233 4500 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

19:53:11.0296 4500 PptpMiniport - ok

19:53:11.0343 4500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:53:11.0389 4500 Processor - ok

19:53:11.0561 4500 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

19:53:11.0655 4500 Psched - ok

19:53:11.0811 4500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:53:11.0920 4500 ql2300 - ok

19:53:12.0045 4500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:53:12.0091 4500 ql40xx - ok

19:53:12.0107 4500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:53:12.0154 4500 QWAVEdrv - ok

19:53:12.0279 4500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:53:12.0341 4500 RasAcd - ok

19:53:12.0403 4500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:53:12.0466 4500 RasAgileVpn - ok

19:53:12.0513 4500 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:53:12.0606 4500 Rasl2tp - ok

19:53:12.0747 4500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:53:12.0825 4500 RasPppoe - ok

19:53:12.0949 4500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:53:13.0059 4500 RasSstp - ok

19:53:13.0121 4500 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

19:53:13.0199 4500 rdbss - ok

19:53:13.0215 4500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:53:13.0246 4500 rdpbus - ok

19:53:13.0293 4500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:53:13.0386 4500 RDPCDD - ok

19:53:13.0417 4500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:53:13.0511 4500 RDPENCDD - ok

19:53:13.0558 4500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:53:13.0651 4500 RDPREFMP - ok

19:53:13.0667 4500 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

19:53:13.0729 4500 RDPWD - ok

19:53:13.0761 4500 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

19:53:13.0776 4500 rdyboost - ok

19:53:13.0870 4500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:53:13.0963 4500 rspndr - ok

19:53:13.0995 4500 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

19:53:14.0010 4500 sbp2port - ok

19:53:14.0057 4500 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

19:53:14.0151 4500 scfilter - ok

19:53:14.0275 4500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:53:14.0338 4500 secdrv - ok

19:53:14.0353 4500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:53:14.0369 4500 Serenum - ok

19:53:14.0416 4500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:53:14.0447 4500 Serial - ok

19:53:14.0603 4500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:53:14.0650 4500 sermouse - ok

19:53:14.0697 4500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

19:53:14.0743 4500 sffdisk - ok

19:53:14.0775 4500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

19:53:14.0806 4500 sffp_mmc - ok

19:53:14.0837 4500 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:53:14.0853 4500 sffp_sd - ok

19:53:14.0884 4500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:53:14.0915 4500 sfloppy - ok

19:53:14.0962 4500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:53:14.0993 4500 SiSRaid2 - ok

19:53:15.0009 4500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:53:15.0024 4500 SiSRaid4 - ok

19:53:15.0071 4500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:53:15.0165 4500 Smb - ok

19:53:15.0289 4500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:53:15.0321 4500 spldr - ok

19:53:15.0383 4500 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

19:53:15.0461 4500 srv - ok

19:53:15.0508 4500 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

19:53:15.0570 4500 srv2 - ok

19:53:15.0711 4500 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

19:53:15.0773 4500 srvnet - ok

19:53:15.0913 4500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:53:15.0945 4500 stexstor - ok

19:53:15.0960 4500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

19:53:15.0976 4500 swenum - ok

19:53:16.0179 4500 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

19:53:16.0335 4500 Tcpip - ok

19:53:16.0569 4500 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

19:53:16.0615 4500 TCPIP6 - ok

19:53:16.0647 4500 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

19:53:16.0693 4500 tcpipreg - ok

19:53:16.0709 4500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:53:16.0787 4500 TDPIPE - ok

19:53:16.0803 4500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

19:53:16.0849 4500 TDTCP - ok

19:53:16.0912 4500 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

19:53:17.0005 4500 tdx - ok

19:53:17.0021 4500 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

19:53:17.0037 4500 TermDD - ok

19:53:17.0115 4500 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:53:17.0208 4500 tssecsrv - ok

19:53:17.0349 4500 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

19:53:17.0442 4500 tunnel - ok

19:53:17.0473 4500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:53:17.0489 4500 uagp35 - ok

19:53:17.0520 4500 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

19:53:17.0536 4500 UBHelper - ok

19:53:17.0567 4500 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

19:53:17.0661 4500 udfs - ok

19:53:17.0817 4500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

19:53:17.0848 4500 uliagpkx - ok

19:53:17.0973 4500 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

19:53:18.0019 4500 umbus - ok

19:53:18.0129 4500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:53:18.0175 4500 UmPass - ok

