Jump to content

backdoor.bot


Recommended Posts

Hi - mbam finds c:\windows\system\svchost.exe infected with backdoor.bot. Successfully quarantines but appears again after reboot.

Thanks for your help!

Len

Here is DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Admin at 22:38:00 on 2011-08-30

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1744 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k termlfsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\mobsync.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\windows\system32\wpclsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F122BA81-ACD5-4D61-AF47-A651FCC98B43} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

AppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\GOEC62~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-17 752128]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKslc1d8dcd6;MpKslc1d8dcd6;c:\programdata\microsoft\microsoft antimalware\definition updates\{7843a5f6-2b02-47eb-8b65-a342424b16cd}\MpKslc1d8dcd6.sys [2011-8-30 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-8-29 3246040]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-7 176128]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-22 366640]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-9-4 27648]

R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termlfsvc [2008-1-20 21504]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-8-29 167968]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-7 8312832]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-7 244736]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-3-30 97808]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22712]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-4 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-22 41272]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-4 27192]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-08-31 05:22:00 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7843a5f6-2b02-47eb-8b65-a342424b16cd}\MpKslc1d8dcd6.sys

2011-08-31 05:21:53 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7843a5f6-2b02-47eb-8b65-a342424b16cd}\mpengine.dll

2011-08-31 05:21:44 7680 ----a-w- c:\windows\system\svchost.exe

2011-08-30 10:59:32 -------- d-----w- c:\users\admin\appdata\local\temp

2011-08-30 10:49:14 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-30 10:28:44 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe

2011-08-30 10:28:43 4189688 ------r- C:\ComboFix.exe

2011-08-30 09:57:51 -------- d-----w- c:\users\admin\appdata\roaming\SUPERAntiSpyware.com

2011-08-30 07:21:47 512 ----a-w- C:\MBR.dat.vir

2011-08-30 07:20:33 1916416 ----a-w- C:\aswMBR.exe

2011-08-30 05:05:46 302592 ----a-w- C:\o2chis5c.exe

2011-08-29 07:10:58 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-08-29 07:10:58 -------- d-----w- c:\users\admin\appdata\roaming\1F1C8B12-A5DA-4288-B01E-DC977B44C3B9

2011-08-29 07:10:44 600928 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-08-29 01:52:36 -------- d-----w- c:\program files\ESET

2011-08-28 19:26:23 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-08-28 19:06:09 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-08-28 17:09:19 -------- d-----w- c:\windows\pss

2011-08-28 16:53:41 -------- d-----w- c:\program files\iPod

2011-08-28 16:53:39 -------- d-----w- c:\program files\iTunes

2011-08-28 16:43:35 -------- d-----w- c:\program files\AMD APP

2011-08-28 16:40:01 218624 ----a-w- c:\windows\system32\tercdw32.dll

2011-08-24 18:02:40 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 17:59:55 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-08-10 19:29:53 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-08-10 19:29:52 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 19:29:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-08-10 19:29:44 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 19:29:44 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 19:29:42 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 19:29:42 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-08-05 23:24:54 -------- d-----w- c:\users\admin\appdata\local\Apple Computer

2011-08-05 23:19:48 -------- d-----w- c:\program files\Bonjour

2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-08-05 23:17:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2011-08-29 07:10:48 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-08-29 07:10:15 170528 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-08-28 16:23:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 06:37:28 53760 ----a-w- c:\windows\system32\OVDecode.dll

2011-07-08 06:36:46 13904896 ----a-w- c:\windows\system32\amdocl.dll

2011-07-08 04:14:40 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-07-08 03:33:28 17940992 ----a-w- c:\windows\system32\atioglxx.dll

2011-07-08 03:29:54 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-07-08 03:29:44 689152 ----a-w- c:\windows\system32\aticfx32.dll

2011-07-08 03:25:48 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-07-08 03:25:20 401408 ----a-w- c:\windows\system32\atieclxx.exe

2011-07-08 03:24:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-07-08 03:23:40 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-07-08 03:23:26 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-07-08 03:23:14 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-07-08 03:23:06 15872 ----a-w- c:\windows\system32\atimuixx.dll

2011-07-08 03:22:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-07-08 03:19:50 4275712 ----a-w- c:\windows\system32\atidxx32.dll

2011-07-08 03:05:46 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-07-08 03:02:06 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-07-08 03:01:58 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-07-08 03:00:34 4367360 ----a-w- c:\windows\system32\atiumdag.dll

