Len2121 Posted August 31, 2011 ID:471159 Share Posted August 31, 2011 Hi - mbam finds c:\windows\system\svchost.exe infected with backdoor.bot. Successfully quarantines but appears again after reboot.Thanks for your help!LenHere is DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421Run by Admin at 22:38:00 on 2011-08-30Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1744 [GMT -7:00].AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k termlfsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\System32\mobsync.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://www.google.com/search/?q=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllmRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exemRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exemRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exemPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: c:\windows\system32\wpclsp.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{F122BA81-ACD5-4D61-AF47-A651FCC98B43} : DhcpNameServer = 192.168.1.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllAppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\GOEC62~1.DLLSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-17 752128]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]R1 MpKslc1d8dcd6;MpKslc1d8dcd6;c:\programdata\microsoft\microsoft antimalware\definition updates\{7843a5f6-2b02-47eb-8b65-a342424b16cd}\MpKslc1d8dcd6.sys [2011-8-30 28752]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-8-29 3246040]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-7 176128]R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-22 366640]R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-9-4 27648]R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termlfsvc [2008-1-20 21504]R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-8-29 167968]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-7 8312832]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-7 244736]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-3-30 97808]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22712]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-4 30192]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-22 41272]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-4 27192]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2011-08-31 05:22:00 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7843a5f6-2b02-47eb-8b65-a342424b16cd}\MpKslc1d8dcd6.sys2011-08-31 05:21:53 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7843a5f6-2b02-47eb-8b65-a342424b16cd}\mpengine.dll2011-08-31 05:21:44 7680 ----a-w- c:\windows\system\svchost.exe2011-08-30 10:59:32 -------- d-----w- c:\users\admin\appdata\local\temp2011-08-30 10:49:14 -------- d-sh--w- C:\$RECYCLE.BIN2011-08-30 10:28:44 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe2011-08-30 10:28:43 4189688 ------r- C:\ComboFix.exe2011-08-30 09:57:51 -------- d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com2011-08-30 07:21:47 512 ----a-w- C:\MBR.dat.vir2011-08-30 07:20:33 1916416 ----a-w- C:\aswMBR.exe2011-08-30 05:05:46 302592 ----a-w- C:\o2chis5c.exe2011-08-29 07:10:58 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys2011-08-29 07:10:58 -------- d-----w- c:\users\admin\appdata\roaming\1F1C8B12-A5DA-4288-B01E-DC977B44C3B92011-08-29 07:10:44 600928 ----a-w- c:\windows\system32\drivers\timntr.sys2011-08-29 01:52:36 -------- d-----w- c:\program files\ESET2011-08-28 19:26:23 -------- d-sh--w- c:\windows\system32\%APPDATA%2011-08-28 19:06:09 -------- d-----w- c:\program files\SUPERAntiSpyware2011-08-28 17:09:19 -------- d-----w- c:\windows\pss2011-08-28 16:53:41 -------- d-----w- c:\program files\iPod2011-08-28 16:53:39 -------- d-----w- c:\program files\iTunes2011-08-28 16:43:35 -------- d-----w- c:\program files\AMD APP2011-08-28 16:40:01 218624 ----a-w- c:\windows\system32\tercdw32.dll2011-08-24 18:02:40 2048 ----a-w- c:\windows\system32\tzres.dll2011-08-24 17:59:55 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll2011-08-10 19:29:53 375808 ----a-w- c:\windows\system32\winsrv.dll2011-08-10 19:29:52 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-08-10 19:29:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat2011-08-10 19:29:44 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-08-10 19:29:44 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe2011-08-10 19:29:42 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-08-10 19:29:42 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2011-08-05 23:24:54 -------- d-----w- c:\users\admin\appdata\local\Apple Computer2011-08-05 23:19:48 -------- d-----w- c:\program files\Bonjour2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll.==================== Find3M ====================.2011-08-29 07:10:48 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys2011-08-29 07:10:15 170528 ----a-w- c:\windows\system32\drivers\snapman.sys2011-08-28 16:23:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-08 06:37:28 53760 ----a-w- c:\windows\system32\OVDecode.dll2011-07-08 06:36:46 13904896 ----a-w- c:\windows\system32\amdocl.dll2011-07-08 04:14:40 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-07-08 03:33:28 17940992 ----a-w- c:\windows\system32\atioglxx.dll2011-07-08 03:29:54 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-07-08 03:29:44 689152 ----a-w- c:\windows\system32\aticfx32.dll2011-07-08 03:25:48 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-07-08 03:25:20 401408 ----a-w- c:\windows\system32\atieclxx.exe2011-07-08 03:24:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe2011-07-08 03:23:40 159744 ----a-w- c:\windows\system32\atitmmxx.dll2011-07-08 03:23:26 356352 ----a-w- c:\windows\system32\atipdlxx.dll2011-07-08 03:23:14 278528 ----a-w- c:\windows\system32\Oemdspif.dll2011-07-08 03:23:06 15872 ----a-w- c:\windows\system32\atimuixx.dll2011-07-08 03:22:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll2011-07-08 03:19:50 4275712 ----a-w- c:\windows\system32\atidxx32.dll2011-07-08 03:05:46 1828864 ----a-w- c:\windows\system32\atiumdmv.dll2011-07-08 03:02:06 46080 ----a-w- c:\windows\system32\aticalrt.dll2011-07-08 03:01:58 44032 ----a-w- c:\windows\system32\aticalcl.dll2011-07-08 03:00:34 4367360 ----a-w- c:\windows\system32\atiumdag.dll2011-07-08 02:58:52 6740480 ----a-w- c:\windows\system32\aticaldd.dll2011-07-08 02:55:56 4039680 ----a-w- c:\windows\system32\atiumdva.dll2011-07-08 02:54:28 52736 ----a-w- c:\windows\system32\coinst.dll2011-07-08 02:47:34 266240 ----a-w- c:\windows\system32\atiadlxx.dll2011-07-08 02:47:20 13312 ----a-w- c:\windows\system32\atiglpxx.dll2011-07-08 02:47:10 32768 ----a-w- c:\windows\system32\atigktxx.dll2011-07-08 02:46:42 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys2011-07-08 02:46:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll2011-07-08 02:45:58 29184 ----a-w- c:\windows\system32\atiu9pag.dll2011-07-08 02:45:30 37376 ----a-w- c:\windows\system32\atitmpxx.dll2011-07-08 02:45:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\atimpc32.dll2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\amdpcom32.dll2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts2011-07-04 03:18:53 319456 ----a-w- c:\windows\DIFxAPI.dll2011-07-04 03:18:37 315392 ----a-w- c:\windows\HideWin.exe2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe2011-06-16 10:34:06 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll2011-06-16 10:34:06 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 22:38:33.34 ===============Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7616Windows 6.0.6002 Service Pack 2Internet Explorer 9.0.8112.164218/30/2011 11:29:32 PMmbam-log-2011-08-30 (23-29-32).txtScan type: Quick scanObjects scanned: 1Time elapsed: 4 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:c:\Windows\system\svchost.exe (Backdoor.Bot) -> 4488 -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.=======================================================================================Not sure if you wanted this mbam logfile or not (sorry if not):00:28:52 Admin MESSAGE Protection started successfully00:28:56 Admin MESSAGE IP Protection started successfully00:29:12 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE00:29:49 Admin ERROR Scheduled update failed: No address found failed with error code 1100400:32:37 Admin MESSAGE IP Protection stopped00:58:59 Admin ERROR Scheduled update failed: No address found failed with error code 1100401:04:03 Admin MESSAGE IP Protection started successfully01:20:42 Admin MESSAGE Protection started successfully01:20:47 Admin MESSAGE IP Protection started successfully01:21:24 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot ALLOW01:34:07 Admin MESSAGE Protection started successfully01:34:11 Admin MESSAGE IP Protection started successfully01:34:15 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE01:59:00 Admin ERROR Scheduled update failed: No address found failed with error code 1100402:56:28 Admin MESSAGE Protection started successfully02:56:32 Admin MESSAGE IP Protection started successfully02:56:40 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE02:57:48 Admin MESSAGE IP Protection stopped02:59:00 Admin ERROR Scheduled update failed: No address found failed with error code 1100403:17:11 Admin MESSAGE Protection started successfully03:17:15 Admin MESSAGE IP Protection started successfully03:19:27 Admin MESSAGE IP Protection stopped03:27:02 Admin MESSAGE Protection started successfully03:27:06 Admin MESSAGE IP Protection started successfully03:28:12 Admin MESSAGE IP Protection stopped03:58:59 Admin ERROR Scheduled update failed: No address found failed with error code 1100404:08:34 Admin MESSAGE Protection started successfully04:08:38 Admin MESSAGE IP Protection started successfully04:11:07 (null) DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY10:18:21 Admin MESSAGE Protection started successfully10:18:25 Admin MESSAGE IP Protection started successfully10:19:18 Admin ERROR Scheduled update failed: No address found failed with error code 1100410:19:32 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE10:19:45 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY10:19:51 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY10:20:00 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY10:21:27 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot ALLOW21:59:14 Admin MESSAGE Protection started successfully21:59:18 Admin MESSAGE IP Protection started successfully22:00:12 Admin ERROR Scheduled update failed: No address found failed with error code 1100422:00:26 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE22:01:27 Admin MESSAGE IP Protection stopped22:01:39 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot ALLOW22:04:54 Admin MESSAGE Protection started successfully22:04:58 Admin MESSAGE IP Protection started successfully22:07:14 Admin MESSAGE IP Protection stopped22:07:17 Admin MESSAGE Database updated successfully22:07:18 Admin MESSAGE IP Protection started successfully22:09:41 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE22:21:08 Admin MESSAGE Protection started successfully22:21:12 Admin MESSAGE IP Protection started successfully22:21:57 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot ALLOW22:58:59 Admin ERROR Scheduled update failed: No address found failed with error code 11004attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted September 3, 2011 Staff ID:472139 Share Posted September 3, 2011 Hi and welcome to Malwarebytes.I'm afraid I have bad news.Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallShould you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.Should you have any questions, please feel free to ask.Let me know what you decide. Link to post Share on other sites More sharing options...
Len2121 Posted September 8, 2011 Author ID:473928 Share Posted September 8, 2011 Thanks Chris, I appreciate your input. I would like to take you up on the offer to help to try to clean it before resorting to reformatting. I understand the risks. Please let me know how to proceed.Thanks,Len Link to post Share on other sites More sharing options...