19:53:18.0347 4500 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

19:53:18.0409 4500 usbaudio - ok

19:53:18.0456 4500 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

19:53:18.0534 4500 usbccgp - ok

19:53:18.0628 4500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

19:53:18.0690 4500 usbcir - ok

19:53:18.0737 4500 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

19:53:18.0768 4500 usbehci - ok

19:53:18.0831 4500 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

19:53:18.0877 4500 usbhub - ok

19:53:18.0924 4500 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

19:53:18.0971 4500 usbohci - ok

19:53:19.0018 4500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:53:19.0065 4500 usbprint - ok

19:53:19.0096 4500 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:53:19.0174 4500 USBSTOR - ok

19:53:19.0221 4500 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

19:53:19.0267 4500 usbuhci - ok

19:53:19.0392 4500 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

19:53:19.0455 4500 usbvideo - ok

19:53:19.0595 4500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

19:53:19.0611 4500 vdrvroot - ok

19:53:19.0673 4500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:53:19.0704 4500 vga - ok

19:53:19.0735 4500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:53:19.0813 4500 VgaSave - ok

19:53:19.0829 4500 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

19:53:19.0845 4500 vhdmp - ok

19:53:19.0876 4500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

19:53:19.0891 4500 viaide - ok

19:53:19.0938 4500 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

19:53:19.0969 4500 volmgr - ok

19:53:19.0985 4500 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

19:53:20.0016 4500 volmgrx - ok

19:53:20.0047 4500 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

19:53:20.0063 4500 volsnap - ok

19:53:20.0125 4500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:53:20.0157 4500 vsmraid - ok

19:53:20.0172 4500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:53:20.0188 4500 vwifibus - ok

19:53:20.0219 4500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:53:20.0250 4500 vwififlt - ok

19:53:20.0313 4500 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

19:53:20.0328 4500 vwifimp - ok

19:53:20.0359 4500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:53:20.0375 4500 WacomPen - ok

19:53:20.0406 4500 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:53:20.0469 4500 WANARP - ok

19:53:20.0469 4500 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:53:20.0515 4500 Wanarpv6 - ok

19:53:20.0718 4500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:53:20.0749 4500 Wd - ok

19:53:20.0781 4500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:53:20.0827 4500 Wdf01000 - ok

19:53:20.0968 4500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:53:21.0030 4500 WfpLwf - ok

19:53:21.0046 4500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:53:21.0061 4500 WIMMount - ok

19:53:21.0233 4500 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

19:53:21.0264 4500 WinUsb - ok

19:53:21.0358 4500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:53:21.0389 4500 WmiAcpi - ok

19:53:21.0436 4500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:53:21.0498 4500 ws2ifsl - ok

19:53:21.0561 4500 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

19:53:21.0623 4500 WSDPrintDevice - ok

19:53:21.0732 4500 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

19:53:21.0779 4500 WSDScan - ok

19:53:21.0810 4500 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

19:53:21.0904 4500 WudfPf - ok

19:53:21.0982 4500 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:53:22.0091 4500 WUDFRd - ok

19:53:22.0153 4500 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

19:53:22.0185 4500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

19:53:22.0185 4500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

19:53:22.0216 4500 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

19:53:22.0216 4500 \Device\Harddisk0\DR0 - detected TDSS File System (1)

19:53:22.0887 4500 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

19:53:23.0105 4500 \Device\Harddisk1\DR1 - ok

19:53:23.0136 4500 Boot (0x1200) (1493ff4401a5535c1983c93bd69b6364) \Device\Harddisk0\DR0\Partition0

19:53:23.0152 4500 \Device\Harddisk0\DR0\Partition0 - ok

19:53:23.0152 4500 Boot (0x1200) (80a45480f5dce5ad8fbfee32cc76d559) \Device\Harddisk0\DR0\Partition1

19:53:23.0152 4500 \Device\Harddisk0\DR0\Partition1 - ok

19:53:23.0167 4500 Boot (0x1200) (00fb946824e05e1ac48e0a8ee2737f30) \Device\Harddisk1\DR1\Partition0

