Trojan(s) affecting Google search links and Skype

[jaygee11]

My laptop has 2 problems which both started a couple of days ago. I don't know if they're related:-

1.

When clicking on a link in a Google search, my browser is redirected to various pages not related to the search link.

I've run MBAM free version 3 times including rebooting and the 2 files detected keep recurring.

2.

Skype which was working fine, now crashes on startup.

I've uninstalled it and re-installed a few times without any change. It's currently uninstalled.

--------------------------

DDS log:-

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Office at 18:13:21 on 2012-02-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.1858 [GMT 0:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\HPSIsvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe

C:\Program Files (x86)\Livedrive\Livedrive.exe

C:\Users\Office\AppData\Local\dplaysvr.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe

C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe

C:\Program Files (x86)\Royal Mail\SmartStamp\BINARY\STRAY.EXE

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\dplaysvr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\splwow64.exe

C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup

uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe"

uRun: [dplaysvr] C:\Users\Office\AppData\Local\dplaysvr.exe

uRun: [Google Update] "C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [OLP-Tray] C:\PROGRA~2\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE

mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

StartupFolder: C:\Users\Office\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\METOFF~1.LNK - C:\Program Files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe

StartupFolder: C:\Users\Office\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\Office\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SyncBack.lnk - C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{672674F9-FBFA-44F2-8E8A-49A44C84BC10} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{88C6FE27-06F6-430F-B7C9-46A9C6105C64} : DhcpNameServer = 192.168.0.1

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SecurityProviders: credssp.dll, AstoptuWxupb.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [OLP-Tray] C:\PROGRA~2\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE

mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\iv9xz7g6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.prioryframingsupplies.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Office\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-8-10 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-8-10 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-23 1153368]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-7 228408]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 QuickBooksDB19;QuickBooksDB19;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]

S3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-02-08 17:56:41 20480 ----a-w- C:\Windows\svchost.exe

2012-02-08 17:01:12 -------- d-----w- C:\Users\Office\AppData\Roaming\Malwarebytes

2012-02-08 17:00:56 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-08 17:00:55 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-08 17:00:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-08 16:58:58 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{080ED180-5772-47D0-95EC-887A26F491E1}\mpengine.dll

2012-02-07 10:06:32 -------- d-----w- C:\Users\Office\AppData\Local\Google

2012-02-02 14:19:13 118792 --sh--w- C:\Users\Office\AppData\Local\dplayx.dll

2012-02-02 14:19:13 109576 --sh--w- C:\Users\Office\AppData\Local\dplaysvr.exe

2012-01-27 18:20:46 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-27 18:20:46 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-27 18:20:46 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-27 18:20:46 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-27 18:20:28 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-27 18:20:28 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-27 18:20:15 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-27 18:20:15 67072 ----a-w- C:\Windows\SysWow64\packager.dll

.

==================== Find3M ====================

.

2012-01-27 00:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 18:14:14.52 ===============

--------------------------

Attach log:-

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/08/2010 19:27:28

System Uptime: 08/02/2012 17:55:24 (1 hours ago)

.

Motherboard: Hewlett-Packard | | 3069

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 123.165 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 2.088 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP390: 27/01/2012 18:20:53 - Windows Update

RP391: 27/01/2012 18:40:49 - Windows Update

RP392: 01/02/2012 07:28:59 - Configured Microsoft Office Home and Student 2007

RP393: 01/02/2012 18:38:22 - Windows Update

RP394: 03/02/2012 17:20:45 - Configured Microsoft Office Home and Student 2007

RP395: 04/02/2012 15:53:15 - Removed Skype Click to Call

RP396: 04/02/2012 15:53:59 - Removed Skype™ 5.8

RP397: 04/02/2012 19:02:50 - Removed Skype™ 5.8

RP398: 04/02/2012 19:27:38 - Removed Skype™ 5.8

RP399: 08/02/2012 16:58:16 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

ActiveCheck component for HP Active Support Library

Admiralty Digital Catalogue 1.6

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 3.0

Adobe Reader 9.5.0 MUI

Adobe Shockwave Player

Apple Software Update

Atheros Driver Installation Program

Avira AntiVir Personal - Free Antivirus

Basic PAYE Tools

Bing Bar

Bing Bar Platform

Compatibility Pack for the 2007 Office system

Core FTP LE 1.3c

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 8

CyberLink YouCam

D3DX10

Document Express DjVu Plug-in

DYMO Label v.8

Family Historian 4.1

Google Chrome

High Resolution World Data

HMRC Employer CD-ROM 2010 - Updated Edition 2.1.2

HP Advisor

HP Customer Experience Enhancements

HP Games

HP Quick Launch Buttons

HP Setup

HP Support Assistant

HP Update

HP User Guides 0148

HP Wireless Assistant

HPAsset component for HP Active Support Library

IDT Audio

Java Auto Updater

Java™ 6 Update 24

Junk Mail filter update

LabelPrint

LightScribe System Software

Magic Desktop

Malwarebytes Anti-Malware version 1.60.1.1000

Media Go

Met Office Desktop Widget

Microsoft Money

Microsoft Money Plus

Microsoft Money Shared Libraries

Microsoft Money System Pack

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Office XP Professional with FrontPage