Staff screen317 Posted September 8, 2011 Staff ID:474185 Share Posted September 8, 2011 Okay.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
Len2121 Posted September 14, 2011 Author ID:475944 Share Posted September 14, 2011 Hi Chris,Sorry for the delay. I was trying to battle it before giving up and reformatting. I placed my previous post right before I took the steps below. I think I might have been successful, but if you wouldn't mind verifying, I've included the logs you requested. For the benefit of others reading this post I thought I'd preface the logs with this info:Mbam would always detect both a file and a memory resident infected svchost.exe in my \Windows\System directory, and they would return soon after quarantining. I watched my task manager processes carefully, sorted by cpu usage, and noticed that right before the infected files reappeared I saw that dllhost.exe appeared briefly, followed by svchost.exe.I tried to compare the \Windows\System directory to the one in the recovery OS (in the recovery partition that came with this computer) and I noticed that there was no such directory. I'm not familiar with Vista, but from my experience with previous Windows versions I had expected to see a system dir, along with a system32 dir. As an experiment I renamed the Windows\System directory, and poof! No more backdoor.bot warnings.I ran regedit searching for references to windows\system\. The one that stood out was this:[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]"File0"="C:\\WINDOWS\\SYSTEM\\SVCHOST.EXE""File1"="C:\\WINDOWS\\SYSTEM\\SVCHOST.EXE"I deleted that key. Since doing that and renaming the \windows\system directory the computer is running a lot faster and subsequent mbam scans have been clean. I haven't noticed anything non-functional since renaming the directory. I'm pretty sure that directory isn't supposed to be there, maybe someone else running Vista can confirm.In the DSS attach log you'll notice lots of Event Viewer messages; these are probably all due to my having manually disabled lots of services in my troubleshooting I had forgotten to reenable until recently.I'm attaching the combofix.txt as a zip because it was so large, along with the dss attach file.And I'm sorry if I shouldn't have, but I had to uninstall combofix because I couldn't connect back to the internet to reply otherwise. Maybe that's an indication I still have a problem?=============================================================================Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7711Windows 6.0.6002 Service Pack 2Internet Explorer 9.0.8112.164219/13/2011 8:44:58 PMmbam-log-2011-09-13 (20-44-58).txtScan type: Quick scanObjects scanned: 165911Time elapsed: 6 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)=============================================================.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421Run by Admin at 21:12:06 on 2011-09-13Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1452 [GMT -7:00].AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Windows\System32\alg.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\dllhost.exeC:\Windows\ehome\ehRecvr.exeC:\Windows\ehome\ehsched.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exeC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Microsoft Office\Office14\GROOVE.EXEC:\Windows\System32\msdtc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k regsvcC:\Windows\system32\locator.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\System32\snmptrap.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\SureThing Shared\stllssvr.exeC:\Windows\System32\svchost.exe -k termlfsvcC:\Windows\System32\vds.exeC:\Windows\system32\svchost.exe -k wcssvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\iashost.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Windows\System32\mobsync.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\System32\svchost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcentermRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exemPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: c:\windows\system32\wpclsp.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{F122BA81-ACD5-4D61-AF47-A651FCC98B43} : DhcpNameServer = 192.168.1.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLAppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-17 752128]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]R1 MpKslf83a81e7;MpKslf83a81e7;c:\programdata\microsoft\microsoft antimalware\definition updates\{bd013b0d-ceb1-4336-88ba-dea396c74268}\MpKslf83a81e7.sys [2011-9-13 28752]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-8-29 3246040]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-7 176128]R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-22 366152]R2 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]R2 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termlfsvc [2008-1-20 21504]R2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-8-29 167968]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-7 8312832]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-7 244736]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-3-30 97808]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22216]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]S2 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]S2 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024].=============== Created Last 30 ================.2011-09-13 10:25:02 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bd013b0d-ceb1-4336-88ba-dea396c74268}\MpKslf83a81e7.sys2011-09-13 10:24:58 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bd013b0d-ceb1-4336-88ba-dea396c74268}\mpengine.dll2011-09-13 10:05:09 -------- d-----w- c:\program files\common files\HP2011-09-13 10:01:47 729088 ----a-w- c:\windows\system32\hpwwiax3.dll2011-09-13 10:01:47 364544 ----a-w- c:\windows\system32\hppldcoi.dll2011-09-13 10:01:47 294912 ----a-w- c:\windows\system32\hpovst11.dll2011-09-13 10:01:47 271704 ----a-w- c:\windows\system32\hpzids01.dll2011-09-13 09:35:56 -------- d-----w- c:\windows\Downloaded Installations2011-09-13 07:46:46 970752 ----a-w- c:\windows\system32\hpwtiop3.dll2011-09-13 06:42:47 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5jy.dll2011-09-13 06:41:54 118272 ----a-w- c:\windows\system32\hpz3l5jy.dll2011-09-13 06:41:47 -------- d-----w- c:\windows\braveheart2011-09-13 05:44:34 -------- d-----w- c:\users\admin\appdata\local\HP2011-09-09 04:45:00 -------- d-sh--w- C:\$RECYCLE.BIN2011-09-09 04:44:58 -------- d-----w- c:\users\admin\appdata\local\temp2011-09-08 04:53:58 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll2011-09-08 04:53:57 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a30a5f8b-0062-4c87-90b5-303d48142112}\gapaengine.dll2011-09-03 05:43:07 -------- d-----w- c:\users\admin\appdata\roaming\f-secure2011-08-31 06:40:13 691 ----a-w- c:\users\admin\appdata\roaming\GetValue.vbs2011-08-31 06:40:13 35 ----a-w- c:\users\admin\appdata\roaming\SetValue.bat2011-08-30 10:28:44 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe2011-08-30 07:20:33 1916416 ----a-w- C:\aswMBR.exe2011-08-30 05:05:46 302592 ----a-w- C:\o2chis5c.exe2011-08-29 07:10:58 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys2011-08-29 07:10:58 -------- d-----w- c:\users\admin\appdata\roaming\1F1C8B12-A5DA-4288-B01E-DC977B44C3B92011-08-29 07:10:44 600928 ----a-w- c:\windows\system32\drivers\timntr.sys2011-08-29 01:52:36 -------- d-----w- c:\program files\ESET2011-08-28 19:26:23 -------- d-sh--w- c:\windows\system32\%APPDATA%2011-08-28 17:09:19 -------- d-----w- c:\windows\pss2011-08-28 16:53:41 -------- d-----w- c:\program files\iPod2011-08-28 16:53:39 -------- d-----w- c:\program files\iTunes2011-08-28 16:43:35 -------- d-----w- c:\program files\AMD APP2011-08-28 16:40:01 218624 ----a-w- c:\windows\system32\tercdw32.dll2011-08-24 18:02:40 2048 ----a-w- c:\windows\system32\tzres.dll2011-08-24 17:59:55 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll.==================== Find3M ====================.2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-29 07:10:48 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys2011-08-29 07:10:15 170528 ----a-w- c:\windows\system32\drivers\snapman.sys2011-08-28 16:23:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-08 06:37:28 53760 ----a-w- c:\windows\system32\OVDecode.dll2011-07-08 06:36:46 13904896 ----a-w- c:\windows\system32\amdocl.dll2011-07-08 04:14:40 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-07-08 03:33:28 17940992 ----a-w- c:\windows\system32\atioglxx.dll2011-07-08 03:29:54 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-07-08 03:29:44 689152 ----a-w- c:\windows\system32\aticfx32.dll2011-07-08 03:25:48 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-07-08 03:25:20 401408 ----a-w- c:\windows\system32\atieclxx.exe2011-07-08 03:24:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe2011-07-08 03:23:40 159744 ----a-w- c:\windows\system32\atitmmxx.dll2011-07-08 03:23:26 356352 ----a-w- c:\windows\system32\atipdlxx.dll2011-07-08 03:23:14 278528 ----a-w- c:\windows\system32\Oemdspif.dll2011-07-08 03:23:06 15872 ----a-w- c:\windows\system32\atimuixx.dll2011-07-08 03:22:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll2011-07-08 03:19:50 4275712 ----a-w- c:\windows\system32\atidxx32.dll2011-07-08 03:05:46 1828864 ----a-w- c:\windows\system32\atiumdmv.dll2011-07-08 03:02:06 46080 ----a-w- c:\windows\system32\aticalrt.dll2011-07-08 03:01:58 44032 ----a-w- c:\windows\system32\aticalcl.dll2011-07-08 03:00:34 4367360 ----a-w- c:\windows\system32\atiumdag.dll2011-07-08 02:58:52 6740480 ----a-w- c:\windows\system32\aticaldd.dll2011-07-08 02:55:56 4039680 ----a-w- c:\windows\system32\atiumdva.dll2011-07-08 02:54:28 52736 ----a-w- c:\windows\system32\coinst.dll2011-07-08 02:47:34 266240 ----a-w- c:\windows\system32\atiadlxx.dll2011-07-08 02:47:20 13312 ----a-w- c:\windows\system32\atiglpxx.dll2011-07-08 02:47:10 32768 ----a-w- c:\windows\system32\atigktxx.dll2011-07-08 02:46:42 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys2011-07-08 02:46:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll2011-07-08 02:45:58 29184 ----a-w- c:\windows\system32\atiu9pag.dll2011-07-08 02:45:30 37376 ----a-w- c:\windows\system32\atitmpxx.dll2011-07-08 02:45:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\atimpc32.dll2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\amdpcom32.dll2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts2011-07-04 03:18:53 319456 ----a-w- c:\windows\DIFxAPI.dll2011-07-04 03:18:37 315392 ----a-w- c:\windows\HideWin.exe2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe2011-06-17 20:13:55 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll2011-06-17 13:31:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2011-06-16 10:34:06 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll2011-06-16 10:34:06 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll.============= FINISH: 21:12:39.48 ===========ComboFix.zipAttach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted September 17, 2011 Staff ID:476729 Share Posted September 17, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
Len2121 Posted September 20, 2011 Author ID:477507 Share Posted September 20, 2011 ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OKESET also reported:C:\Windows\System32\tercdw32.dll a variant of Win32/Wimpixo.AL trojan cleaned by deleting - quarantinedResults of screen317's Security Check version 0.99.18 Windows Vista Service Pack 2 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 5 Out of date Java installed! Adobe Flash Player ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Microsoft Security Essentials msseces.exe Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe ``````````End of Log```````````` mbam is still occasionally reporting:Carroll IP-BLOCK 219.146.53.72 (Type: outgoing, Port: 49675, Process: svchost.exe)Although I haven't rebooted since ESET cleaned the trojan it found. I'll do that and report back.Thanks,Len Link to post Share on other sites More sharing options...
Len2121 Posted September 21, 2011 Author ID:478038 Share Posted September 21, 2011 It's still trying to contact the mothership in China several times/day. Is there any clues in the last logs I sent? I did update Java to v6 build 27. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 24, 2011 Staff ID:478995 Share Posted September 24, 2011 Hi,Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here. Link to post Share on other sites More sharing options...
Len2121 Posted September 26, 2011 Author ID:479387 Share Posted September 26, 2011 21:30:36.0942 9780 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:3721:30:37.0502 9780 ============================================================21:30:37.0502 9780 Current date / time: 2011/09/25 21:30:37.050221:30:37.0503 9780 SystemInfo:21:30:37.0503 9780 21:30:37.0503 9780 OS Version: 6.0.6002 ServicePack: 2.021:30:37.0503 9780 Product type: Workstation21:30:37.0503 9780 ComputerName: CARROLL-PC21:30:37.0503 9780 UserName: Admin21:30:37.0503 9780 Windows directory: C:\Windows21:30:37.0503 9780 System windows directory: C:\Windows21:30:37.0503 9780 Processor architecture: Intel x8621:30:37.0503 9780 Number of processors: 421:30:37.0503 9780 Page size: 0x100021:30:37.0503 9780 Boot type: Normal boot21:30:37.0503 9780 ============================================================21:30:40.0226 9780 Initialize success21:30:52.0313 4672 ============================================================21:30:52.0313 4672 Scan started21:30:52.0313 4672 Mode: Manual; 21:30:52.0313 4672 ============================================================21:30:55.0871 4672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys21:30:55.0873 4672 ACPI - ok21:30:55.0961 4672 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys21:30:55.0980 4672 adp94xx - ok21:30:56.0012 4672 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys21:30:56.0018 4672 adpahci - ok21:30:56.0058 4672 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys21:30:56.0061 4672 adpu160m - ok21:30:56.0083 4672 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys21:30:56.0096 4672 adpu320 - ok21:30:56.0180 4672 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys21:30:56.0183 4672 afcdp - ok21:30:56.0279 4672 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys21:30:56.0284 4672 AFD - ok21:30:56.0376 4672 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys21:30:56.0378 4672 agp440 - ok21:30:56.0392 4672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys21:30:56.0394 4672 aic78xx - ok21:30:56.0410 4672 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys21:30:56.0425 4672 aliide - ok21:30:56.0475 4672 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys21:30:56.0477 4672 amdagp - ok21:30:56.0495 4672 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys21:30:56.0496 4672 amdide - ok21:30:56.0557 4672 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys21:30:56.0559 4672 AmdK7 - ok21:30:56.0574 4672 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys21:30:56.0590 4672 AmdK8 - ok21:30:56.0882 4672 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys21:30:56.0988 4672 amdkmdag - ok21:30:57.0101 4672 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys21:30:57.0105 4672 amdkmdap - ok21:30:57.0205 4672 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys21:30:57.0207 4672 arc - ok21:30:57.0259 4672 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys21:30:57.0270 4672 arcsas - ok21:30:57.0331 4672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys21:30:57.0332 4672 AsyncMac - ok21:30:57.0354 4672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys21:30:57.0354 4672 atapi - ok21:30:57.0434 4672 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys21:30:57.0454 4672 AtiHDAudioService - ok21:30:57.0898 4672 atikmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys21:30:57.0961 4672 atikmdag - ok21:30:58.0077 4672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys21:30:58.0078 4672 Beep - ok21:30:58.0098 4672 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys21:30:58.0109 4672 blbdrive - ok21:30:58.0215 4672 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys21:30:58.0234 4672 bowser - ok21:30:58.0281 4672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys21:30:58.0297 4672 BrFiltLo - ok21:30:58.0362 4672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys21:30:58.0363 4672 BrFiltUp - ok21:30:58.0384 4672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys21:30:58.0385 4672 Brserid - ok21:30:58.0404 4672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys21:30:58.0421 4672 BrSerWdm - ok21:30:58.0439 4672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys21:30:58.0440 4672 BrUsbMdm - ok21:30:58.0456 4672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys21:30:58.0458 4672 BrUsbSer - ok21:30:58.0468 4672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys21:30:58.0480 4672 BTHMODEM - ok21:30:58.0778 4672 catchme - ok21:30:59.0098 4672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys21:30:59.0149 4672 cdfs - ok21:30:59.0242 4672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys21:30:59.0244 4672 cdrom - ok21:30:59.0288 4672 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys21:30:59.0289 4672 circlass - ok21:30:59.0385 4672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys21:30:59.0414 4672 CLFS - ok21:30:59.0509 4672 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys21:30:59.0524 4672 cmdide - ok21:30:59.0560 4672 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys21:30:59.0610 4672 Compbatt - ok21:30:59.0629 4672 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys21:30:59.0630 4672 crcdisk - ok21:30:59.0866 4672 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys21:30:59.0877 4672 Crusoe - ok21:30:59.0974 4672 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys21:31:00.0000 4672 DfsC - ok21:31:00.0069 4672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys21:31:00.0070 4672 disk - ok21:31:00.0164 4672 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys21:31:00.0201 4672 Dot4 - ok21:31:00.0630 4672 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys21:31:00.0652 4672 Dot4Print - ok21:31:00.0699 4672 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys21:31:00.0737 4672 dot4usb - ok21:31:00.0922 4672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys21:31:00.0967 4672 drmkaud - ok21:31:01.0348 4672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys21:31:01.0381 4672 DXGKrnl - ok21:31:01.0731 4672 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys21:31:01.0775 4672 e1express - ok21:31:01.0843 4672 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys21:31:01.0846 4672 E1G60 - ok21:31:01.0953 4672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys21:31:01.0964 4672 Ecache - ok21:31:02.0092 4672 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys21:31:02.0097 4672 elxstor - ok21:31:02.0436 4672 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys21:31:02.0449 4672 ErrDev - ok21:31:02.0539 4672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys21:31:02.0542 4672 exfat - ok21:31:02.0576 4672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys21:31:02.0579 4672 fastfat - ok21:31:02.0727 4672 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys21:31:02.0738 4672 fdc - ok21:31:02.0814 4672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys21:31:02.0816 4672 FileInfo - ok21:31:02.0842 4672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys21:31:02.0843 4672 Filetrace - ok21:31:02.0872 4672 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys21:31:02.0884 4672 flpydisk - ok21:31:03.0044 4672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys21:31:03.0065 4672 