Jump to content

REdirect, security issues, etc.


Recommended Posts

Hi there. I'm running Win7 32 on a toshiba laptop and having issues in Chrome and FF, as well with Security essentials. I've already run spybot and mbam several times, and this past time, nothing showed up but I'm still having the issue.

Here's dds and attached are the ark file and the attach file.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by Shanna at 22:49:09 on 2011-07-22

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1240 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Shanna\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Shanna\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Shanna\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Shanna\Desktop\dds.scr

C:\Windows\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\shanna\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [<NO NAME>]

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\shanna\appdata\roaming\mozilla\firefox\profiles\sia8rj4z.default\

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\users\shanna\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2010-12-15 4807536]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2011-5-23 465872]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-3-4 48600]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-5-20 314368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-21 1153368]

S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2011-5-23 77968]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-18 15872]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-2-20 11232]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-18 52224]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-12-15 10752]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-10 1343400]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

S4 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-1-14 1294848]

.

=============== Created Last 30 ================

.

2011-07-23 02:20:22 -------- d-----w- c:\program files\ESET

2011-07-22 22:21:38 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-22 20:05:45 -------- d-----w- c:\users\shanna\appdata\roaming\Malwarebytes

2011-07-22 20:05:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 20:05:35 -------- d-----w- c:\programdata\Malwarebytes

2011-07-22 20:05:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 20:05:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 05:44:01 -------- d-sh--w- C:\found.000

2011-07-22 01:00:31 -------- d-----w- c:\windows\system32\SPReview

2011-07-22 00:59:32 -------- d-----w- c:\windows\system32\EventProviders

2011-07-22 00:54:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-22 00:54:08 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-07-20 06:58:43 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-20 06:58:43 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-20 06:58:43 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-20 06:58:43 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-20 06:58:43 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-20 06:58:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-20 06:58:43 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-19 04:10:55 -------- d-----w- c:\programdata\VanDyke

2011-07-19 03:55:29 -------- d-----w- c:\users\shanna\appdata\roaming\VanDyke

2011-07-19 03:52:24 -------- d-----w- c:\program files\VanDyke Software

2011-07-19 03:51:09 -------- d-----w- c:\users\shanna\appdata\local\Downloaded Installations

2011-07-19 03:46:59 750592 ----a-w- c:\windows\system32\schedsvc.dll

2011-07-19 03:45:59 155472 ----a-w- c:\windows\system32\mscorier.dll

2011-07-19 03:44:59 50176 ----a-w- c:\windows\system32\drivers\appid.sys

2011-07-19 03:42:57 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-07-19 03:42:56 257024 ----a-w- c:\windows\system32\dpx.dll

2011-07-19 03:39:59 -------- d-----w- c:\users\shanna\appdata\local\Cisco

2011-07-19 03:39:59 -------- d-----w- c:\program files\Cisco

2011-07-19 03:38:32 -------- d-----w- c:\programdata\Cisco

2011-07-19 03:16:59 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-23 21:21:16 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-23 21:21:15 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-23 21:21:15 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-23 21:21:07 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-23 21:21:06 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2011-06-23 21:21:05 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-23 21:20:43 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-23 21:20:26 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 21:20:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-23 21:20:15 219136 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-06-23 21:20:15 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-06-23 21:20:06 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-23 21:18:57 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-06-23 21:18:53 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

==================== Find3M ====================

.

2011-07-23 02:47:03 44544 ----a-w- c:\windows\system32\agremove.exe

2011-07-22 01:10:23 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe

2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-23 18:55:29 10704 ----a-w- c:\windows\system32\vpncategories.dll

2011-05-23 18:55:22 32720 ----a-w- c:\windows\system32\vpnevents.dll

2011-05-23 18:45:27 23464 ----a-w- c:\windows\system32\drivers\vpnva.sys

2011-05-23 18:45:05 77968 ----a-r- c:\windows\system32\drivers\acsock.sys

2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-04-27 19:25:24 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 22:51:31.29 ===============