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works

Mozilla Firefox 10.0 (x86 en-GB)

Mozilla Thunderbird 9.0.1 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

muvee Reveal

PlayStation®Network Downloader

PlayStation®Store

Power2Go

PowerDirector

QLBCASL

QuickBooks

QuickBooks Pro 2010

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Realtek USB 2.0 Card Reader

Recovery Manager

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

SmartStamp

Sony Ericsson Update Engine

Spybot - Search & Destroy

SupportSoft Assisted Service

SyncBack

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2005 Tools for Office Second Edition Runtime

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

08/02/2012 17:12:20, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

08/02/2012 08:08:29, Error: Service Control Manager [7034] - The Easybits Shared Services for Windows service terminated unexpectedly. It has done this 1 time(s).

04/02/2012 19:24:52, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

.

==== End Of File ===========================

Please can someone help. Many thanks in advance.

[Maniac]

Hello jaygee11 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please follow the instructions to run ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#use

Post the log file in your next reply.

In your next reply, please post the following log files:

• TDSSKiller log
  
• ComboFix log
  

[jaygee11]

Hi Maniac,

TDSSKiller log:-

11:40:53.0763 3328 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

11:40:54.0069 3328 ============================================================

11:40:54.0069 3328 Current date / time: 2012/02/09 11:40:54.0069

11:40:54.0069 3328 SystemInfo:

11:40:54.0069 3328

11:40:54.0070 3328 OS Version: 6.1.7601 ServicePack: 1.0

11:40:54.0070 3328 Product type: Workstation

11:40:54.0070 3328 ComputerName: OFFICE-PC

11:40:54.0073 3328 UserName: Office

11:40:54.0073 3328 Windows directory: C:\Windows

11:40:54.0073 3328 System windows directory: C:\Windows

11:40:54.0073 3328 Running under WOW64

11:40:54.0073 3328 Processor architecture: Intel x64

11:40:54.0073 3328 Number of processors: 1

11:40:54.0073 3328 Page size: 0x1000

11:40:54.0073 3328 Boot type: Normal boot

11:40:54.0073 3328 ============================================================

11:40:55.0247 3328 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:40:55.0252 3328 \Device\Harddisk0\DR0:

11:40:55.0253 3328 MBR used

11:40:55.0253 3328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

11:40:55.0253 3328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B86F000

11:40:55.0253 3328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8D3000, BlocksNum 0x18F2000

11:40:55.0316 3328 Initialize success

11:40:55.0316 3328 ============================================================

11:41:27.0429 5312 ============================================================

11:41:27.0429 5312 Scan started

11:41:27.0429 5312 Mode: Manual; SigCheck; TDLFS;

11:41:27.0430 5312 ============================================================

11:41:28.0931 5312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:41:29.0089 5312 1394ohci - ok

11:41:29.0128 5312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:41:29.0149 5312 ACPI - ok

11:41:29.0176 5312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:41:29.0305 5312 AcpiPmi - ok

11:41:29.0439 5312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:41:29.0460 5312 adp94xx - ok

11:41:29.0515 5312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:41:29.0534 5312 adpahci - ok

11:41:29.0573 5312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:41:29.0587 5312 adpu320 - ok

11:41:29.0652 5312 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

11:41:29.0720 5312 AFD - ok

11:41:29.0861 5312 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

11:41:29.0942 5312 AgereSoftModem - ok

11:41:30.0007 5312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:41:30.0021 5312 agp440 - ok

11:41:30.0064 5312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:41:30.0075 5312 aliide - ok

11:41:30.0094 5312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:41:30.0107 5312 amdide - ok

11:41:30.0146 5312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:41:30.0190 5312 AmdK8 - ok

11:41:30.0268 5312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:41:30.0306 5312 AmdPPM - ok

11:41:30.0361 5312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:41:30.0375 5312 amdsata - ok

11:41:30.0416 5312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:41:30.0430 5312 amdsbs - ok

11:41:30.0466 5312 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:41:30.0478 5312 amdxata - ok

11:41:30.0552 5312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:41:30.0611 5312 AppID - ok

11:41:30.0732 5312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:41:30.0745 5312 arc - ok

11:41:30.0793 5312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:41:30.0807 5312 arcsas - ok

11:41:30.0850 5312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:41:30.0911 5312 AsyncMac - ok

11:41:30.0957 5312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:41:30.0970 5312 atapi - ok

11:41:31.0044 5312 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys

11:41:31.0103 5312 athr - ok

11:41:31.0203 5312 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

11:41:31.0260 5312 avgntflt - ok

11:41:31.0302 5312 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

11:41:31.0315 5312 avipbb - ok

11:41:31.0375 5312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:41:31.0424 5312 b06bdrv - ok

11:41:31.0485 5312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:41:31.0531 5312 b57nd60a - ok