FltMgr - ok21:31:03.0111 4672 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys21:31:03.0136 4672 Fs_Rec - ok21:31:03.0165 4672 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys21:31:03.0178 4672 gagp30kx - ok21:31:03.0303 4672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys21:31:03.0353 4672 GEARAspiWDM - ok21:31:03.0675 4672 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys21:31:03.0684 4672 HdAudAddService - ok21:31:03.0724 4672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys21:31:03.0732 4672 HDAudBus - ok21:31:03.0749 4672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys21:31:03.0751 4672 HidBth - ok21:31:03.0763 4672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys21:31:03.0764 4672 HidIr - ok21:31:03.0914 4672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys21:31:03.0919 4672 HidUsb - ok21:31:03.0939 4672 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys21:31:03.0952 4672 HpCISSs - ok21:31:04.0072 4672 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys21:31:04.0079 4672 HTTP - ok21:31:04.0102 4672 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys21:31:04.0104 4672 i2omp - ok21:31:04.0195 4672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys21:31:04.0197 4672 i8042prt - ok21:31:04.0233 4672 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys21:31:04.0238 4672 iaStor - ok21:31:04.0251 4672 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys21:31:04.0255 4672 iaStorV - ok21:31:04.0293 4672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys21:31:04.0295 4672 iirsp - ok21:31:04.0364 4672 IntcAzAudAddService - ok21:31:04.0454 4672 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys21:31:04.0466 4672 intelide - ok21:31:04.0517 4672 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys21:31:04.0535 4672 intelppm - ok21:31:04.0599 4672 IpInIp - ok21:31:04.0636 4672 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys21:31:04.0654 4672 IPMIDRV - ok21:31:04.0710 4672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys21:31:04.0712 4672 IPNAT - ok21:31:04.0774 4672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys21:31:04.0787 4672 IRENUM - ok21:31:04.0808 4672 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys21:31:04.0828 4672 isapnp - ok21:31:04.0893 4672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys21:31:04.0908 4672 iScsiPrt - ok21:31:04.0966 4672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys21:31:04.0979 4672 iteatapi - ok21:31:05.0029 4672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys21:31:05.0031 4672 iteraid - ok21:31:05.0052 4672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys21:31:05.0053 4672 kbdclass - ok21:31:05.0128 4672 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys21:31:05.0129 4672 kbdhid - ok21:31:05.0160 4672 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys21:31:05.0166 4672 KSecDD - ok21:31:05.0258 4672 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys21:31:05.0274 4672 LHidFilt - ok21:31:05.0305 4672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys21:31:05.0307 4672 lltdio - ok21:31:05.0322 4672 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys21:31:05.0324 4672 LMouFilt - ok21:31:05.0360 4672 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys21:31:05.0376 4672 LSI_FC - ok21:31:05.0396 4672 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys21:31:05.0399 4672 LSI_SAS - ok21:31:05.0483 4672 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys21:31:05.0485 4672 LSI_SCSI - ok21:31:05.0516 4672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys21:31:05.0517 4672 luafv - ok21:31:05.0538 4672 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys21:31:05.0539 4672 MBAMProtector - ok21:31:05.0612 4672 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys21:31:05.0614 4672 megasas - ok21:31:05.0633 4672 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys21:31:05.0639 4672 MegaSR - ok21:31:05.0750 4672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys21:31:05.0766 4672 Modem - ok21:31:05.0792 4672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys21:31:05.0793 4672 monitor - ok21:31:05.0859 4672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys21:31:05.0874 4672 mouclass - ok21:31:05.0915 4672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys21:31:05.0930 4672 mouhid - ok21:31:05.0993 4672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys21:31:05.0994 4672 MountMgr - ok21:31:06.0072 4672 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys21:31:06.0075 4672 MpFilter - ok21:31:06.0131 4672 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys21:31:06.0148 4672 mpio - ok21:31:06.0280 4672 MpKsl8f59189e (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A8B4297-EE7A-40B0-8CE6-937F4FF19655}\MpKsl8f59189e.sys21:31:06.0281 4672 MpKsl8f59189e - ok21:31:06.0380 4672 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys21:31:06.0381 4672 MpNWMon - ok21:31:06.0405 4672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys21:31:06.0416 4672 mpsdrv - ok21:31:06.0443 4672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys21:31:06.0445 4672 Mraid35x - ok21:31:06.0475 4672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys21:31:06.0477 4672 MRxDAV - ok21:31:06.0519 4672 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys21:31:06.0521 4672 mrxsmb - ok21:31:06.0554 4672 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys21:31:06.0557 4672 mrxsmb10 - ok21:31:06.0589 4672 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys21:31:06.0591 4672 mrxsmb20 - ok21:31:06.0608 4672 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys21:31:06.0610 4672 msahci - ok21:31:06.0651 4672 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys21:31:06.0653 4672 msdsm - ok21:31:06.0678 4672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys21:31:06.0679 4672 Msfs - ok21:31:06.0729 4672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys21:31:06.0729 4672 msisadrv - ok21:31:06.0774 4672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys21:31:06.0775 4672 MSKSSRV - ok21:31:06.0835 4672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys21:31:06.0837 4672 MSPCLOCK - ok21:31:06.0877 4672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys21:31:06.0878 4672 MSPQM - ok21:31:06.0963 4672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys21:31:06.0966 4672 MsRPC - ok21:31:06.0993 4672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys21:31:06.0994 4672 mssmbios - ok21:31:07.0011 4672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys21:31:07.0012 4672 MSTEE - ok21:31:07.0031 4672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys21:31:07.0032 4672 Mup - ok21:31:07.0131 4672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys21:31:07.0139 4672 NativeWifiP - ok21:31:07.0367 4672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys21:31:07.0374 4672 NDIS - ok21:31:07.0411 4672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys21:31:07.0412 4672 NdisTapi - ok21:31:07.0424 4672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys21:31:07.0440 4672 Ndisuio - ok21:31:07.0514 4672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys21:31:07.0517 4672 NdisWan - ok21:31:07.0532 4672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys21:31:07.0544 4672 NDProxy - ok21:31:07.0629 4672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys21:31:07.0630 4672 NetBIOS - ok21:31:07.0694 4672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys21:31:07.0696 4672 netbt - ok21:31:07.0777 4672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys21:31:07.0789 4672 nfrd960 - ok21:31:07.0819 4672 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys21:31:07.0820 4672 NisDrv - ok21:31:07.0923 4672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys21:31:07.0924 4672 Npfs - ok21:31:07.0934 4672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys21:31:07.0935 4672 nsiproxy - ok21:31:08.0016 4672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys21:31:08.0030 4672 Ntfs - ok21:31:08.0051 4672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys21:31:08.0053 4672 ntrigdigi - ok21:31:08.0066 4672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys21:31:08.0077 4672 Null - ok21:31:08.0098 4672 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys21:31:08.0100 4672 nvraid - ok21:31:08.0119 4672 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys21:31:08.0120 4672 nvstor - ok21:31:08.0172 4672 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys21:31:08.0197 4672 nv_agp - ok21:31:08.0205 4672 NwlnkFlt - ok21:31:08.0214 4672 NwlnkFwd - ok21:31:08.0288 4672 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys21:31:08.0303 4672 ohci1394 - ok21:31:08.0392 4672 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys21:31:08.0395 4672 Parport - ok21:31:08.0491 4672 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys21:31:08.0492 4672 partmgr - ok21:31:08.0507 4672 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys21:31:08.0508 4672 Parvdm - ok21:31:08.0587 4672 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms21:31:08.0627 4672 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok21:31:08.0676 4672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys21:31:08.0678 4672 pci - ok21:31:08.0728 4672 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys21:31:08.0728 4672 pciide - ok21:31:08.0756 4672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys21:31:08.0759 4672 pcmcia - ok21:31:08.0825 4672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys21:31:08.0857 4672 PEAUTH - ok21:31:08.0947 4672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys21:31:08.0961 4672 PptpMiniport - ok21:31:09.0022 4672 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys21:31:09.0024 4672 Processor - ok21:31:09.0100 4672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys21:31:09.0105 4672 PSched - ok21:31:09.0173 4672 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys21:31:09.0174 4672 PxHelp20 - ok21:31:09.0260 4672 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys21:31:09.0275 4672 ql2300 - ok21:31:09.0328 4672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys21:31:09.0331 4672 ql40xx - ok21:31:09.0345 4672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys21:31:09.0347 4672 QWAVEdrv - ok21:31:09.0663 4672 R300 (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys21:31:09.0728 4672 R300 - ok21:31:09.0796 4672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys21:31:09.0797 4672 RasAcd - ok21:31:09.0815 4672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys21:31:09.0817 4672 Rasl2tp - ok21:31:09.0876 4672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys21:31:09.0877 4672 RasPppoe - ok21:31:09.0913 4672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys21:31:09.0937 4672 RasSstp - ok21:31:09.0992 4672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys21:31:09.0996 4672 rdbss - ok21:31:10.0008 4672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys21:31:10.0010 4672 RDPCDD - ok21:31:10.0033 4672 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys21:31:10.0038 4672 rdpdr - ok21:31:10.0095 4672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys21:31:10.0097 4672 RDPENCDD - ok21:31:10.0120 4672 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys21:31:10.0124 4672 RDPWD - ok21:31:10.0153 4672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys21:31:10.0167 4672 rspndr - ok21:31:10.0234 4672 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys21:31:10.0238 4672 RTL8169 - ok21:31:10.0299 4672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys21:31:10.0301 4672 sbp2port - ok21:31:10.0330 4672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys21:31:10.0331 4672 secdrv - ok21:31:10.0417 4672 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys21:31:10.0418 4672 Serenum - ok21:31:10.0431 4672 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys21:31:10.0433 4672 Serial - ok21:31:10.0447 4672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys21:31:10.0449 4672 sermouse - ok21:31:10.0474 4672 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys21:31:10.0486 4672 sffdisk - ok21:31:10.0509 4672 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys21:31:10.0510 4672 sffp_mmc - ok21:31:10.0519 4672 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys21:31:10.0520 4672 sffp_sd - ok21:31:10.0538 4672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys21:31:10.0549 4672 sfloppy - ok21:31:10.0571 4672 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys21:31:10.0582 4672 sisagp - ok21:31:10.0600 4672 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys21:31:10.0616 4672 SiSRaid2 - ok21:31:10.0687 4672 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys21:31:10.0689 4672 SiSRaid4 - ok21:31:10.0749 4672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys21:31:10.0751 4672 Smb - ok21:31:10.0796 4672 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys21:31:10.0799 4672 snapman - ok21:31:10.0820 4672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys21:31:10.0821 4672 spldr - ok21:31:10.0892 4672 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys21:31:10.0896 4672 srv - ok21:31:10.0927 4672 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys21:31:10.0930 4672 srv2 - ok21:31:11.0000 4672 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys21:31:11.0002 4672 srvnet - ok21:31:11.0076 4672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys21:31:11.0077 4672 swenum - ok21:31:11.0098 4672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys21:31:11.0099 4672 Symc8xx - ok21:31:11.0109 4672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys21:31:11.0111 4672 Sym_hi - ok21:31:11.0128 4672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys21:31:11.0142 4672 Sym_u3 - ok21:31:11.0298 4672 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys21:31:11.0315 4672 Tcpip - ok21:31:11.0368 4672 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys21:31:11.0375 4672 Tcpip6 - ok21:31:11.0393 4672 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys21:31:11.0409 4672 tcpipreg - ok21:31:11.0434 4672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys21:31:11.0449 4672 TDPIPE - ok21:31:11.0539 4672 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys21:31:11.0549 4672 tdrpman273 - ok21:31:11.0599 4672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys21:31:11.0610 4672 TDTCP - ok21:31:11.0664 4672 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys21:31:11.0666 4672 tdx - ok21:31:11.0697 4672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys21:31:11.0710 4672 TermDD - ok21:31:11.0746 4672 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys21:31:11.0747 4672 tifsfilter - ok21:31:11.0820 4672 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys21:31:11.0828 4672 timounter - ok21:31:11.0893 4672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys21:31:11.0895 4672 tssecsrv - ok21:31:11.0909 4672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys21:31:11.0921 4672 tunmp - ok21:31:11.0972 4672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys21:31:11.0984 4672 tunnel - ok21:31:12.0004 4672 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys21:31:12.0006 4672 uagp35 - ok21:31:12.0070 4672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys21:31:12.0074 4672 udfs - ok21:31:12.0099 4672 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys21:31:12.0101 4672 uliagpkx - ok21:31:12.0125 4672 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys21:31:12.0130 4672 uliahci - ok21:31:12.0186 4672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys21:31:12.0201 4672 UlSata - ok21:31:12.0235 4672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys21:31:12.0252 4672 ulsata2 - ok21:31:12.0275 4672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys21:31:12.0277 4672 umbus - ok21:31:12.0338 4672 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys21:31:12.0341 4672 usbaudio - ok21:31:12.0399 4672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys21:31:12.0400 4672 usbccgp - ok21:31:12.0466 4672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys21:31:12.0468 4672 usbcir - ok21:31:12.0535 4672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys21:31:12.0552 4672 usbehci - ok21:31:12.0581 4672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys21:31:12.0585 4672 usbhub - ok21:31:12.0600 4672 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys21:31:12.0602 4672 usbohci - ok21:31:12.0624 4672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys21:31:12.0637 4672 usbprint - ok21:31:12.0730 4672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys21:31:12.0743 4672 usbscan - ok21:31:12.0773 4672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS21:31:12.0774 4672 USBSTOR - ok21:31:12.0790 4672 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys21:31:12.0791 4672 usbuhci - ok21:31:12.0821 4672 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys21:31:12.0834 4672 vga - ok21:31:12.0882 4672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys21:31:12.0900 4672 VgaSave - ok21:31:12.0960 4672 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys21:31:12.0962 4672 viaagp - ok21:31:12.0975 4672 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys21:31:12.0987 4672 ViaC7 - ok21:31:13.0017 4672 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys21:31:13.0019 4672 viaide - ok21:31:13.0035 4672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys21:31:13.0036 4672 volmgr - ok21:31:13.0096 4672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys21:31:13.0100 4672 volmgrx - ok21:31:13.0140 4672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys21:31:13.0143 4672 volsnap - ok21:31:13.0193 4672 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys21:31:13.0196 4672 vsmraid - ok21:31:13.0250 4672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys21:31:13.0251 4672 WacomPen - ok21:31:13.0266 4672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys21:31:13.0280 4672 Wanarp - ok21:31:13.0284 4672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys21:31:13.0285 4672 Wanarpv6 - ok21:31:13.0322 4672 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys21:31:13.0324 4672 Wd - ok21:31:13.0351 4672 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys21:31:13.0358 4672 Wdf01000 - ok21:31:13.0461 4672 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys21:31:13.0462 4672 WmiAcpi - ok21:31:13.0596 4672 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys21:31:13.0614 4672 WpdUsb - ok21:31:13.0713 4672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys21:31:13.0714 4672 ws2ifsl - ok21:31:13.0806 4672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys21:31:13.0809 4672 WUDFRd - ok21:31:13.0869 4672 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR021:31:13.0886 4672 \Device\Harddisk0\DR0 - ok21:31:13.0903 4672 Boot (0x1200) (112daeb0f664b6bc662155f6433f062a) \Device\Harddisk0\DR0\Partition021:31:13.0903 4672 \Device\Harddisk0\DR0\Partition0 - ok21:31:13.0906 4672 Boot (0x1200) (6f2987e9589b6d803a6a2aec082524d2) \Device\Harddisk0\DR0\Partition121:31:13.0907 4672 \Device\Harddisk0\DR0\Partition1 - ok21:31:13.0909 4672 ============================================================21:31:13.0909 4672 Scan finished21:31:13.0909 4672 ============================================================21:31:13.0919 9012 Detected object count: 021:31:13.0920 9012 Actual detected object count: 021:31:22.0530 9036 Deinitialize success Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2011 Staff ID:480142 Share Posted September 28, 2011 Hmm.Grab a fresh copy of ComboFix, run it, and post its log directly into your reply. Use multiple posts if necessary. Link to post Share on other sites More sharing options...