Attach (1).zip

Link to post
Share on other sites

Whoops, forgot the mbam log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7232

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

7/22/2011 10:38:38 PM

mbam-log-2011-07-22 (22-38-38).txt

Scan type: Quick scan

Objects scanned: 162046

Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank You for responding. My computer is still re-directing in all browsers (I tested it out in chrome, IE 9, Firefox and Opera.) I also am unable to start Security essentials in normal mode. In safe mode, the computer starts Security Essentials but cannot turn on immediate protection, nor can it run a scan. Unfortunately, TDS didn't find anything:

2011/07/26 01:46:24.0124 2544 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/26 01:46:24.0358 2544 ================================================================================

2011/07/26 01:46:24.0358 2544 SystemInfo:

2011/07/26 01:46:24.0358 2544

2011/07/26 01:46:24.0358 2544 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/26 01:46:24.0358 2544 Product type: Workstation

2011/07/26 01:46:24.0358 2544 ComputerName: SHANNA-PC

2011/07/26 01:46:24.0358 2544 UserName: Shanna

2011/07/26 01:46:24.0358 2544 Windows directory: C:\Windows

2011/07/26 01:46:24.0358 2544 System windows directory: C:\Windows

2011/07/26 01:46:24.0358 2544 Processor architecture: Intel x86

2011/07/26 01:46:24.0358 2544 Number of processors: 2

2011/07/26 01:46:24.0358 2544 Page size: 0x1000

2011/07/26 01:46:24.0358 2544 Boot type: Normal boot

2011/07/26 01:46:24.0358 2544 ================================================================================

2011/07/26 01:46:25.0715 2544 Initialize success

2011/07/26 01:46:28.0227 1956 ================================================================================

2011/07/26 01:46:28.0227 1956 Scan started

2011/07/26 01:46:28.0227 1956 Mode: Manual;

2011/07/26 01:46:28.0227 1956 ================================================================================

2011/07/26 01:46:30.0270 1956 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/26 01:46:30.0333 1956 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/26 01:46:30.0473 1956 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/26 01:46:30.0535 1956 acsock (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys

2011/07/26 01:46:30.0707 1956 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/26 01:46:30.0738 1956 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/26 01:46:30.0863 1956 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/26 01:46:30.0957 1956 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/07/26 01:46:31.0081 1956 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/26 01:46:31.0144 1956 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/26 01:46:31.0269 1956 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/26 01:46:31.0331 1956 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/26 01:46:31.0362 1956 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/26 01:46:31.0471 1956 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/26 01:46:31.0503 1956 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/26 01:46:31.0565 1956 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/07/26 01:46:31.0674 1956 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/26 01:46:31.0721 1956 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/07/26 01:46:31.0783 1956 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/26 01:46:31.0924 1956 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/26 01:46:31.0971 1956 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/26 01:46:32.0095 1956 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/26 01:46:32.0173 1956 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/26 01:46:32.0329 1956 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys

2011/07/26 01:46:32.0485 1956 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/26 01:46:32.0532 1956 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/26 01:46:32.0688 1956 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/26 01:46:32.0829 1956 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/26 01:46:32.0907 1956 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/26 01:46:33.0031 1956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/26 01:46:33.0063 1956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/26 01:46:33.0109 1956 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/26 01:46:33.0219 1956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/26 01:46:33.0250 1956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/26 01:46:33.0281 1956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/26 01:46:33.0312 1956 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/26 01:46:33.0453 1956 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/26 01:46:33.0515 1956 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/07/26 01:46:33.0640 1956 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/26 01:46:33.0702 1956 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/26 01:46:33.0827 1956 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/26 01:46:33.0889 1956 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/26 01:46:34.0045 1956 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/26 01:46:34.0186 1956 CnxtHdAudService (2fbea8aaad105b93f1ef93f206664245) C:\Windows\system32\drivers\CHDRT32.sys