11:41:31.0634 5312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:41:31.0695 5312 Beep - ok

11:41:31.0779 5312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:41:31.0819 5312 blbdrive - ok

11:41:31.0866 5312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:41:31.0910 5312 bowser - ok

11:41:31.0956 5312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:41:32.0012 5312 BrFiltLo - ok

11:41:32.0079 5312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:41:32.0099 5312 BrFiltUp - ok

11:41:32.0237 5312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys

11:41:32.0283 5312 Brserid - ok

11:41:32.0341 5312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:41:32.0381 5312 BrSerWdm - ok

11:41:32.0440 5312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:41:32.0478 5312 BrUsbMdm - ok

11:41:32.0528 5312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys

11:41:32.0563 5312 BrUsbSer - ok

11:41:32.0620 5312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:41:32.0685 5312 BTHMODEM - ok

11:41:32.0837 5312 CbFs (d8466df7629a7acd2bed0cde206e5df9) C:\Windows\system32\drivers\cbfs.sys

11:41:32.0855 5312 CbFs - ok

11:41:32.0891 5312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:41:32.0951 5312 cdfs - ok

11:41:33.0028 5312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:41:33.0071 5312 cdrom - ok

11:41:33.0144 5312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:41:33.0190 5312 circlass - ok

11:41:33.0258 5312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:41:33.0278 5312 CLFS - ok

11:41:33.0417 5312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:41:33.0434 5312 CmBatt - ok

11:41:33.0489 5312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:41:33.0501 5312 cmdide - ok

11:41:33.0546 5312 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:41:33.0602 5312 CNG - ok

11:41:33.0675 5312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:41:33.0686 5312 Compbatt - ok

11:41:33.0788 5312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:41:33.0840 5312 CompositeBus - ok

11:41:33.0893 5312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:41:33.0905 5312 crcdisk - ok

11:41:33.0996 5312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:41:34.0037 5312 DfsC - ok

11:41:34.0096 5312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:41:34.0151 5312 discache - ok

11:41:34.0220 5312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:41:34.0232 5312 Disk - ok

11:41:34.0316 5312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:41:34.0354 5312 drmkaud - ok

11:41:34.0419 5312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:41:34.0453 5312 DXGKrnl - ok

11:41:34.0548 5312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:41:34.0628 5312 ebdrv - ok

11:41:34.0718 5312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:41:34.0738 5312 elxstor - ok

11:41:34.0835 5312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:41:34.0884 5312 ErrDev - ok

11:41:34.0961 5312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:41:35.0023 5312 exfat - ok

11:41:35.0081 5312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:41:35.0130 5312 fastfat - ok

11:41:35.0211 5312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:41:35.0256 5312 fdc - ok

11:41:35.0318 5312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:41:35.0330 5312 FileInfo - ok

11:41:35.0360 5312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:41:35.0424 5312 Filetrace - ok

11:41:35.0474 5312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:41:35.0490 5312 flpydisk - ok

11:41:35.0557 5312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:41:35.0575 5312 FltMgr - ok

11:41:35.0622 5312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:41:35.0635 5312 FsDepends - ok

11:41:35.0691 5312 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:41:35.0708 5312 Fs_Rec - ok

11:41:35.0785 5312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:41:35.0808 5312 fvevol - ok

11:41:35.0877 5312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:41:35.0892 5312 gagp30kx - ok

11:41:35.0967 5312 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys

11:41:35.0978 5312 ggflt - ok

11:41:36.0000 5312 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys

11:41:36.0011 5312 ggsemc - ok

11:41:36.0043 5312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:41:36.0080 5312 hcw85cir - ok

11:41:36.0182 5312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:41:36.0210 5312 HdAudAddService - ok

11:41:36.0278 5312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:41:36.0300 5312 HDAudBus - ok

11:41:36.0336 5312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:41:36.0372 5312 HidBatt - ok

11:41:36.0424 5312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:41:36.0467 5312 HidBth - ok

11:41:36.0503 5312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:41:36.0546 5312 HidIr - ok

11:41:36.0653 5312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:41:36.0687 5312 HidUsb - ok

11:41:36.0821 5312 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

11:41:36.0857 5312 HpqKbFiltr - ok

11:41:36.0902 5312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:41:36.0919 5312 HpSAMD - ok

11:41:36.0984 5312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:41:37.0057 5312 HTTP - ok

11:41:37.0127 5312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:41:37.0151 5312 hwpolicy - ok

11:41:37.0328 5312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:41:37.0370 5312 i8042prt - ok

11:41:37.0426 5312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:41:37.0464 5312 iaStorV - ok

11:41:37.0693 5312 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:41:37.0857 5312 igfx - ok

11:41:37.0930 5312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:41:37.0944 5312 iirsp - ok

11:41:38.0024 5312 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys

11:41:38.0062 5312 IntcHdmiAddService - ok

11:41:38.0108 5312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:41:38.0124 5312 intelide - ok

11:41:38.0176 5312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:41:38.0213 5312 intelppm - ok