Len2121 Posted September 28, 2011 Author ID:480299 Share Posted September 28, 2011 Hmm.Grab a fresh copy of ComboFix, run it, and post its log directly into your reply. Use multiple posts if necessary.Well this got interesting.Downloaded combofix from bleepingcomputer.com. Ran it as usual, walked away for about 15 minutes, came back and the computer was in the middle of a reboot. Didn't expect that. Finished rebooting and logged into my username and it launched combofix immediately except it was starting and stopping maybe 5 times/second, the blue command window jumping all over the screen. Disabled my mbam (windows defender was still off). No difference and I couldn't kill the process from the task manager (which alternated in name between combofix.exe and combofix/pev.3XE) It was so amazing to watch I took a movie of it.Re-downloaded combofix from the alternate server on bleepingcomputer's site. Was in spanish but went ahead with it. Ran it and it said there was a never version, did I want to update? Sure. Updated and complained about not being able to find combofix.com. Went through the whole sequence again with same result.Thinking maybe the browswer was hijacked to a hacked copy of combofix, I downloaded it onto a thumbdrive from another computer and ran it from there. This time it ran normally. Here's the report=================================================================================================ComboFix 11-09-27.04 - Admin 09/27/2011 22:43:44.3.4 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2044 [GMT -7:00]Running from: c:\users\Carroll\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\program files\google\common\google updater\googleupdaterservice.exe.-- Previous Run --.Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\ERDNT\cache\atapi.sys .--------..((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))..2011-09-28 06:00 . 2011-09-28 06:01 -------- d-----w- c:\users\Admin\AppData\Local\temp2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Public\AppData\Local\temp2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Guest\AppData\Local\temp2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Default\AppData\Local\temp2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Carroll\AppData\Local\temp2011-09-27 16:03 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C0D02A-949C-4D79-8259-9372964D3064}\mpengine.dll2011-09-20 11:55 . 2011-09-20 11:55 -------- d-----w- c:\programdata\HP Product Assistant2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Common Files\HP2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Hewlett-Packard2011-09-20 11:37 . 2007-10-31 04:19 729088 ----a-w- c:\windows\system32\hpwwiax3.dll2011-09-20 11:37 . 2007-01-17 08:37 364544 ----a-w- c:\windows\system32\hppldcoi.dll2011-09-20 11:37 . 2007-01-17 08:31 294912 ----a-w- c:\windows\system32\hpovst11.dll2011-09-20 10:33 . 2011-09-20 10:34 -------- d-----w- c:\programdata\PCDr2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Admin\AppData\Roaming\PCDr2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Carroll\AppData\Roaming\PCDr2011-09-20 10:23 . 2007-10-31 04:19 970752 ----a-w- c:\windows\system32\hpwtiop3.dll2011-09-20 09:15 . 2011-09-20 09:14 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-09-15 23:19 . 2011-09-15 23:19 -------- d-----w- c:\users\Caylen2011-09-14 04:47 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat2011-09-13 09:35 . 2011-09-13 09:35 -------- d-----w- c:\windows\Downloaded Installations2011-09-13 06:42 . 2008-07-01 19:00 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5jy.dll2011-09-13 06:41 . 2008-07-01 19:10 118272 ----a-w- c:\windows\system32\hpz3l5jy.dll2011-09-13 06:41 . 2011-09-13 06:41 -------- d-----w- c:\windows\braveheart2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Roaming\HP2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Local\HP2011-09-12 04:31 . 2011-09-12 04:31 -------- d-----w- c:\program files\Common Files\Adobe2011-09-08 07:16 . 2011-09-08 07:16 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A30A5F8B-0062-4C87-90B5-303D48142112}\gapaengine.dll2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll2011-09-03 05:43 . 2011-09-03 05:43 -------- d-----w- c:\users\Admin\AppData\Roaming\f-secure2011-08-31 06:40 . 2011-08-31 06:40 691 ----a-w- c:\users\Admin\AppData\Roaming\GetValue.vbs2011-08-31 06:40 . 2011-08-31 06:40 35 ----a-w- c:\users\Admin\AppData\Roaming\SetValue.bat2011-08-30 10:28 . 2011-08-30 10:05 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe2011-08-30 07:20 . 2011-08-30 06:45 1916416 ----a-w- C:\aswMBR.exe2011-08-30 05:05 . 2011-08-30 04:22 302592 ----a-w- C:\o2chis5c.exe2011-08-29 07:10 . 2011-08-29 07:11 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys2011-08-29 07:10 . 2011-08-29 07:10 -------- d-----w- c:\users\Admin\AppData\Roaming\1F1C8B12-A5DA-4288-B01E-DC977B44C3B92011-08-29 07:10 . 2011-08-29 07:10 600928 ----a-w- c:\windows\system32\drivers\timntr.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-21 16:35 . 2011-07-03 22:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-12 23:14 . 2011-05-22 09:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-09-01 00:00 . 2011-06-08 07:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-29 07:10 . 2011-04-18 01:51 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys2011-08-29 07:10 . 2009-10-24 08:34 170528 ----a-w- c:\windows\system32\drivers\snapman.sys2011-08-12 02:44 . 2011-08-24 17:59 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll2011-07-22 02:54 . 2011-08-11 10:08 1797632 ----a-w- c:\windows\system32\jscript9.dll2011-07-22 02:48 . 2011-08-11 10:08 1126912 ----a-w- c:\windows\system32\wininet.dll2011-07-22 02:44 . 2011-08-11 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-11 13:25 . 2011-08-24 18:02 2048 ----a-w- c:\windows\system32\tzres.dll2011-07-08 06:37 . 2011-07-08 06:37 53760 ----a-w- c:\windows\system32\OVDecode.dll2011-07-08 06:36 . 2011-07-08 06:36 13904896 ----a-w- c:\windows\system32\amdocl.dll2011-07-08 04:14 . 2011-07-08 04:14 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-07-08 03:33 . 2011-07-08 03:33 17940992 ----a-w- c:\windows\system32\atioglxx.dll2011-07-08 03:29 . 2011-07-08 03:29 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-07-08 03:29 . 2011-05-25 03:07 689152 ----a-w- c:\windows\system32\aticfx32.dll2011-07-08 03:25 . 2011-07-08 03:25 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-07-08 03:25 . 2011-07-08 03:25 401408 ----a-w- c:\windows\system32\atieclxx.exe2011-07-08 03:24 . 2011-07-08 03:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe2011-07-08 03:23 . 2011-07-08 03:23 159744 ----a-w- c:\windows\system32\atitmmxx.dll2011-07-08 03:23 . 2011-07-08 03:23 356352 ----a-w- c:\windows\system32\atipdlxx.dll2011-07-08 03:23 . 2011-07-08 03:23 278528 ----a-w- c:\windows\system32\Oemdspif.dll2011-07-08 03:23 . 2011-07-08 03:23 15872 ----a-w- c:\windows\system32\atimuixx.dll2011-07-08 03:22 . 2011-07-08 03:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll2011-07-08 03:19 . 2011-07-08 03:19 4275712 ----a-w- c:\windows\system32\atidxx32.dll2011-07-08 03:05 . 2011-07-08 03:05 1828864 ----a-w- c:\windows\system32\atiumdmv.dll2011-07-08 03:02 . 2011-07-08 03:02 46080 ----a-w- c:\windows\system32\aticalrt.dll2011-07-08 03:01 . 2011-07-08 03:01 44032 ----a-w- c:\windows\system32\aticalcl.dll2011-07-08 03:00 . 2008-09-05 04:01 4367360 ----a-w- c:\windows\system32\atiumdag.dll2011-07-08 02:58 . 2011-07-08 02:58 6740480 ----a-w- c:\windows\system32\aticaldd.dll2011-07-08 02:55 . 2011-07-08 02:55 4039680 ----a-w- c:\windows\system32\atiumdva.dll2011-07-08 02:54 . 2011-05-25 02:18 52736 ----a-w- c:\windows\system32\coinst.dll2011-07-08 02:47 . 2011-07-08 02:47 266240 ----a-w- c:\windows\system32\atiadlxx.dll2011-07-08 02:47 . 2011-07-08 02:47 13312 ----a-w- c:\windows\system32\atiglpxx.dll2011-07-08 02:47 . 2011-07-08 02:47 32768 ----a-w- c:\windows\system32\atigktxx.dll2011-07-08 02:46 . 2011-07-08 02:46 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys2011-07-08 02:46 . 2011-07-08 02:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll2011-07-08 02:45 . 2011-05-25 02:24 29184 ----a-w- c:\windows\system32\atiu9pag.dll2011-07-08 02:45 . 2011-05-25 02:24 37376 ----a-w- c:\windows\system32\atitmpxx.dll2011-07-08 02:45 . 2011-07-08 02:45 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\atimpc32.dll2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll2011-07-06 15:31 . 2011-08-10 19:29 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts2011-07-04 03:18 . 2011-07-04 03:18 319456 ----a-w- c:\windows\DIFxAPI.dll2011-07-04 03:18 . 2011-07-04 03:18 315392 ----a-w- c:\windows\HideWin.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5550840]"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-28 394832]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-11 2536440]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Scrub2k"="c:\windows\braveheart\scrub2k.exe" [2007-04-24 65536].c:\users\Carroll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-7 813584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkbackup=c:\windows\pss\Dell Dock.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754314201-960120119-4017272859-1000]"EnableNotificationsRef"=dword:00000002.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]R2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-08-22 21744]S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-08-29 752128]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-29 3246040]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]S2 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-08-29 167968]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-03-30 97808]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12LocalServiceAndNoImpersonation REG_MULTI_SZ FontCachetermlfsvc REG_MULTI_SZ hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29].2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29].2011-09-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26].2011-09-28 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\wpclsp.dllTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exeMSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exeMSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-09-27 23:01Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(7752)c:\program files\Logitech\SetPoint\lgscroll.dll.Completion time: 2011-09-27 23:13:51ComboFix-quarantined-files.txt 2011-09-28 06:13ComboFix2.txt 2011-09-14 05:22.Pre-Run: 310,881,845,248 bytes freePost-Run: 309,802,078,208 bytes free.- - End Of File - - 964105A85D591151CD3FF2404AC719D7 Link to post Share on other sites More sharing options...
Staff screen317 Posted October 2, 2011 Staff ID:481627 Share Posted October 2, 2011 Hi,How are things running now? In detail, describe which issues remain. Link to post Share on other sites More sharing options...
Len2121 Posted October 2, 2011 Author ID:481635 Share Posted October 2, 2011 Hi,How are things running now? In detail, describe which issues remain.Hi Chris, thanks for checking back. It's still trying to phone home:00:31:07 Carroll IP-BLOCK 124.125.251.195 (Type: outgoing, Port: 49675, Process: svchost.exe)00:31:07 Carroll IP-BLOCK 124.125.251.195 (Type: outgoing, Port: 49675, Process: svchost.exe)00:31:15 Carroll IP-BLOCK 124.125.251.195 (Type: outgoing, Port: 49675, Process: svchost.exe)03:59:10 Carroll MESSAGE Scheduled update executed successfully03:59:11 Carroll MESSAGE IP Protection stopped03:59:25 Carroll MESSAGE Database updated successfully03:59:26 Carroll MESSAGE IP Protection started successfully07:39:59 Carroll MESSAGE Scheduled scan executed successfully08:15:50 Carroll IP-BLOCK 83.128.64.228 (Type: outgoing, Port: 49675, Process: svchost.exe)08:15:58 Carroll IP-BLOCK 83.128.64.228 (Type: outgoing, Port: 49675, Process: svchost.exe)08:16:06 Carroll IP-BLOCK 83.128.64.228 (Type: outgoing, Port: 49675, Process: svchost.exe)08:59:10 Carroll MESSAGE Scheduled update executed successfully Link to post Share on other sites More sharing options...
Staff screen317 Posted October 5, 2011 Staff ID:482465 Share Posted October 5, 2011 Hmm.Before we attempt additional troubleshooting steps, please do this:Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.comPlease reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).Click Start --> Run, and enter this command exactly as shown:"%userprofile%\desktop\sega.com" /killallWhen it finishes, post its log. Link to post Share on other sites More sharing options...