2011/07/26 01:46:34.0217 1956 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/26 01:46:34.0373 1956 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/26 01:46:34.0420 1956 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/26 01:46:34.0591 1956 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/07/26 01:46:34.0779 1956 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/26 01:46:34.0935 1956 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/26 01:46:34.0950 1956 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/26 01:46:35.0106 1956 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2011/07/26 01:46:35.0309 1956 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys

2011/07/26 01:46:35.0449 1956 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/07/26 01:46:35.0496 1956 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/26 01:46:35.0637 1956 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/26 01:46:35.0855 1956 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/26 01:46:36.0042 1956 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/26 01:46:36.0105 1956 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/26 01:46:36.0245 1956 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/26 01:46:36.0385 1956 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/26 01:46:36.0432 1956 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/26 01:46:36.0573 1956 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/26 01:46:36.0604 1956 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/26 01:46:36.0619 1956 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/26 01:46:36.0744 1956 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/26 01:46:36.0791 1956 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/26 01:46:36.0916 1956 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/26 01:46:36.0994 1956 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/26 01:46:37.0119 1956 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/26 01:46:37.0165 1956 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/26 01:46:37.0337 1956 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/07/26 01:46:37.0399 1956 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/26 01:46:37.0493 1956 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/26 01:46:37.0524 1956 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/26 01:46:37.0555 1956 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/26 01:46:37.0867 1956 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/07/26 01:46:38.0133 1956 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/26 01:46:38.0226 1956 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/26 01:46:38.0367 1956 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/26 01:46:38.0460 1956 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/26 01:46:38.0585 1956 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/07/26 01:46:38.0913 1956 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/07/26 01:46:39.0147 1956 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/26 01:46:39.0240 1956 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/26 01:46:39.0349 1956 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/26 01:46:39.0412 1956 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/26 01:46:39.0552 1956 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/26 01:46:39.0599 1956 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/26 01:46:39.0693 1956 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/26 01:46:39.0771 1956 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/26 01:46:39.0833 1956 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/26 01:46:39.0973 1956 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/26 01:46:40.0020 1956 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/26 01:46:40.0098 1956 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/26 01:46:40.0223 1956 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/26 01:46:40.0285 1956 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/26 01:46:40.0348 1956 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/26 01:46:40.0441 1956 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/26 01:46:40.0473 1956 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/26 01:46:40.0519 1956 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/26 01:46:40.0629 1956 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/26 01:46:40.0675 1956 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/26 01:46:40.0707 1956 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/26 01:46:40.0863 1956 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/26 01:46:40.0987 1956 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/26 01:46:41.0065 1956 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/26 01:46:41.0190 1956 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/26 01:46:41.0253 1956 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/26 01:46:41.0393 1956 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/07/26 01:46:41.0455 1956 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/26 01:46:42.0625 1956 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/07/26 01:46:42.0688 1956 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/26 01:46:42.0750 1956 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/26 01:46:42.0859 1956 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/26 01:46:42.0937 1956 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/26 01:46:43.0171 1956 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/26 01:46:43.0421 1956 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/26 01:46:43.0483 1956 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/26 01:46:43.0624 1956 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/26 01:46:43.0639 1956 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/26 01:46:43.0702 1956 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/26 01:46:43.0749 1956 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/26 01:46:43.0889 1956 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/26 01:46:43.0920 1956 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/26 01:46:43.0951 1956 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/26 01:46:44.0107 1956 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/26 01:46:44.0170 1956 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/26 01:46:44.0263 1956 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/26 01:46:44.0295 1956 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/26 01:46:44.0435 1956 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/26 01:46:44.0607 1956 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/26 01:46:44.0731 1956 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/26 01:46:44.0763 1956 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/26 01:46:44.0919 1956 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/26 01:46:45.0012 1956 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/26 01:46:45.0153 1956 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/26 01:46:45.0215 1956 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/26 01:46:45.0355 1956 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/26 01:46:45.0449 1956 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/26 01:46:45.0574 1956 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/07/26 01:46:45.0636 1956 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/26 01:46:45.0745 1956 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/26 01:46:45.0839 1956 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/07/26 01:46:45.0995 1956 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/26 01:46:46.0073 1956 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/07/26 01:46:46.0182 1956 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/07/26 01:46:46.0260 1956 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/26 01:46:46.0401 1956 O2MDRDR (3141d533be9f3386c8295e8375ecdb98) C:\Windows\system32\DRIVERS\o2media.sys