11:41:38.0269 5312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:41:38.0333 5312 IpFilterDriver - ok

11:41:38.0446 5312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:41:38.0501 5312 IPMIDRV - ok

11:41:38.0555 5312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:41:38.0615 5312 IPNAT - ok

11:41:38.0667 5312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:41:38.0701 5312 IRENUM - ok

11:41:38.0751 5312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:41:38.0766 5312 isapnp - ok

11:41:38.0800 5312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:41:38.0818 5312 iScsiPrt - ok

11:41:38.0855 5312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:41:38.0867 5312 kbdclass - ok

11:41:38.0896 5312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:41:38.0971 5312 kbdhid - ok

11:41:39.0050 5312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:41:39.0064 5312 KSecDD - ok

11:41:39.0110 5312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:41:39.0127 5312 KSecPkg - ok

11:41:39.0167 5312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:41:39.0231 5312 ksthunk - ok

11:41:39.0325 5312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:41:39.0385 5312 lltdio - ok

11:41:39.0478 5312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:41:39.0492 5312 LSI_FC - ok

11:41:39.0540 5312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:41:39.0555 5312 LSI_SAS - ok

11:41:39.0600 5312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:41:39.0612 5312 LSI_SAS2 - ok

11:41:39.0659 5312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:41:39.0682 5312 LSI_SCSI - ok

11:41:39.0708 5312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:41:39.0794 5312 luafv - ok

11:41:39.0865 5312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:41:39.0880 5312 megasas - ok

11:41:39.0906 5312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:41:39.0927 5312 MegaSR - ok

11:41:39.0972 5312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:41:40.0028 5312 Modem - ok

11:41:40.0096 5312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:41:40.0134 5312 monitor - ok

11:41:40.0215 5312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:41:40.0230 5312 mouclass - ok

11:41:40.0270 5312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:41:40.0303 5312 mouhid - ok

11:41:40.0350 5312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:41:40.0367 5312 mountmgr - ok

11:41:40.0417 5312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:41:40.0434 5312 mpio - ok

11:41:40.0470 5312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:41:40.0531 5312 mpsdrv - ok

11:41:40.0642 5312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:41:40.0683 5312 MRxDAV - ok

11:41:40.0751 5312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:41:40.0791 5312 mrxsmb - ok

11:41:40.0840 5312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:41:40.0883 5312 mrxsmb10 - ok

11:41:40.0919 5312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:41:40.0939 5312 mrxsmb20 - ok

11:41:40.0995 5312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:41:41.0007 5312 msahci - ok

11:41:41.0078 5312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:41:41.0094 5312 msdsm - ok

11:41:41.0168 5312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:41:41.0215 5312 Msfs - ok

11:41:41.0266 5312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:41:41.0313 5312 mshidkmdf - ok

11:41:41.0346 5312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:41:41.0359 5312 msisadrv - ok

11:41:41.0405 5312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:41:41.0469 5312 MSKSSRV - ok

11:41:41.0503 5312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:41:41.0565 5312 MSPCLOCK - ok

11:41:41.0603 5312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:41:41.0677 5312 MSPQM - ok

11:41:41.0743 5312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:41:41.0763 5312 MsRPC - ok

11:41:41.0838 5312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:41:41.0853 5312 mssmbios - ok

11:41:41.0893 5312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:41:41.0951 5312 MSTEE - ok

11:41:42.0014 5312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:41:42.0055 5312 MTConfig - ok

11:41:42.0093 5312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:41:42.0107 5312 Mup - ok

11:41:42.0148 5312 mvusbews (8fa52b6049596fe2fdbc8a5e8b14ebfc) C:\Windows\system32\Drivers\mvusbews.sys

11:41:42.0182 5312 mvusbews - ok

11:41:42.0243 5312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:41:42.0293 5312 NativeWifiP - ok

11:41:42.0416 5312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:41:42.0452 5312 NDIS - ok

11:41:42.0529 5312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:41:42.0574 5312 NdisCap - ok

11:41:42.0637 5312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:41:42.0702 5312 NdisTapi - ok

11:41:42.0766 5312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:41:42.0831 5312 Ndisuio - ok

11:41:42.0929 5312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:41:42.0993 5312 NdisWan - ok

11:41:43.0047 5312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:41:43.0105 5312 NDProxy - ok

11:41:43.0177 5312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:41:43.0220 5312 NetBIOS - ok

11:41:43.0298 5312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:41:43.0361 5312 NetBT - ok

11:41:43.0569 5312 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

11:41:43.0701 5312 netw5v64 - ok

11:41:43.0783 5312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:41:43.0799 5312 nfrd960 - ok

11:41:43.0852 5312 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys

11:41:43.0898 5312 nmwcd - ok

11:41:43.0942 5312 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys

11:41:43.0975 5312 nmwcdc - ok

11:41:44.0037 5312 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys

11:41:44.0091 5312 nmwcdnsux64 - ok

11:41:44.0136 5312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:41:44.0199 5312 Npfs - ok