19:53:23.0167 4500 \Device\Harddisk1\DR1\Partition0 - ok

19:53:23.0167 4500 ============================================================

19:53:23.0167 4500 Scan finished

19:53:23.0167 4500 ============================================================

19:53:23.0183 3296 Detected object count: 2

19:53:23.0183 3296 Actual detected object count: 2

19:54:32.0322 3296 \Device\Harddisk0\DR0\# - copied to quarantine

19:54:32.0322 3296 \Device\Harddisk0\DR0 - copied to quarantine

19:54:32.0385 3296 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

19:54:32.0385 3296 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

19:54:32.0400 3296 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

19:54:32.0416 3296 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

19:54:32.0432 3296 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

19:54:32.0432 3296 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

19:54:32.0432 3296 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

19:54:32.0432 3296 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

19:54:32.0447 3296 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

19:54:32.0447 3296 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

19:54:32.0478 3296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

19:54:32.0478 3296 \Device\Harddisk0\DR0 - ok

19:54:32.0478 3296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

19:54:32.0478 3296 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

19:54:32.0478 3296 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

19:54:40.0294 4544 Deinitialize success

LDTate · February 9, 2012

Reboot and run a new MBAM scan

kevathediva · February 9, 2012

I am sure probably know this but though it says "Quarantined and deleted successfully." for both instances...it never really is. It comes up every scan.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.08.07

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

kevathediva :: DIVA-ACER [administrator]

2/8/2012 8:20:24 PM

mbam-log-2012-02-08 (20-20-24).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 219402

Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

LDTate · February 9, 2012

Run MBAM again and it should be gone now.

kevathediva · February 9, 2012

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.08.07

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

kevathediva :: DIVA-ACER [administrator]

2/8/2012 8:44:38 PM

mbam-log-2012-02-08 (20-44-38).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 219610

Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

LDTate · February 9, 2012

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Q

Don't worry about that one. It was the other one that was the infection.

How's it running?

kevathediva · February 9, 2012

What IS that PUM file then?

It seems to running well enough as for right now. However I do still have the "(empty) file folder" problem in the first few folders of the start menu, and as of an hour or so ago I still could not come out of hibernation without it going directly into system repair mode.

LDTate · February 9, 2012

Possible Unwanted Malware.

That one you have is OK.

If you ran a temp file cleaner before unhiding, chances are they are gone from that user login.

You could try creating a new user and see if that fixes the issue.

I would disable hibernation

We can try another tool

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

kevathediva · February 9, 2012

So far so good...seems to running well...start menu issue wasnt resolved but that was definately the least of my worries...if i gotta do it manually I will...

ComboFix 12-02-08.02 - kevathediva 02/08/2012 21:36:45.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2804.1726 [GMT -5:00]

Running from: c:\users\kevathediva\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\zl0ylhx0.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}

c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\zl0ylhx0.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\chrome.manifest

c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\zl0ylhx0.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\chrome\xulcache.jar

c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\zl0ylhx0.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\defaults\preferences\xulcache.js

c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\zl0ylhx0.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\install.rdf

c:\users\kevathediva\AppData\Roaming\Mozilla\Firefox\Profiles\iey6bmkc.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}

c:\users\kevathediva\AppData\Roaming\Mozilla\Firefox\Profiles\iey6bmkc.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\chrome.manifest

c:\users\kevathediva\AppData\Roaming\Mozilla\Firefox\Profiles\iey6bmkc.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\chrome\xulcache.jar

c:\users\kevathediva\AppData\Roaming\Mozilla\Firefox\Profiles\iey6bmkc.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\defaults\preferences\xulcache.js

c:\users\kevathediva\AppData\Roaming\Mozilla\Firefox\Profiles\iey6bmkc.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\install.rdf

c:\users\Movie Connect\AppData\Roaming\Mozilla\Firefox\Profiles\g5djnw2d.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}

c:\users\Movie Connect\AppData\Roaming\Mozilla\Firefox\Profiles\g5djnw2d.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\chrome.manifest

c:\users\Movie Connect\AppData\Roaming\Mozilla\Firefox\Profiles\g5djnw2d.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\chrome\xulcache.jar

c:\users\Movie Connect\AppData\Roaming\Mozilla\Firefox\Profiles\g5djnw2d.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\defaults\preferences\xulcache.js

c:\users\Movie Connect\AppData\Roaming\Mozilla\Firefox\Profiles\g5djnw2d.default\extensions\{62e953b6-3950-45ec-9518-51c772f811d7}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))

.