2011/07/26 01:46:46.0479 1956 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/26 01:46:46.0635 1956 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/26 01:46:46.0697 1956 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/26 01:46:46.0822 1956 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/26 01:46:46.0900 1956 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/26 01:46:47.0025 1956 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/26 01:46:47.0071 1956 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/26 01:46:47.0165 1956 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/26 01:46:47.0227 1956 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/26 01:46:47.0461 1956 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/26 01:46:47.0477 1956 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/26 01:46:47.0617 1956 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/26 01:46:47.0695 1956 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/26 01:46:47.0820 1956 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/26 01:46:47.0867 1956 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/26 01:46:47.0898 1956 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/26 01:46:48.0007 1956 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/26 01:46:48.0054 1956 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/26 01:46:48.0179 1956 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/26 01:46:48.0210 1956 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/26 01:46:48.0382 1956 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/26 01:46:48.0491 1956 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/26 01:46:48.0585 1956 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/26 01:46:48.0709 1956 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/07/26 01:46:48.0772 1956 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/26 01:46:48.0881 1956 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/26 01:46:49.0006 1956 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/26 01:46:49.0131 1956 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/26 01:46:49.0240 1956 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/26 01:46:49.0427 1956 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/26 01:46:49.0489 1956 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/07/26 01:46:49.0552 1956 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/26 01:46:49.0723 1956 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/26 01:46:49.0848 1956 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

2011/07/26 01:46:49.0942 1956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/26 01:46:49.0989 1956 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/26 01:46:50.0035 1956 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/26 01:46:50.0145 1956 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/26 01:46:50.0238 1956 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/26 01:46:50.0269 1956 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/26 01:46:50.0316 1956 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/26 01:46:50.0425 1956 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/26 01:46:50.0535 1956 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/26 01:46:50.0628 1956 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/26 01:46:50.0675 1956 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/26 01:46:50.0706 1956 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/26 01:46:50.0847 1956 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/26 01:46:51.0034 1956 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/26 01:46:51.0081 1956 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/26 01:46:51.0205 1956 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/07/26 01:46:51.0268 1956 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/07/26 01:46:51.0408 1956 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/07/26 01:46:51.0517 1956 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/26 01:46:51.0580 1956 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/26 01:46:51.0720 1956 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/26 01:46:51.0751 1956 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/07/26 01:46:51.0829 1956 SWDUMon (7168ea26833301750562bfd0a16a66d3) C:\Windows\system32\DRIVERS\SWDUMon.sys

2011/07/26 01:46:51.0985 1956 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/26 01:46:52.0188 1956 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/26 01:46:52.0391 1956 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/26 01:46:52.0563 1956 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/26 01:46:52.0719 1956 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/26 01:46:52.0797 1956 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/26 01:46:52.0828 1956 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/26 01:46:52.0984 1956 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/26 01:46:53.0124 1956 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/26 01:46:53.0296 1956 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/26 01:46:53.0467 1956 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/26 01:46:53.0639 1956 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/26 01:46:53.0701 1956 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2011/07/26 01:46:53.0795 1956 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/26 01:46:53.0873 1956 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/26 01:46:54.0029 1956 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/26 01:46:54.0091 1956 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/07/26 01:46:54.0216 1956 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/26 01:46:54.0310 1956 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/26 01:46:54.0450 1956 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/26 01:46:54.0622 1956 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/26 01:46:54.0653 1956 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/26 01:46:54.0700 1956 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

2011/07/26 01:46:54.0825 1956 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/26 01:46:54.0887 1956 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/26 01:46:55.0043 1956 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/26 01:46:55.0074 1956 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/26 01:46:55.0230 1956 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/26 01:46:55.0277 1956 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS

2011/07/26 01:46:55.0433 1956 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/26 01:46:55.0495 1956 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/26 01:46:55.0589 1956 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/26 01:46:55.0698 1956 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/26 01:46:55.0807 1956 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/26 01:46:55.0870 1956 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/26 01:46:55.0995 1956 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/26 01:46:56.0057 1956 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/07/26 01:46:56.0119 1956 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/26 01:46:56.0260 1956 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/26 01:46:56.0322 1956 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/26 01:46:56.0463 1956 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/26 01:46:56.0650 1956 vpnva (0d8df4058901616a4e716ab67d472581) C:\Windows\system32\DRIVERS\vpnva.sys

2011/07/26 01:46:56.0712 1956 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/26 01:46:56.0837 1956 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/26 01:46:56.0884 1956 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/26 01:46:57.0009 1956 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

2011/07/26 01:46:57.0055 1956 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys

2011/07/26 01:46:57.0165 1956 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/26 01:46:57.0289 1956 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys

2011/07/26 01:46:57.0352 1956 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/26 01:46:57.0367 1956 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/26 01:46:57.0555 1956 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/26 01:46:57.0617 1956 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/26 01:46:57.0789 1956 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/26 01:46:57.0820 1956 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/26 01:46:58.0023 1956 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys

2011/07/26 01:46:58.0179 1956 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/26 01:46:58.0288 1956 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/26 01:46:58.0475 1956 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/26 01:46:58.0647 1956 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/26 01:46:58.0818 1956 yukonw7 (95c1a8e708efa7fcae03cae688465b0a) C:\Windows\system32\DRIVERS\yk62x86.sys

2011/07/26 01:46:58.0896 1956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/26 01:46:58.0927 1956 Boot (0x1200) (6989957f145c754a112bee3830ba1f16) \Device\Harddisk0\DR0\Partition0

2011/07/26 01:46:58.0959 1956 Boot (0x1200) (6b89186c1ec7ef173e7fedab4a3c61e7) \Device\Harddisk0\DR0\Partition1

2011/07/26 01:46:58.0959 1956 ================================================================================

2011/07/26 01:46:58.0959 1956 Scan finished

2011/07/26 01:46:58.0959 1956 ================================================================================

2011/07/26 01:46:58.0990 0988 Detected object count: 0

2011/07/26 01:46:58.0990 0988 Actual detected object count: 0

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hey! Google works in Chrome;l I haven't checked it in my other browsers. Security Essentials is on, updated and found a little trojan. SO far eveything is running awesomely. Here's the log.

ComboFix 11-07-26.03 - Shanna 07/26/2011 17:47:12.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1303 [GMT -7:00]

Running from: c:\users\Shanna\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Downloaded Installers

c:\program files\Downloaded Installers\{E6BEC86E-DCA9-4510-975F-E2DC68D3E5D7}\setup.msi

c:\users\Shanna\AppData\Roaming\Local

c:\users\Shanna\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Shanna\AppData\Roaming\Local\Temp\DDM\Settings\4ndx0p7oht9rs.avi.ddr

c:\users\Shanna\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Shanna\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\4ndx0p7oht9rs.avi.ddp

c:\users\Shanna\Documents\~WRL0005.tmp

c:\users\Shanna\Documents\~WRL3705.tmp

.

c:\windows\System32\autochk.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))

.

.

2011-07-27 01:00 . 2011-07-27 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-23 21:54 . 2011-07-27 00:39 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2011-07-23 21:54 . 2011-07-27 00:39 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2011-07-23 02:20 . 2011-07-23 02:20 -------- d-----w- c:\program files\ESET

2011-07-22 22:21 . 2011-07-22 22:21 -------- d-----w- c:\program files\Microsoft Security Client

2011-07-22 20:05 . 2011-07-22 20:05 -------- d-----w- c:\users\Shanna\AppData\Roaming\Malwarebytes

2011-07-22 20:05 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 20:05 . 2011-07-22 20:05 -------- d-----w- c:\programdata\Malwarebytes