Len2121 Posted October 7, 2011 Author ID:483045 Share Posted October 7, 2011 Thanks for sticking with me.ComboFix 11-10-07.02 - Admin 10/06/2011 22:40:19.3.4 - x86 MINIMALMicrosoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2499 [GMT -7:00]Running from: c:\users\Admin\Desktop\sega.comCommand switches used :: /killallAV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dllc:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dllc:\programdata\PCDr\5830\Downloads\b3c595f3-948c-4aae-b2a9-7aaa0df99c97.dllc:\programdata\PCDr\5830\Downloads\b4ec5042-c9eb-4e0d-b56f-68c71eb653bf.dllc:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll..((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))..2011-10-07 05:54 . 2011-10-07 06:05 -------- d-----w- c:\users\Admin\AppData\Local\temp2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Public\AppData\Local\temp2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Guest\AppData\Local\temp2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Default\AppData\Local\temp2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Carroll\AppData\Local\temp2011-10-07 05:17 . 2011-10-07 05:17 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics2011-10-07 04:18 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1334C62F-F4EA-4B1D-8CAA-943C407E2473}\mpengine.dll2011-09-20 11:55 . 2011-09-20 11:55 -------- d-----w- c:\programdata\HP Product Assistant2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Common Files\HP2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Hewlett-Packard2011-09-20 11:37 . 2007-10-31 04:19 729088 ----a-w- c:\windows\system32\hpwwiax3.dll2011-09-20 11:37 . 2007-01-17 08:37 364544 ----a-w- c:\windows\system32\hppldcoi.dll2011-09-20 11:37 . 2007-01-17 08:31 294912 ----a-w- c:\windows\system32\hpovst11.dll2011-09-20 10:33 . 2011-10-07 05:15 -------- d-----w- c:\programdata\PCDr2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Admin\AppData\Roaming\PCDr2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Carroll\AppData\Roaming\PCDr2011-09-20 10:23 . 2007-10-31 04:19 970752 ----a-w- c:\windows\system32\hpwtiop3.dll2011-09-20 09:15 . 2011-09-20 09:14 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-09-14 04:47 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat2011-09-13 09:35 . 2011-09-13 09:35 -------- d-----w- c:\windows\Downloaded Installations2011-09-13 06:42 . 2008-07-01 19:00 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5jy.dll2011-09-13 06:41 . 2008-07-01 19:10 118272 ----a-w- c:\windows\system32\hpz3l5jy.dll2011-09-13 06:41 . 2011-09-13 06:41 -------- d-----w- c:\windows\braveheart2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Roaming\HP2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Local\HP2011-09-12 04:31 . 2011-09-12 04:31 -------- d-----w- c:\program files\Common Files\Adobe2011-09-08 07:16 . 2011-09-08 07:16 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A30A5F8B-0062-4C87-90B5-303D48142112}\gapaengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-21 16:35 . 2011-07-03 22:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-12 23:14 . 2011-05-22 09:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-09-01 00:00 . 2011-06-08 07:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-31 06:40 . 2011-08-31 06:40 691 ----a-w- c:\users\Admin\AppData\Roaming\GetValue.vbs2011-08-31 06:40 . 2011-08-31 06:40 35 ----a-w- c:\users\Admin\AppData\Roaming\SetValue.bat2011-08-30 10:05 . 2011-08-30 10:28 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe2011-08-30 06:45 . 2011-08-30 07:20 1916416 ----a-w- C:\aswMBR.exe2011-08-30 04:22 . 2011-08-30 05:05 302592 ----a-w- C:\o2chis5c.exe2011-08-29 07:11 . 2011-08-29 07:10 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys2011-08-29 07:10 . 2011-04-18 01:51 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys2011-08-29 07:10 . 2011-08-29 07:10 600928 ----a-w- c:\windows\system32\drivers\timntr.sys2011-08-29 07:10 . 2009-10-24 08:34 170528 ----a-w- c:\windows\system32\drivers\snapman.sys2011-08-12 02:44 . 2011-08-24 17:59 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll2011-07-22 02:54 . 2011-08-11 10:08 1797632 ----a-w- c:\windows\system32\jscript9.dll2011-07-22 02:48 . 2011-08-11 10:08 1126912 ----a-w- c:\windows\system32\wininet.dll2011-07-22 02:44 . 2011-08-11 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll2011-07-11 13:25 . 2011-08-24 18:02 2048 ----a-w- c:\windows\system32\tzres.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5550840]"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-28 394832]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-11 2536440]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152].c:\users\Carroll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-7 813584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkbackup=c:\windows\pss\Dell Dock.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754314201-960120119-4017272859-1000]"EnableNotificationsRef"=dword:00000002.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]R2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-08-22 21744]S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-08-29 752128]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-29 3246040]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]S2 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-08-29 167968]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-03-30 97808]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12LocalServiceAndNoImpersonation REG_MULTI_SZ FontCachetermlfsvc REG_MULTI_SZ hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29].2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29].2011-10-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26].2011-10-07 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\wpclsp.dllTCP: DhcpNameServer = 192.168.1.254..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-06 23:05Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms".------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exec:\windows\system32\atieclxx.exec:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exec:\program files\Common Files\Acronis\Schedule2\schedul2.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\ehome\ehRecvr.exec:\windows\ehome\ehsched.exec:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exec:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exec:\program files\iPod\bin\iPodService.exec:\windows\System32\msdtc.exec:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exec:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXEc:\windows\system32\locator.exec:\windows\System32\snmptrap.exec:\program files\Common Files\SureThing Shared\stllssvr.exec:\windows\system32\UI0Detect.exec:\windows\System32\vds.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\windows\system32\wbem\WmiApSrv.exec:\windows\system32\WUDFHost.exec:\windows\system32\iashost.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2011-10-06 23:10:12 - machine was rebootedComboFix-quarantined-files.txt 2011-10-07 06:10ComboFix2.txt 2011-09-28 06:13ComboFix3.txt 2011-09-14 05:22.Pre-Run: 298,395,996,160 bytes freePost-Run: 295,120,961,536 bytes free.- - End Of File - - 586E535801C2C7D52D4E9F223CEC0142Still:00:31:00 Carroll IP-BLOCK 218.7.221.58 (Type: outgoing, Port: 49675, Process: svchost.exe)00:31:08 Carroll IP-BLOCK 218.7.221.58 (Type: outgoing, Port: 49675, Process: svchost.exe)00:31:08 Carroll IP-BLOCK 218.7.221.58 (Type: outgoing, Port: 49675, Process: svchost.exe) Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2011 Staff ID:483803 Share Posted October 10, 2011 Let's see if one of your legitimate programs is responsible for this:Click Start --> Run, and type in msconfig.exeClick the Startup tab, then click Disable all...Click OK.Restart your computer and use it normally for a bit, and let me know if the problem persists. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.Let me know how it goes.-screen317 Link to post Share on other sites More sharing options...
Len2121 Posted October 12, 2011 Author ID:484946 Share Posted October 12, 2011 Ok, did that. Had to start mbam manually obviously and initiate realtime protection.A couple of hours later and it's back:02:38:08 Carroll IP-BLOCK 195.161.7.26 (Type: outgoing, Port: 49675, Process: svchost.exe)Before I tried your suggestion I was looking through recent logs and found this from yesterday:17:18:39 Carroll IP-BLOCK 117.21.224.235 (Type: outgoing, Port: 57088, Process: iexplore.exe)Don't know if this thing is morphing to use a different process or if it might be a new issue. Maybe it was just a result of her visiting a questionable website. It's just odd that nothing was called from svchost.exe on that day, whereas usually svchost makes several attempts/day.Bottom line, startup|disable all didn't kill it.Thanks Link to post Share on other sites More sharing options...
Staff screen317 Posted October 14, 2011 Staff ID:485882 Share Posted October 14, 2011 Hi,Please post a full protection log and I will have our team take a look. Link to post Share on other sites More sharing options...
Len2121 Posted October 17, 2011 Author ID:486388 Share Posted October 17, 2011 Thanks Chris, I hope by a full protection log you meant for me to post DDS results. If not please let me know what you want..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421Run by Admin at 21:43:44 on 2011-10-16Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1845 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Windows\System32\alg.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\ehome\ehRecvr.exeC:\Windows\ehome\ehsched.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\msdtc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exec:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k regsvcC:\Windows\system32\locator.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\System32\snmptrap.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\SureThing Shared\stllssvr.exeC:\Windows\System32\vds.exeC:\Windows\system32\svchost.exe -k wcssvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\iashost.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLLBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [sAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServicesmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exemPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllLSP: c:\windows\system32\wpclsp.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{F122BA81-ACD5-4D61-AF47-A651FCC98B43} : DhcpNameServer = 192.168.1.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLAppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-17 752128]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]R1 MpKsl7fc09d29;MpKsl7fc09d29;c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\MpKsl7fc09d29.sys [2011-10-16 28752]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-8-29 3246040]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-7 176128]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-22 366152]R2 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]R2 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-8-29 167968]R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-7 8312832]R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-7 244736]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-3-30 97808]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22216]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]S2 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-8-22 21744]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2011-10-16 08:56:45 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\MpKsl7fc09d29.sys2011-10-16 08:56:17 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\offreg.dll2011-10-16 08:56:11 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\mpengine.dll2011-10-13 01:08:52 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-10-13 01:08:52 57856 ----a-w- c:\windows\system32\MSDvbNP.ax2011-10-13 01:08:52 293376 ----a-w- c:\windows\system32\psisdecd.dll2011-10-13 01:08:52 217088 ----a-w- c:\windows\system32\psisrndr.ax2011-10-13 01:08:51 2043392 ----a-w- c:\windows\system32\win32k.sys2011-10-13 01:08:42 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat2011-10-13 01:08:35 563712 ----a-w- c:\windows\system32\oleaut32.dll2011-10-13 01:08:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-13 01:08:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-10-13 01:08:35 238080 ----a-w- c:\windows\system32\oleacc.dll2011-10-11 07:33:47 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{045e4158-f032-4513-ab4a-d34ab2ec0cf4}\gapaengine.dll2011-10-07 07:08:29 -------- d--h--w- c:\windows\PIF2011-10-07 06:10:14 -------- d-----w- c:\users\admin\appdata\local\temp2011-10-07 06:09:12 -------- d-sh--w- C:\$RECYCLE.BIN2011-10-07 05:17:01 -------- d-----w- c:\users\admin\appdata\local\ElevatedDiagnostics2011-09-28 04:58:16 98816 ----a-w- c:\windows\sed.exe2011-09-28 04:58:16 518144 ----a-w- c:\windows\SWREG.exe2011-09-28 04:58:16 256000 ----a-w- c:\windows\PEV.exe2011-09-28 04:58:16 208896 ----a-w- c:\windows\MBR.exe2011-09-20 11:40:28 -------- d-----w- c:\program files\common files\HP2011-09-20 11:37:35 729088 ----a-w- c:\windows\system32\hpwwiax3.dll2011-09-20 11:37:34 364544 ----a-w- c:\windows\system32\hppldcoi.dll2011-09-20 11:37:34 294912 ----a-w- c:\windows\system32\hpovst11.dll2011-09-20 10:33:54 -------- d-----w- c:\programdata\PCDr2011-09-20 10:25:33 -------- d-----w- c:\users\admin\appdata\roaming\PCDr2011-09-20 10:23:45 970752 ----a-w- c:\windows\system32\hpwtiop3.dll2011-09-20 09:15:10 472808 ----a-w- c:\windows\system32\deployJava1.dll.==================== Find3M ====================.2011-09-21 16:35:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-31 06:40:13 691 ----a-w- c:\users\admin\appdata\roaming\GetValue.vbs2011-08-31 06:40:13 35 ----a-w- c:\users\admin\appdata\roaming\SetValue.bat2011-08-30 06:45:10 1916416 ----a-w- C:\aswMBR.exe2011-08-30 04:22:22 302592 ----a-w- C:\o2chis5c.exe2011-08-29 07:11:00 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys2011-08-29 07:10:48 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys2011-08-29 07:10:45 600928 ----a-w- c:\windows\system32\drivers\timntr.sys2011-08-29 07:10:15 170528 ----a-w- c:\windows\system32\drivers\snapman.sys.============= FINISH: 21:44:47.83 ===============Also see Attach.zipMBAM log:02:59:13 Carroll MESSAGE Scheduled update executed successfully02:59:30 Carroll MESSAGE IP Protection stopped03:01:17 Carroll MESSAGE Database updated successfully03:01:20 Carroll MESSAGE IP Protection started successfully04:29:59 Carroll MESSAGE Scheduled scan executed successfully06:59:10 Carroll MESSAGE Scheduled update executed successfully06:59:11 Carroll MESSAGE IP Protection stopped06:59:21 Carroll MESSAGE Database updated successfully06:59:22 Carroll MESSAGE IP Protection started successfully07:09:54 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)07:09:54 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)07:10:02 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)07:10:02 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)07:39:59 Carroll MESSAGE Scheduled scan executed successfully08:59:10 Carroll MESSAGE Scheduled update executed successfully08:59:11 Carroll MESSAGE IP Protection stopped08:59:17 Carroll MESSAGE Database updated successfully08:59:18 Carroll MESSAGE IP Protection started successfully10:59:10 Carroll MESSAGE Scheduled update executed successfully10:59:11 Carroll MESSAGE IP Protection stopped10:59:16 Carroll MESSAGE Database updated successfully10:59:17 Carroll MESSAGE IP Protection started successfully14:59:14 Carroll MESSAGE Scheduled update executed successfully14:59:16 Carroll MESSAGE IP Protection stopped14:59:32 Carroll MESSAGE Database updated successfully14:59:33 Carroll MESSAGE IP Protection started successfullyDDS Attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted October 17, 2011 Staff ID:486402 Share Posted October 17, 2011 Hi,I am consulting with my colleagues and will be back with you as soon as possible. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 18, 2011 Staff ID:486695 Share Posted October 18, 2011 Hi,Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):ESET Online Scanner v3 Java™ 6 Update 5Adobe Flash Player Restart your computer.Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.Get the latest version of Java and Adobe Flash Player.Reboot and see if the blocks persist. If so:Click Start, enter cmd.exe, and right-click on cmd.exe when it appears. Click Run as Admin...In the black box that appears, enter this command exactly as shown:chkdsk>"%userprofile%\desktop\chkdsk.txt"Press Enter. When it finishes, open chkdsk.txt on your Desktop and post its contents here.-screen317 Link to post Share on other sites More sharing options...