11:41:44.0283 5312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:41:44.0330 5312 nsiproxy - ok

11:41:44.0396 5312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:41:44.0445 5312 Ntfs - ok

11:41:44.0477 5312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:41:44.0559 5312 Null - ok

11:41:44.0608 5312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:41:44.0628 5312 nvraid - ok

11:41:44.0656 5312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:41:44.0675 5312 nvstor - ok

11:41:44.0738 5312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:41:44.0752 5312 nv_agp - ok

11:41:44.0863 5312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:41:44.0898 5312 ohci1394 - ok

11:41:44.0983 5312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:41:45.0026 5312 Parport - ok

11:41:45.0079 5312 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:41:45.0093 5312 partmgr - ok

11:41:45.0131 5312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:41:45.0147 5312 pci - ok

11:41:45.0177 5312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:41:45.0190 5312 pciide - ok

11:41:45.0231 5312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:41:45.0253 5312 pcmcia - ok

11:41:45.0351 5312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:41:45.0367 5312 pcw - ok

11:41:45.0405 5312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:41:45.0479 5312 PEAUTH - ok

11:41:45.0676 5312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:41:45.0747 5312 PptpMiniport - ok

11:41:45.0807 5312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:41:45.0852 5312 Processor - ok

11:41:45.0948 5312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:41:46.0004 5312 Psched - ok

11:41:46.0188 5312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:41:46.0245 5312 ql2300 - ok

11:41:46.0297 5312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:41:46.0318 5312 ql40xx - ok

11:41:46.0373 5312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:41:46.0414 5312 QWAVEdrv - ok

11:41:46.0460 5312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:41:46.0527 5312 RasAcd - ok

11:41:46.0584 5312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:41:46.0631 5312 RasAgileVpn - ok

11:41:46.0756 5312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:41:46.0822 5312 Rasl2tp - ok

11:41:46.0865 5312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:41:46.0982 5312 RasPppoe - ok

11:41:47.0017 5312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:41:47.0087 5312 RasSstp - ok

11:41:47.0132 5312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:41:47.0198 5312 rdbss - ok

11:41:47.0245 5312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:41:47.0282 5312 rdpbus - ok

11:41:47.0324 5312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:41:47.0385 5312 RDPCDD - ok

11:41:47.0469 5312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:41:47.0532 5312 RDPENCDD - ok

11:41:47.0554 5312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:41:47.0609 5312 RDPREFMP - ok

11:41:47.0671 5312 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

11:41:47.0717 5312 RDPWD - ok

11:41:47.0781 5312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:41:47.0795 5312 rdyboost - ok

11:41:47.0873 5312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:41:47.0921 5312 rspndr - ok

11:41:47.0951 5312 RSUSBSTOR - ok

11:41:47.0992 5312 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:41:48.0023 5312 RTL8167 - ok

11:41:48.0081 5312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:41:48.0094 5312 sbp2port - ok

11:41:48.0218 5312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:41:48.0273 5312 scfilter - ok

11:41:48.0338 5312 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

11:41:48.0380 5312 sdbus - ok

11:41:48.0466 5312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:41:48.0507 5312 secdrv - ok

11:41:48.0553 5312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:41:48.0587 5312 Serenum - ok

11:41:48.0682 5312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:41:48.0700 5312 Serial - ok

11:41:48.0743 5312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:41:48.0777 5312 sermouse - ok

11:41:48.0844 5312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:41:48.0890 5312 sffdisk - ok

11:41:48.0922 5312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:41:48.0960 5312 sffp_mmc - ok

11:41:48.0998 5312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:41:49.0034 5312 sffp_sd - ok

11:41:49.0071 5312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:41:49.0108 5312 sfloppy - ok

11:41:49.0177 5312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:41:49.0191 5312 SiSRaid2 - ok

11:41:49.0262 5312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:41:49.0276 5312 SiSRaid4 - ok

11:41:49.0317 5312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:41:49.0375 5312 Smb - ok

11:41:49.0440 5312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:41:49.0452 5312 spldr - ok

11:41:49.0518 5312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:41:49.0557 5312 srv - ok

11:41:49.0597 5312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:41:49.0617 5312 srv2 - ok

11:41:49.0661 5312 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

11:41:49.0683 5312 SrvHsfHDA - ok

11:41:49.0793 5312 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

11:41:49.0852 5312 SrvHsfV92 - ok

11:41:49.0901 5312 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

11:41:49.0933 5312 SrvHsfWinac - ok

11:41:49.0980 5312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:41:50.0010 5312 srvnet - ok

11:41:50.0095 5312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:41:50.0107 5312 stexstor - ok

11:41:50.0225 5312 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys

11:41:50.0268 5312 STHDA - ok

11:41:50.0344 5312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:41:50.0356 5312 swenum - ok

11:41:50.0448 5312 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys

11:41:50.0464 5312 SynTP - ok

11:41:50.0553 5312 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

11:41:50.0605 5312 Tcpip - ok

11:41:50.0695 5312 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

11:41:50.0738 5312 TCPIP6 - ok

11:41:50.0793 5312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:41:50.0856 5312 tcpipreg - ok