2011-07-22 20:05 . 2011-07-22 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 20:05 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 05:44 . 2011-07-22 05:44 -------- d-----w- C:\found.000

2011-07-22 01:00 . 2011-07-22 01:00 -------- d-----w- c:\windows\system32\SPReview

2011-07-22 00:59 . 2011-07-22 00:59 -------- d-----w- c:\windows\system32\EventProviders

2011-07-22 00:54 . 2011-07-22 22:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-07-22 00:54 . 2011-07-22 22:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-20 06:58 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-20 06:58 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-20 06:58 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-20 06:58 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-20 06:58 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-20 06:58 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-20 06:58 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-19 04:10 . 2011-07-19 04:10 -------- d-----w- c:\programdata\VanDyke

2011-07-19 03:55 . 2011-07-19 03:55 -------- d-----w- c:\users\Shanna\AppData\Roaming\VanDyke

2011-07-19 03:52 . 2011-07-19 03:52 -------- d-----w- c:\program files\VanDyke Software

2011-07-19 03:51 . 2011-07-19 03:51 -------- d-----w- c:\users\Shanna\AppData\Local\Downloaded Installations

2011-07-19 03:46 . 2010-11-20 12:21 750592 ----a-w- c:\windows\system32\schedsvc.dll

2011-07-19 03:45 . 2010-11-20 12:16 1466368 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-19 03:44 . 2010-11-20 10:49 386048 ----a-w- c:\windows\system32\html.iec

2011-07-19 03:42 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-07-19 03:42 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll

2011-07-19 03:39 . 2011-07-19 03:40 -------- d-----w- c:\program files\Cisco

2011-07-19 03:39 . 2011-07-19 03:39 -------- d-----w- c:\users\Shanna\AppData\Local\Cisco

2011-07-19 03:38 . 2011-07-19 03:39 -------- d-----w- c:\programdata\Cisco

2011-07-19 03:16 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-23 02:47 . 2010-12-10 04:20 44544 ----a-w- c:\windows\system32\agremove.exe

2011-07-22 01:10 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-05-28 02:53 . 2011-06-23 21:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-23 18:55 . 2011-05-23 18:55 10704 ----a-w- c:\windows\system32\vpncategories.dll

2011-05-23 18:55 . 2011-05-23 18:55 32720 ----a-w- c:\windows\system32\vpnevents.dll

2011-05-23 18:45 . 2011-05-23 18:45 23464 ----a-w- c:\windows\system32\drivers\vpnva.sys

2011-05-23 18:45 . 2011-05-23 18:45 77968 ----a-r- c:\windows\system32\drivers\acsock.sys

2011-05-03 04:30 . 2011-06-23 21:20 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 02:46 . 2011-06-23 21:21 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46 . 2011-06-23 21:21 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46 . 2011-06-23 21:21 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk

backup=c:\windows\pss\Scrybe.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2004-12-14 07:12 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2007-04-04 19:41 970752 ----a-w- c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

2011-02-23 21:23 2251064 ----a-w- c:\program files\CCleaner\CCleaner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-11-29 22:58 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

R1 MpKsl0bbc50c9;MpKsl0bbc50c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D9B33F8-010E-4C05-9748-A1AF0A47FE87}\MpKsl0bbc50c9.sys [x]

R1 MpKsl1596a0b6;MpKsl1596a0b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0272AA9-EAB6-48E1-BA5B-7A71275A0B8B}\MpKsl1596a0b6.sys [x]

R1 MpKsl2e0cdf02;MpKsl2e0cdf02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C446BCEB-DBDA-47FB-A2C1-7794A8A26C92}\MpKsl2e0cdf02.sys [x]

R1 MpKsl3c8005ef;MpKsl3c8005ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE384E6B-AE1E-4B4B-86CB-29A9030277A1}\MpKsl3c8005ef.sys [x]

R1 MpKsl4042ed1a;MpKsl4042ed1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56F0CDBF-3D0C-4026-AC51-3EA9D6327C66}\MpKsl4042ed1a.sys [x]