Len2121 Posted October 19, 2011 Author ID:486970 Share Posted October 19, 2011 Ok, attempted your instructions.Couldn't find an instance of Java 6 Update 5 or any other java version to uninstall in Vista's Programs and Features control panel applet. Couldn't find it in any Start program file menu either, nor any uninstall exe file in the Java program dirs. I had installed it early on in this process with you. Maybe there's not supposed to be an uninstall app? Anyway I deleted the two java directories I found in the Program Files directory. Hmm, maybe I should have scanned the registry for remnants. The other anomally was when trying to run TFC it crashed after awhile, I believe I got a Windows message saying the program had stopped responding or similar. Got it to run by booting into safe mode, but I wonder if that might have an impact on TFC's effectiveness.Followed rest of instructions. No change. So the chkdsk report follows.A botched installation of an hp printer program 'Solution Center' annoys every once in awhile to install but can't. I don't think it's related to my svchost calls because the IP's traced to Guatemala the last few times I checked, and Mbam obviously thinks it's evil enough to block. But for yuks I'm going to block in msconfig startup or in services and let you know if anything changes.Thanks again.The type of the file system is NTFS.Volume label is OS.WARNING! F parameter not specified.Running CHKDSK in read-only mode.CHKDSK is verifying files (stage 1 of 3)... 0 percent complete. (0 of 294144 file records processed) 0 percent complete. (876 of 294144 file records processed) 0 percent complete. (10632 of 294144 file records processed) 0 percent complete. (12182 of 294144 file records processed) 0 percent complete. (16295 of 294144 file records processed) 1 percent complete. (29415 of 294144 file records processed) 1 percent complete. (33025 of 294144 file records processed) 1 percent complete. (46046 of 294144 file records processed) 1 percent complete. (50730 of 294144 file records processed) 1 percent complete. (58593 of 294144 file records processed) 2 percent complete. (58829 of 294144 file records processed) 2 percent complete. (82754 of 294144 file records processed) 3 percent complete. (88244 of 294144 file records processed) 4 percent complete. (117658 of 294144 file records processed) 5 percent complete. (147072 of 294144 file records processed) 6 percent complete. (176487 of 294144 file records processed) 6 percent complete. (190465 of 294144 file records processed) 7 percent complete. (205901 of 294144 file records processed) 8 percent complete. (235316 of 294144 file records processed) 9 percent complete. (264730 of 294144 file records processed) 294144 file records processed. File verification completed. 889 large file records processed. 0 bad file records processed. 0 EA records processed. 96 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)...11 percent complete. (7932 of 358338 index entries processed) 11 percent complete. (10646 of 358338 index entries processed) 11 percent complete. (13241 of 358338 index entries processed) 12 percent complete. (16191 of 358338 index entries processed) 13 percent complete. (24450 of 358338 index entries processed) 13 percent complete. (31887 of 358338 index entries processed) 14 percent complete. (32710 of 358338 index entries processed) 15 percent complete. (40969 of 358338 index entries processed) 15 percent complete. (47874 of 358338 index entries processed) 16 percent complete. (49229 of 358338 index entries processed) 17 percent complete. (57488 of 358338 index entries processed) 18 percent complete. (65747 of 358338 index entries processed) 19 percent complete. (74007 of 358338 index entries processed) 20 percent complete. (82266 of 358338 index entries processed) 21 percent complete. (90526 of 358338 index entries processed) 22 percent complete. (98785 of 358338 index entries processed) 23 percent complete. (107044 of 358338 index entries processed) 24 percent complete. (115304 of 358338 index entries processed) 25 percent complete. (123563 of 358338 index entries processed) 26 percent complete. (131823 of 358338 index entries processed) 27 percent complete. (140082 of 358338 index entries processed) 28 percent complete. (148341 of 358338 index entries processed) 29 percent complete. (156601 of 358338 index entries processed) 30 percent complete. (164860 of 358338 index entries processed) 31 percent complete. (173120 of 358338 index entries processed) 32 percent complete. (181379 of 358338 index entries processed) 33 percent complete. (189638 of 358338 index entries processed) 34 percent complete. (197898 of 358338 index entries processed) 35 percent complete. (206157 of 358338 index entries processed) 36 percent complete. (214417 of 358338 index entries processed) 37 percent complete. (222676 of 358338 index entries processed) 38 percent complete. (230935 of 358338 index entries processed) 39 percent complete. (239195 of 358338 index entries processed) 40 percent complete. (247454 of 358338 index entries processed) 41 percent complete. (255714 of 358338 index entries processed) 42 percent complete. (263973 of 358338 index entries processed) 43 percent complete. (272232 of 358338 index entries processed) 44 percent complete. (280492 of 358338 index entries processed) 45 percent complete. (288751 of 358338 index entries processed) 45 percent complete. (294147 of 358338 index entries processed) 45 percent complete. (294155 of 358338 index entries processed) 45 percent complete. (294357 of 358338 index entries processed) 45 percent complete. (294718 of 358338 index entries processed) 45 percent complete. (295179 of 358338 index entries processed) 45 percent complete. (295337 of 358338 index entries processed) 45 percent complete. (295461 of 358338 index entries processed) 45 percent complete. (295813 of 358338 index entries processed) 45 percent complete. (295863 of 358338 index entries processed) 45 percent complete. (296012 of 358338 index entries processed) 45 percent complete. (296219 of 358338 index entries processed) 45 percent complete. (296335 of 358338 index entries processed) 45 percent complete. (296341 of 358338 index entries processed) 45 percent complete. (296700 of 358338 index entries processed) 45 percent complete. (296769 of 358338 index entries processed) 45 percent complete. (296792 of 358338 index entries processed) 45 percent complete. (296973 of 358338 index entries processed) 46 percent complete. (297011 of 358338 index entries processed) 46 percent complete. (297718 of 358338 index entries processed) 46 percent complete. (298021 of 358338 index entries processed) 46 percent complete. (298116 of 358338 index entries processed) 46 percent complete. (298204 of 358338 index entries processed) 46 percent complete. (298939 of 358338 index entries processed) 46 percent complete. (299449 of 358338 index entries processed) 46 percent complete. (299856 of 358338 index entries processed) 46 percent complete. (300118 of 358338 index entries processed) 46 percent complete. (300776 of 358338 index entries processed) 46 percent complete. (301220 of 358338 index entries processed) 46 percent complete. (301660 of 358338 index entries processed) 46 percent complete. (301838 of 358338 index entries processed) 46 percent complete. (302053 of 358338 index entries processed) 46 percent complete. (302439 of 358338 index entries processed) 46 percent complete. (302555 of 358338 index entries processed) 46 percent complete. (302680 of 358338 index entries processed) 46 percent complete. (302854 of 358338 index entries processed) 46 percent complete. (303022 of 358338 index entries processed) 46 percent complete. (303251 of 358338 index entries processed) 46 percent complete. (303369 of 358338 index entries processed) 46 percent complete. (303551 of 358338 index entries processed) 46 percent complete. (303704 of 358338 index entries processed) 46 percent complete. (303960 of 358338 index entries processed) 46 percent complete. (304251 of 358338 index entries processed) 46 percent complete. (304549 of 358338 index entries processed) 46 percent complete. (304785 of 358338 index entries processed) 46 percent complete. (305072 of 358338 index entries processed) 47 percent complete. (305270 of 358338 index entries processed) 47 percent complete. (305388 of 358338 index entries processed) 47 percent complete. (305516 of 358338 index entries processed) 47 percent complete. (306126 of 358338 index entries processed) 47 percent complete. (306329 of 358338 index entries processed) 47 percent complete. (306624 of 358338 index entries processed) 47 percent complete. (306814 of 358338 index entries processed) 47 percent complete. (306995 of 358338 index entries processed) 47 percent complete. (307437 of 358338 index entries processed) 47 percent complete. (307614 of 358338 index entries processed) 47 percent complete. (307759 of 358338 index entries processed) 47 percent complete. (307975 of 358338 index entries processed) 47 percent complete. (308150 of 358338 index entries processed) 47 percent complete. (308383 of 358338 index entries processed) 47 percent complete. (309543 of 358338 index entries processed) 47 percent complete. (309585 of 358338 index entries processed) 47 percent complete. (309616 of 358338 index entries processed) 47 percent complete. (309657 of 358338 index entries processed) 47 percent complete. (309760 of 358338 index entries processed) 47 percent complete. (309780 of 358338 index entries processed) 47 percent complete. (309807 of 358338 index entries processed) 47 percent complete. (309888 of 358338 index entries processed) 47 percent complete. (310090 of 358338 index entries processed) 47 percent complete. (310182 of 358338 index entries processed) 47 percent complete. (310327 of 358338 index entries processed) 47 percent complete. (310602 of 358338 index entries processed) 47 percent complete. (310850 of 358338 index entries processed) 47 percent complete. (311002 of 358338 index entries processed) 47 percent complete. (311141 of 358338 index entries processed) 47 percent complete. (311251 of 358338 index entries processed) 47 percent complete. (311432 of 358338 index entries processed) 47 percent complete. (311557 of 358338 index entries processed) 47 percent complete. (311675 of 358338 index entries processed) 47 percent complete. (311802 of 358338 index entries processed) 47 percent complete. (311897 of 358338 index entries processed) 47 percent complete. (312005 of 358338 index entries processed) 47 percent complete. (312088 of 358338 index entries processed) 47 percent complete. (312225 of 358338 index entries processed) 47 percent complete. (312428 of 358338 index entries processed) 47 percent complete. (312538 of 358338 index entries processed) 47 percent complete. (312665 of 358338 index entries processed) 47 percent complete. (313493 of 358338 index entries processed) 48 percent complete. (313529 of 358338 index entries processed) 48 percent complete. (313854 of 358338 index entries processed) 48 percent complete. (314120 of 358338 index entries processed) 48 percent complete. (314519 of 358338 index entries processed) 48 percent complete. (314770 of 358338 index entries processed) 48 percent complete. (314874 of 358338 index entries processed) 48 percent complete. (315130 of 358338 index entries processed) 48 percent complete. (315385 of 358338 index entries processed) 48 percent complete. (315597 of 358338 index entries processed) 48 percent complete. (315782 of 358338 index entries processed) 48 percent complete. (316281 of 358338 index entries processed) 48 percent complete. (316591 of 358338 index entries processed) 48 percent complete. (316746 of 358338 index entries processed) 48 percent complete. (316936 of 358338 index entries processed) 48 percent complete. (317137 of 358338 index entries processed) 48 percent complete. (317346 of 358338 index entries processed) 48 percent complete. (317766 of 358338 index entries processed) 48 percent complete. (318744 of 358338 index entries processed) 48 percent complete. (318916 of 358338 index entries processed) 48 percent complete. (319134 of 358338 index entries processed) 48 percent complete. (319311 of 358338 index entries processed) 48 percent complete. (319509 of 358338 index entries processed) 48 percent complete. (319626 of 358338 index entries processed) 48 percent complete. (319798 of 358338 index entries processed) 48 percent complete. (319995 of 358338 index entries processed) 48 percent complete. (320261 of 358338 index entries processed) 48 percent complete. (320423 of 358338 index entries processed) 48 percent complete. (320763 of 358338 index entries processed) 48 percent complete. (320935 of 358338 index entries processed) 48 percent complete. (321135 of 358338 index entries processed) 48 percent complete. (321269 of 358338 index entries processed) 48 percent complete. (321480 of 358338 index entries processed) 48 percent complete. (321677 of 358338 index entries processed) 49 percent complete. (321789 of 358338 index entries processed) 49 percent complete. (321872 of 358338 index entries processed) 49 percent complete. (321909 of 358338 index entries processed) 49 percent complete. (321945 of 358338 index entries processed) 49 percent complete. (321980 of 358338 index entries processed) 49 percent complete. (322050 of 358338 index entries processed) 49 percent complete. (322072 of 358338 index entries processed) 49 percent complete. (322112 of 358338 index entries processed) 49 percent complete. (322185 of 358338 index entries processed) 49 percent complete. (322289 of 358338 index entries processed) 49 percent complete. (322469 of 358338 index entries processed) 49 percent complete. (322612 of 358338 index entries processed) 49 percent complete. (322829 of 358338 index entries processed) 49 percent complete. (323056 of 358338 index entries processed) 49 percent complete. (323224 of 358338 index entries processed) 49 percent complete. (323399 of 358338 index entries processed) 49 percent complete. (323644 of 358338 index entries processed) 49 percent complete. (323848 of 358338 index entries processed) 49 percent complete. (324274 of 358338 index entries processed) 49 percent complete. (324439 of 358338 index entries processed) 49 percent complete. (324557 of 358338 index entries processed) 49 percent complete. (324608 of 358338 index entries processed) 49 percent complete. (324770 of 358338 index entries processed) 49 percent complete. (324917 of 358338 index entries processed) 49 percent complete. (325366 of 358338 index entries processed) 49 percent complete. (325983 of 358338 index entries processed) 358338 index entries processed. Index verification completed. 0 unindexed files processed. CHKDSK is verifying security descriptors (stage 3 of 3)...53 percent complete. (0 of 294144 descriptors processed) 53 percent complete. (13389 of 294144 descriptors processed) 54 percent complete. (14242 of 294144 descriptors processed) 55 percent complete. (39020 of 294144 descriptors processed) 56 percent complete. (63799 of 294144 descriptors processed) 57 percent complete. (88577 of 294144 descriptors processed) 58 percent complete. (113355 of 294144 descriptors processed) 59 percent complete. (138133 of 294144 descriptors processed) 60 percent complete. (162911 of 294144 descriptors processed) 61 percent complete. (187690 of 294144 descriptors processed) 62 percent complete. (212468 of 294144 descriptors processed) 63 percent complete. (237246 of 294144 descriptors processed) 64 percent complete. (262024 of 294144 descriptors processed) 65 percent complete. (286802 of 294144 descriptors processed) 294144 security descriptors processed. Security descriptor verification completed. 32098 data files processed. CHKDSK is verifying Usn Journal...99 percent complete. (0 of 36617416 USN bytes processed) 99 percent complete. (15339520 of 36617416 USN bytes processed) 99 percent complete. (29495296 of 36617416 USN bytes processed) 100 percent complete. (36610048 of 36617416 USN bytes processed) 36617416 USN bytes processed. Usn Journal verification completed.Windows has checked the file system and found no problems. 472592383 KB total disk space. 186679156 KB in 234963 files. 121708 KB in 32099 indexes. 0 KB in bad sectors. 423659 KB in use by the system. 65536 KB occupied by the log file. 285367860 KB available on disk. 4096 bytes in each allocation unit. 118148095 total allocation units on disk. 71341965 allocation units available on disk. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 22, 2011 Staff ID:487992 Share Posted October 22, 2011 Hi,My apologies for the delay.Please grab fresh copies of ComboFix and TDSSKiller, run them, and post their logs. Link to post Share on other sites More sharing options...