11:41:50.0911 5312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:41:50.0971 5312 TDPIPE - ok

11:41:50.0992 5312 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

11:41:51.0038 5312 TDTCP - ok

11:41:51.0100 5312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:41:51.0140 5312 tdx - ok

11:41:51.0198 5312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:41:51.0213 5312 TermDD - ok

11:41:51.0300 5312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:41:51.0360 5312 tssecsrv - ok

11:41:51.0457 5312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:41:51.0492 5312 TsUsbFlt - ok

11:41:51.0567 5312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:41:51.0607 5312 tunnel - ok

11:41:51.0648 5312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:41:51.0663 5312 uagp35 - ok

11:41:51.0717 5312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:41:51.0779 5312 udfs - ok

11:41:51.0853 5312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:41:51.0867 5312 uliagpkx - ok

11:41:52.0046 5312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

11:41:52.0133 5312 umbus - ok

11:41:52.0259 5312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:41:52.0293 5312 UmPass - ok

11:41:52.0357 5312 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

11:41:52.0408 5312 upperdev - ok

11:41:52.0451 5312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:41:52.0485 5312 usbccgp - ok

11:41:52.0589 5312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:41:52.0631 5312 usbcir - ok

11:41:52.0670 5312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

11:41:52.0707 5312 usbehci - ok

11:41:52.0757 5312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:41:52.0795 5312 usbhub - ok

11:41:52.0845 5312 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

11:41:52.0863 5312 usbohci - ok

11:41:52.0902 5312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:41:52.0936 5312 usbprint - ok

11:41:53.0020 5312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:41:53.0054 5312 usbscan - ok

11:41:53.0102 5312 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

11:41:53.0139 5312 usbser - ok

11:41:53.0171 5312 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

11:41:53.0218 5312 UsbserFilt - ok

11:41:53.0263 5312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:41:53.0298 5312 USBSTOR - ok

11:41:53.0349 5312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

11:41:53.0385 5312 usbuhci - ok

11:41:53.0494 5312 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

11:41:53.0516 5312 usbvideo - ok

11:41:53.0566 5312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:41:53.0579 5312 vdrvroot - ok

11:41:53.0614 5312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:41:53.0635 5312 vga - ok

11:41:53.0666 5312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:41:53.0735 5312 VgaSave - ok

11:41:53.0777 5312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:41:53.0795 5312 vhdmp - ok

11:41:53.0822 5312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:41:53.0834 5312 viaide - ok

11:41:53.0862 5312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:41:53.0876 5312 volmgr - ok

11:41:53.0935 5312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:41:53.0958 5312 volmgrx - ok

11:41:53.0986 5312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:41:54.0004 5312 volsnap - ok

11:41:54.0089 5312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:41:54.0103 5312 vsmraid - ok

11:41:54.0137 5312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:41:54.0173 5312 vwifibus - ok

11:41:54.0234 5312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:41:54.0277 5312 vwififlt - ok

11:41:54.0336 5312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:41:54.0352 5312 WacomPen - ok

11:41:54.0414 5312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:41:54.0473 5312 WANARP - ok

11:41:54.0484 5312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:41:54.0528 5312 Wanarpv6 - ok

11:41:54.0673 5312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:41:54.0685 5312 Wd - ok

11:41:54.0720 5312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:41:54.0745 5312 Wdf01000 - ok

11:41:54.0834 5312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:41:54.0875 5312 WfpLwf - ok

11:41:54.0903 5312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:41:54.0918 5312 WIMMount - ok

11:41:55.0031 5312 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:41:55.0074 5312 WinUsb - ok

11:41:55.0178 5312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:41:55.0194 5312 WmiAcpi - ok

11:41:55.0259 5312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:41:55.0344 5312 ws2ifsl - ok

11:41:55.0419 5312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:41:55.0460 5312 WudfPf - ok

11:41:55.0493 5312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:41:55.0553 5312 WUDFRd - ok

11:41:55.0630 5312 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

11:41:55.0670 5312 yukonw7 - ok

11:41:55.0720 5312 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0

11:41:55.0748 5312 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:41:55.0748 5312 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:41:56.0332 5312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:41:56.0333 5312 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:41:56.0370 5312 Boot (0x1200) (ffce35b41cbfe654c6a0ff00353738cb) \Device\Harddisk0\DR0\Partition0

11:41:56.0371 5312 \Device\Harddisk0\DR0\Partition0 - ok

11:41:56.0389 5312 Boot (0x1200) (99e85cf3cdea0ba173ef2a764df193f8) \Device\Harddisk0\DR0\Partition1

11:41:56.0392 5312 \Device\Harddisk0\DR0\Partition1 - ok

11:41:56.0421 5312 Boot (0x1200) (021f9d186ca9b0c1bc31e0e88de9da63) \Device\Harddisk0\DR0\Partition2