2012-02-09 02:47 . 2012-02-09 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-09 02:47 . 2012-02-09 02:47 -------- d-----w- c:\users\Movie Connect\AppData\Local\temp

2012-02-09 02:47 . 2012-02-09 02:47 -------- d-----w- c:\users\Alvin\AppData\Local\temp

2012-02-09 00:54 . 2012-02-09 00:54 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-08 21:55 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C014C4CE-FCD0-47FB-B209-5C27BEBB40FE}\mpengine.dll

2012-02-07 06:46 . 2012-02-07 06:46 -------- d-----w- c:\users\Movie Connect\AppData\Local\IsolatedStorage

2012-02-07 06:46 . 2012-02-07 06:46 -------- d-----w- c:\users\Movie Connect\AppData\Roaming\Intuit

2012-02-07 06:30 . 2012-02-07 06:30 -------- d-----w- c:\users\Movie Connect\AppData\Roaming\Malwarebytes

2012-02-07 05:14 . 2012-02-07 05:14 -------- d-----w- c:\users\Movie Connect\AppData\Roaming\Avira

2012-02-02 19:50 . 2012-02-02 19:50 -------- d-----w- c:\users\kevathediva\AppData\Roaming\Avira

2012-02-02 19:49 . 2012-02-03 20:03 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-02-02 19:49 . 2011-09-16 04:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-02-02 19:49 . 2011-09-16 04:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-02-02 19:49 . 2012-02-02 19:49 -------- d-----w- c:\programdata\Avira

2012-02-02 19:49 . 2012-02-02 19:49 -------- d-----w- c:\program files (x86)\Avira

2012-01-30 02:19 . 2012-01-30 02:19 -------- d-----w- c:\windows\Sun

2012-01-30 02:02 . 2012-01-30 02:02 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\79C2.tmp

2012-01-30 02:02 . 2012-01-30 02:02 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\79C1.tmp

2012-01-20 18:17 . 2012-01-20 18:17 -------- d-----w- c:\users\kevathediva\AppData\Roaming\Malwarebytes

2012-01-20 18:17 . 2012-01-20 18:17 -------- d-----w- c:\programdata\Malwarebytes

2012-01-20 18:17 . 2012-01-31 22:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-20 18:17 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-16 00:18 . 2012-01-16 00:18 -------- d-----w- c:\users\Movie Connect\AppData\Local\Diagnostics

2012-01-12 04:31 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-12 04:31 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-12 04:31 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-12 04:31 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-12 04:31 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2012-01-12 04:31 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-12 04:31 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-12 04:31 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 05:52 . 2011-01-26 07:45 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-11-24 05:00 . 2011-12-13 23:45 3141632 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Amazon Unbox.lnk.disabled [2011-1-29 2030]

McAfee Security Scan Plus.lnk.disabled [2010-12-24 1864]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" /runkey

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup

"Norton Online Backup"=c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

"4shared Update"="c:\program files (x86)\4shared Desktop\checkUpdate.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QFIbEoUCQmCWD.exe"=c:\programdata\QFIbEoUCQmCWD.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 135664]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 01:16]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 01:16]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273611105516l04c8z1j5t4751p592

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273611105516l04c8z1j5t4751p592

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.15.1

FF - ProfilePath - c:\users\kevathediva\AppData\Roaming\Mozilla\Firefox\Profiles\iey6bmkc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=d6o8gqqa2mcej

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Notify-igfxcui - (no file)

Toolbar-Locked - (no file)

AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

AddRemove-YInstHelper - c:\windows\system32\regsvr32

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rundll32.exe

c:\windows\SysWOW64\PSIService.exe

c:\program files (x86)\Launch Manager\LMworker.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2012-02-08 22:08:23 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-09 03:08

.

Pre-Run: 63,743,283,200 bytes free

Post-Run: 63,922,847,744 bytes free

.

- - End Of File - - 2FB5F201F0D7664BE1632A838EAD552F

LDTate · February 9, 2012

Looks like you might have a new infection that nothing is catching as an infection.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\programdata\QFIbEoUCQmCWD.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

kevathediva · February 9, 2012

I did see that that file was part of the problem through this whole fiasco...however when I went to VirusTotal to upload it, it was not there. Avira had quarentined it. It is in a quarentined file named '4a0673d0.qua' - should I upload that file?

LDTate · February 9, 2012

Sure, give it a try

LDTate · February 16, 2012

Do you still need help with this?

LDTate · February 20, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

I am infected - PUM.hijack.taskmanager is one culprit

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information