Len2121 Posted October 25, 2011 Author ID:488708 Share Posted October 25, 2011 ComboFix 11-10-24.05 - Admin 10/24/2011 21:51:28.3.4 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1614 [GMT -7:00]Running from: c:\users\Carroll\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA0812FD-0B30-403C-AD65-1CF6727E3A10}.xpsc:\users\Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD58AEC7-3FCD-42BF-984A-D2739C5B6D38}.xps..((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))..2011-10-25 05:01 . 2011-10-25 05:02 -------- d-----w- c:\users\Admin\AppData\Local\temp2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Public\AppData\Local\temp2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Guest\AppData\Local\temp2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Caylen\AppData\Local\temp2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Carroll\AppData\Local\temp2011-10-24 19:13 . 2011-10-24 19:13 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\MpKsl9ee4e23e.sys2011-10-24 19:13 . 2011-10-24 19:13 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\offreg.dll2011-10-24 19:13 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\mpengine.dll2011-10-21 06:26 . 2011-10-21 06:26 -------- d-----w- c:\users\Carroll\AppData\Roaming\SUPERAntiSpyware.com2011-10-21 06:25 . 2011-10-21 06:26 -------- d-----w- c:\program files\SUPERAntiSpyware2011-10-21 06:25 . 2011-10-21 06:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2011-10-18 10:29 . 2011-10-18 10:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-18 10:28 . 2011-10-18 10:28 -------- d-----w- c:\program files\Common Files\Java2011-10-18 10:26 . 2011-10-18 10:26 -------- d-----w- c:\program files\Java2011-10-13 01:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll2011-10-13 01:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax2011-10-13 01:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax2011-10-13 01:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-10-13 01:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys2011-10-13 01:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat2011-10-13 01:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-13 01:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll2011-10-13 01:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll2011-10-13 01:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-10-11 07:33 . 2011-10-11 07:32 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{045E4158-F032-4513-AB4A-D34AB2EC0CF4}\gapaengine.dll2011-10-07 07:20 . 2011-10-07 07:20 -------- d-----w- c:\users\Caylen\AppData\Roaming\Malwarebytes2011-10-07 07:08 . 2011-10-07 07:08 -------- d--h--w- c:\windows\PIF2011-10-07 05:17 . 2011-10-07 05:17 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-18 10:26 . 2011-09-20 09:15 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-07 03:48 . 2011-05-22 09:14 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-09-01 00:00 . 2011-06-08 07:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-31 06:40 . 2011-08-31 06:40 691 ----a-w- c:\users\Admin\AppData\Roaming\GetValue.vbs2011-08-31 06:40 . 2011-08-31 06:40 35 ----a-w- c:\users\Admin\AppData\Roaming\SetValue.bat2011-08-30 06:45 . 2011-08-30 07:20 1916416 ----a-w- C:\aswMBR.exe2011-08-30 04:22 . 2011-08-30 05:05 302592 ----a-w- C:\o2chis5c.exe2011-08-29 07:11 . 2011-08-29 07:10 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys2011-08-29 07:10 . 2011-04-18 01:51 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys2011-08-29 07:10 . 2011-08-29 07:10 600928 ----a-w- c:\windows\system32\drivers\timntr.sys2011-08-29 07:10 . 2009-10-24 08:34 170528 ----a-w- c:\windows\system32\drivers\snapman.sys2011-08-12 02:44 . 2011-08-24 17:59 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5550840]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-11 2536440]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-28 394832]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696].c:\users\Carroll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712].c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-7 813584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754314201-960120119-4017272859-1000]"EnableNotificationsRef"=dword:00000002.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]R2 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-08-29 752128]S1 MpKsl9ee4e23e;MpKsl9ee4e23e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\MpKsl9ee4e23e.sys [2011-10-24 28752]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-29 3246040]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-08-29 167968]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-03-30 97808]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSL955436CF*NewlyCreated* - MPKSL9C0D9055*NewlyCreated* - MPKSL9EE4E23E*NewlyCreated* - MPKSLE9ABC97A*Deregistered* - MpKsl955436cf*Deregistered* - MpKsl9c0d9055*Deregistered* - MpKsle9abc97a.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12LocalServiceAndNoImpersonation REG_MULTI_SZ FontCachetermlfsvc REG_MULTI_SZ hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29].2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29].2011-10-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31].2011-10-25 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105LSP: c:\windows\system32\wpclsp.dllTCP: DhcpNameServer = 192.168.1.254..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-24 22:02Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... ..c:\users\Admin\AppData\Local\Temp\catchme.dll 53248 bytes executable.scan completed successfullyhidden files: 1.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(1564)c:\program files\Logitech\SetPoint\lgscroll.dll.Completion time: 2011-10-24 22:05:36ComboFix-quarantined-files.txt 2011-10-25 05:05ComboFix2.txt 2011-10-07 06:10ComboFix3.txt 2011-09-28 06:13ComboFix4.txt 2011-09-14 05:22.Pre-Run: 298,761,576,448 bytes freePost-Run: 298,793,975,808 bytes free.- - End Of File - - 2C73EB8E0D130442DDA55E473A23DE2822:23:07.0657 5948 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:4822:23:07.0824 5948 ============================================================22:23:07.0824 5948 Current date / time: 2011/10/24 22:23:07.082422:23:07.0824 5948 SystemInfo:22:23:07.0825 5948 22:23:07.0825 5948 OS Version: 6.0.6002 ServicePack: 2.022:23:07.0825 5948 Product type: Workstation22:23:07.0825 5948 ComputerName: CARROLL-PC22:23:07.0825 5948 UserName: Admin22:23:07.0825 5948 Windows directory: C:\Windows22:23:07.0825 5948 System windows directory: C:\Windows22:23:07.0825 5948 Processor architecture: Intel x8622:23:07.0825 5948 Number of processors: 422:23:07.0825 5948 Page size: 0x100022:23:07.0825 5948 Boot type: Normal boot22:23:07.0825 5948 ============================================================22:23:11.0789 5948 Initialize success22:23:29.0468 1796 ============================================================22:23:29.0468 1796 Scan started22:23:29.0468 1796 Mode: Manual; 22:23:29.0468 1796 ============================================================22:23:32.0729 1796 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys22:23:32.0745 1796 ACPI - ok22:23:32.0971 1796 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys22:23:33.0048 1796 adp94xx - ok22:23:33.0467 1796 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys22:23:33.0524 1796 adpahci - ok22:23:33.0642 1796 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys22:23:33.0676 1796 adpu160m - ok22:23:34.0049 1796 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys22:23:34.0063 1796 adpu320 - ok22:23:34.0453 1796 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys22:23:34.0488 1796 afcdp - ok22:23:34.0828 1796 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys22:23:34.0895 1796 AFD - ok22:23:35.0423 1796 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys22:23:35.0445 1796 agp440 - ok22:23:35.0710 1796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys22:23:35.0776 1796 aic78xx - ok22:23:36.0012 1796 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys22:23:36.0013 1796 aliide - ok22:23:36.0417 1796 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys22:23:36.0444 1796 amdagp - ok22:23:36.0797 1796 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys22:23:36.0799 1796 amdide - ok22:23:36.0981 1796 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys22:23:36.0982 1796 AmdK7 - ok22:23:37.0077 1796 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys22:23:37.0090 1796 AmdK8 - ok22:23:40.0204 1796 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys22:23:43.0443 1796 amdkmdag - ok22:23:44.0002 1796 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys22:23:44.0085 1796 amdkmdap - ok22:23:44.0846 1796 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys22:23:44.0853 1796 arc - ok22:23:45.0085 1796 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys22:23:45.0087 1796 arcsas - ok22:23:45.0311 1796 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys22:23:45.0338 1796 AsyncMac - ok22:23:45.0741 1796 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys22:23:45.0742 1796 atapi - ok22:23:46.0321 1796 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys22:23:46.0361 1796 AtiHDAudioService - ok22:23:48.0403 1796 atikmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys22:23:48.0467 1796 atikmdag - ok22:23:49.0005 1796 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys22:23:49.0035 1796 Beep - ok22:23:49.0533 1796 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys22:23:49.0549 1796 blbdrive - ok22:23:50.0310 1796 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys22:23:50.0316 1796 bowser - ok22:23:50.0540 1796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys22:23:50.0573 1796 BrFiltLo - ok22:23:50.0820 1796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys22:23:50.0860 1796 BrFiltUp - ok22:23:51.0059 1796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys22:23:51.0076 1796 Brserid - ok22:23:51.0449 1796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys22:23:51.0462 1796 BrSerWdm - ok22:23:51.0702 1796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys22:23:51.0723 1796 BrUsbMdm - ok22:23:52.0165 1796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys22:23:52.0183 1796 BrUsbSer - ok22:23:52.0463 1796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys22:23:52.0483 1796 BTHMODEM - ok22:23:52.0826 1796 catchme - ok22:23:53.0234 1796 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys22:23:53.0246 1796 cdfs - ok22:23:53.0387 1796 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys22:23:53.0414 1796 cdrom - ok22:23:53.0700 1796 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys22:23:53.0716 1796 circlass - ok22:23:53.0830 1796 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys22:23:53.0852 1796 CLFS - ok22:23:54.0340 1796 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys22:23:54.0353 1796 cmdide - ok22:23:54.0475 1796 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys22:23:54.0489 1796 Compbatt - ok22:23:54.0874 1796 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys22:23:54.0882 1796 crcdisk - ok22:23:54.0942 1796 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys22:23:54.0958 1796 Crusoe - ok22:23:55.0186 1796 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys22:23:55.0210 1796 DfsC - ok22:23:55.0656 1796 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys22:23:55.0678 1796 disk - ok22:23:55.0855 1796 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys22:23:55.0917 1796 Dot4 - ok22:23:56.0333 1796 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys22:23:56.0355 1796 Dot4Print - ok22:23:56.0495 1796 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys22:23:56.0521 1796 dot4usb - ok22:23:56.0986 1796 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys22:23:56.0999 1796 drmkaud - ok22:23:57.0403 1796 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys22:23:57.0458 1796 DXGKrnl - ok22:23:57.0770 1796 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys22:23:57.0793 1796 e1express - ok22:23:57.0833 1796 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys22:23:57.0844 1796 E1G60 - ok22:23:58.0116 1796 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys22:23:58.0152 1796 Ecache - ok22:23:58.0278 1796 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys22:23:58.0283 1796 elxstor - ok22:23:58.0309 1796 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys22:23:58.0310 1796 ErrDev - ok22:23:58.0399 1796 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys22:23:58.0404 1796 exfat - ok22:23:58.0838 1796 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys22:23:58.0841 1796 fastfat - ok22:23:58.0925 1796 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys22:23:58.0935 1796 fdc - ok22:23:58.0984 1796 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys22:23:59.0009 1796 FileInfo - ok22:23:59.0059 1796 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys22:23:59.0079 1796 Filetrace - ok22:23:59.0101 1796 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys22:23:59.0102 1796 flpydisk - ok22:23:59.0281 1796 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys22:23:59.0284 1796 FltMgr - ok22:23:59.0489 1796 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys22:23:59.0513 1796 Fs_Rec - ok22:23:59.0929 1796 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys22:23:59.0930 1796 gagp30kx - ok22:24:00.0047 1796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys22:24:00.0069 1796 GEARAspiWDM - ok22:24:00.0501 1796 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys22:24:00.0535 1796 HdAudAddService - ok22:24:00.0742 1796 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys22:24:00.0776 1796 HDAudBus - ok22:24:01.0196 1796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys22:24:01.0215 1796 HidBth - ok22:24:01.0491 1796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys22:24:01.0504 1796 HidIr - ok22:24:02.0084 1796 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys22:24:02.0112 1796 HidUsb - ok22:24:02.0444 1796 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys22:24:02.0455 1796 HpCISSs - ok22:24:02.0750 1796 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys22:24:02.0777 1796 HTTP - ok22:24:03.0083 1796 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys22:24:03.0096 1796 i2omp - ok22:24:03.0261 1796 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys22:24:03.0278 1796 i8042prt - ok22:24:03.0854 1796 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys22:24:03.0888 1796 iaStor - ok22:24:04.0141 1796 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys22:24:04.0168 1796 iaStorV - ok22:24:04.0355 1796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys22:24:04.0366 1796 iirsp - ok22:24:04.0527 1796 IntcAzAudAddService - ok22:24:04.0728 1796 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys22:24:04.0741 1796 intelide - ok22:24:04.0836 1796 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys22:24:04.0837 1796 intelppm - ok22:24:05.0044 1796 IpInIp - ok22:24:05.0080 1796 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys22:24:05.0092 1796 IPMIDRV - ok22:24:05.0224 1796 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys22:24:05.0226 1796 IPNAT - ok22:24:05.0373 1796 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys22:24:05.0389 1796 IRENUM - ok22:24:05.0548 1796 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys22:24:05.0563 1796 isapnp - ok22:24:05.0816 1796 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys22:24:05.0839 1796 iScsiPrt - ok22:24:06.0071 1796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys22:24:06.0087 1796 iteatapi - ok22:24:06.0236 1796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys22:24:06.0238 1796 iteraid - ok22:24:06.0296 1796 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys22:24:06.0297 1796 kbdclass - ok22:24:06.0797 1796 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys22:24:06.0817 1796 kbdhid - ok22:24:07.0054 1796 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys22:24:07.0061 1796 KSecDD - ok22:24:07.0505 1796 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys22:24:07.0516 1796 LHidFilt - ok22:24:07.0632 1796 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys22:24:07.0633 1796 lltdio - ok22:24:08.0182 1796 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys22:24:08.0193 