R1 MpKsl476813f2;MpKsl476813f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A68CD18-4577-4C4C-9B9A-3667D94BC425}\MpKsl476813f2.sys [x]

R1 MpKsl6a915a60;MpKsl6a915a60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0417D42-1E21-4321-AF32-6D1FC4478538}\MpKsl6a915a60.sys [x]

R1 MpKsl6d304f21;MpKsl6d304f21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5721440-0A78-40A5-9394-C6A88C04889D}\MpKsl6d304f21.sys [x]

R1 MpKsl756d8049;MpKsl756d8049;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F1B6F18-CBC2-4821-BF1E-D88DA43F608B}\MpKsl756d8049.sys [x]

R1 MpKsl7affca23;MpKsl7affca23;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14135D5E-DA5C-43D9-9236-C35510A9A08F}\MpKsl7affca23.sys [x]

R1 MpKsl806fbe82;MpKsl806fbe82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D9B33F8-010E-4C05-9748-A1AF0A47FE87}\MpKsl806fbe82.sys [x]

R1 MpKsl8f7c3b2c;MpKsl8f7c3b2c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D684919-A8F8-4CE4-AC6D-A6DEB290A189}\MpKsl8f7c3b2c.sys [x]

R1 MpKsl99f88b21;MpKsl99f88b21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{130152DA-3AB4-46F9-96B0-6C82AF76B50F}\MpKsl99f88b21.sys [x]

R1 MpKsl9ba5e268;MpKsl9ba5e268;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31436482-651D-4E8B-8661-9B506D1145B8}\MpKsl9ba5e268.sys [x]

R1 MpKsl9fa333bd;MpKsl9fa333bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98F13F98-D232-4331-B6C7-D1836A384678}\MpKsl9fa333bd.sys [x]

R1 MpKslbd9e0da5;MpKslbd9e0da5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1482642D-A798-4906-9CC6-F36EE9D9EE97}\MpKslbd9e0da5.sys [x]

R1 MpKslcb52f180;MpKslcb52f180;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30779361-1C58-425A-801A-DF1775044A5B}\MpKslcb52f180.sys [x]

R1 MpKslcdd7ca3a;MpKslcdd7ca3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91619B27-290E-4B6B-ADDB-F88C08E35882}\MpKslcdd7ca3a.sys [x]

R1 MpKsldf7daaa1;MpKsldf7daaa1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69EACC76-699D-40FB-B0C6-9410D9513876}\MpKsldf7daaa1.sys [x]

R1 MpKsle3a77954;MpKsle3a77954;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{769DC899-AC43-4AC5-8D8D-AF6991624CBA}\MpKsle3a77954.sys [x]

R1 MpKslefe89273;MpKslefe89273;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F1B6F18-CBC2-4821-BF1E-D88DA43F608B}\MpKslefe89273.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-05-23 77968]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-02-22 11232]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-10 1343400]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]

R4 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-01-14 1294848]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4807536]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-27 c:\windows\Tasks\DriverUpdate Startup.job

- c:\program files\DriverUpdate\DriverUpdate.exe [2011-02-01 21:37]

.

2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524994211-1086117135-4107810037-1000Core.job

- c:\users\Shanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-22 00:45]

.

2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524994211-1086117135-4107810037-1000UA.job

- c:\users\Shanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-22 00:45]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

FF - ProfilePath - c:\users\Shanna\AppData\Roaming\Mozilla\Firefox\Profiles\sia8rj4z.default\

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-JP595IR86O - c:\users\Shanna\AppData\Local\Temp\Hlx.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-26 18:04:44

ComboFix-quarantined-files.txt 2011-07-27 01:04

.

Pre-Run: 127,503,532,032 bytes free

Post-Run: 127,110,881,280 bytes free

.

- - End Of File - - 074A1C9B8F08871CD5CB7C82893F3681

Link to post
Share on other sites

Can I re-enable the programs that were un-enabled now? My system is working properly; just wondering if anything showed up that I should remove?

Yes and be sure to do this:

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.