11:41:56.0422 5312 \Device\Harddisk0\DR0\Partition2 - ok

11:41:56.0427 5312 ============================================================

11:41:56.0428 5312 Scan finished

11:41:56.0428 5312 ============================================================

11:41:56.0448 4024 Detected object count: 2

11:41:56.0448 4024 Actual detected object count: 2

11:43:57.0963 4024 \Device\Harddisk0\DR0\# - copied to quarantine

11:43:57.0963 4024 \Device\Harddisk0\DR0 - copied to quarantine

11:43:58.0283 4024 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

11:43:58.0285 4024 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

11:43:58.0295 4024 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

11:43:58.0305 4024 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

11:43:58.0307 4024 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

11:43:58.0313 4024 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

11:43:58.0317 4024 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

11:43:58.0321 4024 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

11:43:58.0326 4024 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

11:43:58.0332 4024 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

11:43:58.0364 4024 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

11:43:58.0401 4024 \Device\Harddisk0\DR0 - ok

11:43:59.0612 4024 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

11:43:59.0615 4024 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:43:59.0615 4024 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:44:08.0614 2688 Deinitialize success

------------------------

ComboFix log:-

ComboFix 12-02-09.02 - Office 09/02/2012 17:35:15.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.1886 [GMT 0:00]

Running from: c:\users\Office\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Office\AppData\Local\dplaysvr.exe

c:\users\Office\AppData\Local\dplayx.dll

c:\windows\svchost.exe

c:\windows\system32\fxsst.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))

.

.

2012-02-09 18:14 . 2012-02-09 18:14 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp

2012-02-09 18:14 . 2012-02-09 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-09 11:43 . 2012-02-09 11:43 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-08 17:01 . 2012-02-08 17:01 -------- d-----w- c:\users\Office\AppData\Roaming\Malwarebytes

2012-02-08 17:00 . 2012-02-08 17:00 -------- d-----w- c:\programdata\Malwarebytes

2012-02-08 17:00 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-08 17:00 . 2012-02-08 17:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-08 16:58 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{080ED180-5772-47D0-95EC-887A26F491E1}\mpengine.dll

2012-02-07 10:06 . 2012-02-07 10:08 -------- d-----w- c:\users\Office\AppData\Local\Google

2012-01-27 18:20 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-27 18:20 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-27 18:20 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-27 18:20 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-27 18:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-27 18:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-27 18:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-27 18:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 00:52 . 2010-08-10 18:46 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-11-24 04:52 . 2011-12-16 08:03 3145216 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2010-05-11 1885512]

"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2011-06-20 1700352]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]

"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2010-05-11 55808]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"OLP-Tray"="c:\progra~2\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE" [2006-07-17 40960]

"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [2012-02-07 87528]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [2012-02-07 87528]

.

c:\users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Met Office Desktop Widget.lnk - c:\program files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe [2012-1-4 142848]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

SyncBack.lnk - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-8-10 3016960]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-8 984408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, AstoptuWxupb.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-07-27 131072]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995999872-2163676774-2188543419-1001Core.job

- c:\users\Office\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 10:06]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995999872-2163676774-2188543419-1001UA.job

- c:\users\Office\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 10:06]

.

2012-02-08 c:\windows\Tasks\HPCeeScheduleForOffice.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]

@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"

[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]

@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"

[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]

@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"

[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]

@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"

[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 171520]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\iv9xz7g6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.prioryframingsupplies.co.uk/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-dplaysvr - c:\users\Office\AppData\Local\dplaysvr.exe

ShellIconOverlayIdentifiers-{5A2A5978-6F74-4BD3-B09C-EB44A1457500} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Royal Mail\SmartStamp\BINARY\STRAY.EXE

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

.

**************************************************************************

.

Completion time: 2012-02-09 19:42:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-09 19:42

.

Pre-Run: 145,606,475,776 bytes free

Post-Run: 139,436,457,984 bytes free

.

- - End Of File - - 353674D5159C4D40A4A460CCCB130599

[Maniac]

Open Notepad and copy and paste the text in the code box below into it:

http://forums.malwarebytes.org/index.php?showtopic=105911

Collect::
c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-

FireFox::
FF - ProfilePath - c:\users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\iv9xz7g6.default\
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

ClearJavaCache::

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

[jaygee11]

Hi,

ComboFix.txt:-

ComboFix 12-02-09.02 - Office 09/02/2012 20:41:09.2.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.1872 [GMT 0:00]

Running from: c:\users\Office\Desktop\ComboFix.exe

Command switches used :: c:\users\Office\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\fxsst.dll . . . . Failed to delete

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache86\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))

.

.