1796 LMouFilt - ok22:24:08.0431 1796 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys22:24:08.0449 1796 LSI_FC - ok22:24:08.0736 1796 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys22:24:08.0750 1796 LSI_SAS - ok22:24:08.0933 1796 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys22:24:08.0972 1796 LSI_SCSI - ok22:24:09.0443 1796 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys22:24:09.0445 1796 luafv - ok22:24:09.0923 1796 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys22:24:09.0944 1796 MBAMProtector - ok22:24:10.0116 1796 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys22:24:10.0132 1796 megasas - ok22:24:10.0440 1796 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys22:24:10.0458 1796 MegaSR - ok22:24:10.0585 1796 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys22:24:10.0624 1796 Modem - ok22:24:10.0942 1796 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys22:24:10.0942 1796 monitor - ok22:24:11.0044 1796 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys22:24:11.0092 1796 mouclass - ok22:24:11.0475 1796 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys22:24:11.0500 1796 mouhid - ok22:24:11.0695 1796 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys22:24:11.0741 1796 MountMgr - ok22:24:12.0412 1796 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys22:24:12.0580 1796 MpFilter - ok22:24:12.0909 1796 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys22:24:12.0952 1796 mpio - ok22:24:13.0539 1796 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys22:24:13.0573 1796 MpNWMon - ok22:24:13.0976 1796 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys22:24:14.0003 1796 mpsdrv - ok22:24:14.0086 1796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys22:24:14.0088 1796 Mraid35x - ok22:24:14.0202 1796 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys22:24:14.0227 1796 MRxDAV - ok22:24:14.0729 1796 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys22:24:14.0755 1796 mrxsmb - ok22:24:15.0731 1796 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys22:24:15.0872 1796 mrxsmb10 - ok22:24:16.0302 1796 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys22:24:16.0358 1796 mrxsmb20 - ok22:24:16.0761 1796 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys22:24:16.0786 1796 msahci - ok22:24:16.0904 1796 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys22:24:16.0933 1796 msdsm - ok22:24:17.0513 1796 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys22:24:17.0514 1796 Msfs - ok22:24:18.0252 1796 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys22:24:18.0354 1796 msisadrv - ok22:24:18.0564 1796 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys22:24:18.0565 1796 MSKSSRV - ok22:24:19.0051 1796 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys22:24:19.0077 1796 MSPCLOCK - ok22:24:19.0184 1796 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys22:24:19.0185 1796 MSPQM - ok22:24:19.0657 1796 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys22:24:19.0823 1796 MsRPC - ok22:24:20.0402 1796 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys22:24:20.0402 1796 mssmbios - ok22:24:21.0052 1796 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys22:24:21.0075 1796 MSTEE - ok22:24:21.0551 1796 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys22:24:21.0572 1796 Mup - ok22:24:21.0813 1796 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys22:24:21.0836 1796 NativeWifiP - ok22:24:22.0780 1796 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys22:24:23.0301 1796 NDIS - ok22:24:24.0136 1796 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys22:24:24.0159 1796 NdisTapi - ok22:24:24.0358 1796 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys22:24:24.0383 1796 Ndisuio - ok22:24:24.0894 1796 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys22:24:24.0927 1796 NdisWan - ok22:24:25.0449 1796 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys22:24:25.0474 1796 NDProxy - ok22:24:25.0953 1796 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys22:24:25.0975 1796 NetBIOS - ok22:24:26.0214 1796 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys22:24:26.0256 1796 netbt - ok22:24:26.0568 1796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys22:24:26.0608 1796 nfrd960 - ok22:24:26.0815 1796 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys22:24:26.0860 1796 NisDrv - ok22:24:27.0122 1796 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys22:24:27.0148 1796 Npfs - ok22:24:27.0271 1796 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys22:24:27.0272 1796 nsiproxy - ok22:24:27.0497 1796 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys22:24:27.0619 1796 Ntfs - ok22:24:27.0783 1796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys22:24:27.0784 1796 ntrigdigi - ok22:24:27.0792 1796 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys22:24:27.0793 1796 Null - ok22:24:27.0860 1796 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys22:24:27.0877 1796 nvraid - ok22:24:27.0924 1796 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys22:24:27.0942 1796 nvstor - ok22:24:28.0385 1796 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys22:24:28.0401 1796 nv_agp - ok22:24:28.0417 1796 NwlnkFlt - ok22:24:28.0486 1796 NwlnkFwd - ok22:24:28.0921 1796 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys22:24:28.0922 1796 ohci1394 - ok22:24:29.0193 1796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys22:24:29.0212 1796 Parport - ok22:24:29.0641 1796 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys22:24:29.0672 1796 partmgr - ok22:24:30.0296 1796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys22:24:30.0330 1796 Parvdm - ok22:24:30.0698 1796 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys22:24:30.0703 1796 pci - ok22:24:31.0060 1796 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys22:24:31.0087 1796 pciide - ok22:24:31.0443 1796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys22:24:31.0480 1796 pcmcia - ok22:24:32.0032 1796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys22:24:32.0097 1796 PEAUTH - ok22:24:32.0505 1796 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys22:24:32.0532 1796 PptpMiniport - ok22:24:32.0629 1796 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys22:24:32.0630 1796 Processor - ok22:24:32.0988 1796 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys22:24:33.0013 1796 PSched - ok22:24:33.0197 1796 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys22:24:33.0226 1796 PxHelp20 - ok22:24:33.0681 1796 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys22:24:33.0724 1796 ql2300 - ok22:24:33.0986 1796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys22:24:33.0988 1796 ql40xx - ok22:24:34.0036 1796 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys22:24:34.0037 1796 QWAVEdrv - ok22:24:34.0787 1796 R300 (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys22:24:34.0852 1796 R300 - ok22:24:34.0945 1796 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys22:24:34.0946 1796 RasAcd - ok22:24:34.0966 1796 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys22:24:34.0967 1796 Rasl2tp - ok22:24:35.0033 1796 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys22:24:35.0034 1796 RasPppoe - ok22:24:35.0078 1796 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys22:24:35.0080 1796 RasSstp - ok22:24:35.0124 1796 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys22:24:35.0128 1796 rdbss - ok22:24:35.0166 1796 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys22:24:35.0189 1796 RDPCDD - ok22:24:35.0243 1796 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys22:24:35.0247 1796 rdpdr - ok22:24:35.0266 1796 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys22:24:35.0267 1796 RDPENCDD - ok22:24:35.0339 1796 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys22:24:35.0345 1796 RDPWD - ok22:24:35.0367 1796 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys22:24:35.0369 1796 rspndr - ok22:24:35.0483 1796 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys22:24:35.0493 1796 RTL8169 - ok22:24:35.0652 1796 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS22:24:35.0653 1796 SASDIFSV - ok22:24:35.0713 1796 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS22:24:35.0715 1796 SASKUTIL - ok22:24:35.0753 1796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys22:24:35.0765 1796 sbp2port - ok22:24:35.0853 1796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys22:24:35.0855 1796 secdrv - ok22:24:35.0875 1796 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys22:24:35.0876 1796 Serenum - ok22:24:35.0915 1796 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys22:24:35.0917 1796 Serial - ok22:24:35.0947 1796 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys22:24:35.0949 1796 sermouse - ok22:24:35.0973 1796 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys22:24:35.0974 1796 sffdisk - ok22:24:35.0991 1796 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys22:24:35.0992 1796 sffp_mmc - ok22:24:36.0028 1796 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys22:24:36.0029 1796 sffp_sd - ok22:24:36.0085 1796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys22:24:36.0086 1796 sfloppy - ok22:24:36.0112 1796 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys22:24:36.0114 1796 sisagp - ok22:24:36.0131 1796 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys22:24:36.0133 1796 SiSRaid2 - ok22:24:36.0165 1796 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys22:24:36.0177 1796 SiSRaid4 - ok22:24:36.0238 1796 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys22:24:36.0239 1796 Smb - ok22:24:36.0320 1796 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys22:24:36.0330 1796 snapman - ok22:24:36.0460 1796 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys22:24:36.0462 1796 spldr - ok22:24:36.0600 1796 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys22:24:36.0626 1796 srv - ok22:24:36.0700 1796 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys22:24:36.0703 1796 srv2 - ok22:24:36.0711 1796 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys22:24:36.0713 1796 srvnet - ok22:24:36.0774 1796 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys22:24:36.0775 1796 swenum - ok22:24:36.0792 1796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys22:24:36.0794 1796 Symc8xx - ok22:24:36.0873 1796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys22:24:36.0899 1796 Sym_hi - ok22:24:36.0931 1796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys22:24:36.0933 1796 Sym_u3 - ok22:24:37.0013 1796 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys22:24:37.0025 1796 Tcpip - ok22:24:37.0056 1796 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys22:24:37.0063 1796 Tcpip6 - ok22:24:37.0116 1796 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys22:24:37.0118 1796 tcpipreg - ok22:24:37.0397 1796 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys22:24:37.0398 1796 TDPIPE - ok22:24:37.0546 1796 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys22:24:37.0556 1796 tdrpman273 - ok22:24:37.0588 1796 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys22:24:37.0589 1796 TDTCP - ok22:24:37.0664 1796 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys22:24:37.0675 1796 tdx - ok22:24:37.0712 1796 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys22:24:37.0714 1796 TermDD - ok22:24:37.0787 1796 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys22:24:37.0789 1796 tifsfilter - ok22:24:37.0928 1796 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys22:24:37.0941 1796 timounter - ok22:24:38.0013 1796 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys22:24:38.0014 1796 tssecsrv - ok22:24:38.0036 1796 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys22:24:38.0037 1796 tunmp - ok22:24:38.0095 1796 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys22:24:38.0097 1796 tunnel - ok22:24:38.0118 1796 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys22:24:38.0120 1796 uagp35 - ok22:24:38.0186 1796 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys22:24:38.0190 1796 udfs - ok22:24:38.0298 1796 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys22:24:38.0300 1796 uliagpkx - ok22:24:38.0341 1796 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys22:24:38.0369 1796 uliahci - ok22:24:38.0414 1796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys22:24:38.0416 1796 UlSata - ok22:24:38.0476 1796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys22:24:38.0498 1796 ulsata2 - ok22:24:38.0515 1796 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys22:24:38.0517 1796 umbus - ok22:24:38.0623 1796 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys22:24:38.0625 1796 usbaudio - ok22:24:38.0707 1796 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys22:24:38.0709 1796 usbccgp - ok22:24:38.0760 1796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys22:24:38.0762 1796 usbcir - ok22:24:38.0834 1796 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys22:24:38.0835 1796 usbehci - ok22:24:38.0988 1796 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys22:24:38.0991 1796 usbhub - ok22:24:39.0060 1796 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys22:24:39.0062 1796 usbohci - ok22:24:39.0098 1796 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys22:24:39.0099 1796 usbprint - ok22:24:39.0170 1796 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys22:24:39.0172 1796 usbscan - ok22:24:39.0197 1796 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS22:24:39.0198 1796 USBSTOR - ok22:24:39.0213 1796 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys22:24:39.0224 1796 usbuhci - ok22:24:39.0300 1796 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys22:24:39.0322 1796 vga - ok22:24:39.0356 1796 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys22:24:39.0377 1796 VgaSave - ok22:24:39.0421 1796 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys22:24:39.0423 1796 viaagp - ok22:24:39.0449 1796 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys22:24:39.0450 1796 ViaC7 - ok22:24:39.0483 1796 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys22:24:39.0485 1796 viaide - ok22:24:39.0500 1796 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys22:24:39.0502 1796 volmgr - ok22:24:39.0578 1796 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys22:24:39.0582 1796 volmgrx - ok22:24:39.0647 1796 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys22:24:39.0680 1796 volsnap - ok22:24:39.0847 1796 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys22:24:39.0873 1796 vsmraid - ok22:24:40.0238 1796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys22:24:40.0269 1796 WacomPen - ok22:24:40.0384 1796 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys22:24:40.0412 1796 Wanarp - ok22:24:40.0416 1796 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys22:24:40.0417 1796 Wanarpv6 - ok22:24:40.0579 1796 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys22:24:40.0608 1796 Wd - ok22:24:40.0941 1796 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys22:24:41.0008 1796 Wdf01000 - ok22:24:41.0706 1796 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys22:24:41.0763 1796 WmiAcpi - ok22:24:42.0236 1796 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys22:24:42.0275 1796 WpdUsb - ok22:24:42.0647 1796 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys22:24:42.0668 1796 ws2ifsl - ok22:24:43.0156 1796 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys22:24:43.0158 1796 WUDFRd - ok22:24:43.0242 1796 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR022:24:43.0309 1796 \Device\Harddisk0\DR0 - ok22:24:43.0359 1796 Boot (0x1200) (112daeb0f664b6bc662155f6433f062a) \Device\Harddisk0\DR0\Partition022:24:43.0386 1796 \Device\Harddisk0\DR0\Partition0 - ok22:24:43.0398 1796 Boot (0x1200) (6f2987e9589b6d803a6a2aec082524d2) \Device\Harddisk0\DR0\Partition122:24:43.0399 1796 \Device\Harddisk0\DR0\Partition1 - ok22:24:43.0399 1796 ============================================================22:24:43.0399 1796 Scan finished22:24:43.0399 1796 ============================================================22:24:43.0409 5356 Detected object count: 022:24:43.0409 5356 Actual detected object count: 0 Link to post Share on other sites More sharing options...
Recommended Posts