2012-02-09 20:47 . 2012-02-09 20:47 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp

2012-02-09 20:47 . 2012-02-09 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-09 11:43 . 2012-02-09 11:43 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-08 17:01 . 2012-02-08 17:01 -------- d-----w- c:\users\Office\AppData\Roaming\Malwarebytes

2012-02-08 17:00 . 2012-02-08 17:00 -------- d-----w- c:\programdata\Malwarebytes

2012-02-08 17:00 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-08 17:00 . 2012-02-08 17:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-08 16:58 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{080ED180-5772-47D0-95EC-887A26F491E1}\mpengine.dll

2012-02-07 10:06 . 2012-02-07 10:08 -------- d-----w- c:\users\Office\AppData\Local\Google

2012-01-27 18:20 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-27 18:20 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-27 18:20 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-27 18:20 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-27 18:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-27 18:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-27 18:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-27 18:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 00:52 . 2010-08-10 18:46 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-11-24 04:52 . 2011-12-16 08:03 3145216 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-09_19.23.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-09 20:48 . 2012-02-09 20:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-09 18:16 . 2012-02-09 18:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-09 18:16 . 2012-02-09 18:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-09 20:48 . 2012-02-09 20:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-02-09 20:48 412116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-02-09 18:15 412116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-15 16:55 . 2012-02-09 20:48 3396668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-995999872-2163676774-2188543419-1001-12288.dat

- 2010-11-15 16:55 . 2012-02-09 16:28 3396668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-995999872-2163676774-2188543419-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2010-05-11 1885512]

"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2011-06-20 1700352]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]

"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [2010-05-11 55808]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"OLP-Tray"="c:\progra~2\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE" [2006-07-17 40960]

.

c:\users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Met Office Desktop Widget.lnk - c:\program files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe [2012-1-4 142848]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

SyncBack.lnk - c:\program files (x86)\2BrightSparks\SyncBack\SyncBack.exe [2010-8-10 3016960]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-8 984408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, AstoptuWxupb.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]

S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-07-27 131072]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995999872-2163676774-2188543419-1001Core.job

- c:\users\Office\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 10:06]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-995999872-2163676774-2188543419-1001UA.job

- c:\users\Office\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 10:06]

.

2012-02-08 c:\windows\Tasks\HPCeeScheduleForOffice.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]

@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"

[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]

@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"

[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]

@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"

[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]

@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"

[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]

2011-06-20 13:36 1694544 ----a-w- c:\program files (x86)\Livedrive\LivedriveExtensions.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 171520]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\iv9xz7g6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.prioryframingsupplies.co.uk/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{5A2A5978-6F74-4BD3-B09C-EB44A1457500} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Royal Mail\SmartStamp\BINARY\STRAY.EXE

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

.

**************************************************************************

.

Completion time: 2012-02-09 20:53:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-09 20:53

ComboFix2.txt 2012-02-09 19:42

.

Pre-Run: 139,487,289,344 bytes free

Post-Run: 139,409,031,168 bytes free

.

- - End Of File - - B309F88466CB31E3CA7D1CC37069B093

Clicking links on Google are working fine and Skype is working again. So all seems well.

[Maniac]

Let's do some additional scans:

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update" tab and select Check for Updates.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

1. Please run a free online scan with the ESET Online Scanner
   Note: You will need to use Internet Explorer for this scan
   
2. Tick the box next to YES, I accept the Terms of Use
   
3. Click Start
   
4. When asked, allow the ActiveX control to install
   
5. Click Start
   
6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
7. Click Scan (This scan can take several hours, so please be patient)
   
8. Once the scan is completed, you may close the window
   
9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
10. Copy and paste that log as a reply to this topic
    

In your next reply, please post the following log files:

• Malwarebytes' Anti-Malware log
  
• ESET Online Scanner log
  

[jaygee11]

Hi,

Malwarebytes' Anti-Malware log:-

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.09.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Office :: OFFICE-PC [administrator]

09/02/2012 21:10:15

mbam-log-2012-02-09 (21-10-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203936

Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET Online Scanner log:-

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-09 10:21:16

# local_time=2012-02-09 10:21:16 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 457609 65355451 137209 0

# compatibility_mode=5893 16776573 100 94 105725 81287513 0 0

# compatibility_mode=8192 67108863 100 0 3837 3837 0 0

# scanned=213135

# found=10

# cleaned=10

# scan_time=3613

C:\Qoobox\Quarantine\C\Users\Office\AppData\Local\dplaysvr.exe.vir a variant of Win32/Kryptik.AAAJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\Office\AppData\Local\dplayx.dll.vir a variant of Win32/Kryptik.AAAJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\09.02.2012_11.40.54\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\09.02.2012_11.40.54\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\09.02.2012_11.40.54\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.IQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\09.02.2012_11.40.54\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\09.02.2012_11.40.54\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\09.02.2012_11.40.54\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\dplaysvr.exe a variant of Win32/Kryptik.AAHN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\dplayx.dll a variant of Win32/Kryptik.AACV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[Maniac]

Good work!

How are things now?

[jaygee11]

Hi,

All seems ok - many, many thanks.

[Maniac]

Glad I could help!

Please uninstall ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and TDSSKiller and then uninstall ESET Online Scanner.

Here some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing!

[jaygee11]

Hi Maniac,

My laptop is still clean and I've tightened up my online security.

I've just made a donation in appreciation of your help.

Many thanks again.

[Maniac]

Glad I could help!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!