2011-07-08 02:58:52 6740480 ----a-w- c:\windows\system32\aticaldd.dll

2011-07-08 02:55:56 4039680 ----a-w- c:\windows\system32\atiumdva.dll

2011-07-08 02:54:28 52736 ----a-w- c:\windows\system32\coinst.dll

2011-07-08 02:47:34 266240 ----a-w- c:\windows\system32\atiadlxx.dll

2011-07-08 02:47:20 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-07-08 02:47:10 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-07-08 02:46:42 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-07-08 02:46:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-07-08 02:45:58 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-07-08 02:45:30 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2011-07-08 02:45:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-07-04 03:18:53 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-07-04 03:18:37 315392 ----a-w- c:\windows\HideWin.exe

2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe

2011-06-16 10:34:06 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll

2011-06-16 10:34:06 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll

2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 22:38:33.34 ===============

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7616

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

8/30/2011 11:29:32 PM

mbam-log-2011-08-30 (23-29-32).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 4 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\Windows\system\svchost.exe (Backdoor.Bot) -> 4488 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

=======================================================================================

Not sure if you wanted this mbam logfile or not (sorry if not):

00:28:52 Admin MESSAGE Protection started successfully

00:28:56 Admin MESSAGE IP Protection started successfully

00:29:12 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE

00:29:49 Admin ERROR Scheduled update failed: No address found failed with error code 11004

00:32:37 Admin MESSAGE IP Protection stopped

00:58:59 Admin ERROR Scheduled update failed: No address found failed with error code 11004

01:04:03 Admin MESSAGE IP Protection started successfully

01:20:42 Admin MESSAGE Protection started successfully

01:20:47 Admin MESSAGE IP Protection started successfully

01:21:24 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot ALLOW

01:34:07 Admin MESSAGE Protection started successfully

01:34:11 Admin MESSAGE IP Protection started successfully

01:34:15 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE

01:59:00 Admin ERROR Scheduled update failed: No address found failed with error code 11004

02:56:28 Admin MESSAGE Protection started successfully

02:56:32 Admin MESSAGE IP Protection started successfully

02:56:40 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE

02:57:48 Admin MESSAGE IP Protection stopped

02:59:00 Admin ERROR Scheduled update failed: No address found failed with error code 11004

03:17:11 Admin MESSAGE Protection started successfully

03:17:15 Admin MESSAGE IP Protection started successfully

03:19:27 Admin MESSAGE IP Protection stopped

03:27:02 Admin MESSAGE Protection started successfully

03:27:06 Admin MESSAGE IP Protection started successfully

03:28:12 Admin MESSAGE IP Protection stopped

03:58:59 Admin ERROR Scheduled update failed: No address found failed with error code 11004

04:08:34 Admin MESSAGE Protection started successfully

04:08:38 Admin MESSAGE IP Protection started successfully

04:11:07 (null) DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY

10:18:21 Admin MESSAGE Protection started successfully

10:18:25 Admin MESSAGE IP Protection started successfully

10:19:18 Admin ERROR Scheduled update failed: No address found failed with error code 11004

10:19:32 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE

10:19:45 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY

10:19:51 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY

10:20:00 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot DENY

10:21:27 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot ALLOW

21:59:14 Admin MESSAGE Protection started successfully

21:59:18 Admin MESSAGE IP Protection started successfully

22:00:12 Admin ERROR Scheduled update failed: No address found failed with error code 11004

22:00:26 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE

22:01:27 Admin MESSAGE IP Protection stopped

22:01:39 Admin DETECTION C:\WINDOWS\SYSTEM\SVCHOST.EXE Backdoor.Bot ALLOW

22:04:54 Admin MESSAGE Protection started successfully

22:04:58 Admin MESSAGE IP Protection started successfully

22:07:14 Admin MESSAGE IP Protection stopped

22:07:17 Admin MESSAGE Database updated successfully

22:07:18 Admin MESSAGE IP Protection started successfully

22:09:41 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot QUARANTINE

22:21:08 Admin MESSAGE Protection started successfully

22:21:12 Admin MESSAGE IP Protection started successfully

22:21:57 Admin DETECTION C:\Windows\system\svchost.exe Backdoor.Bot ALLOW

22:58:59 Admin ERROR Scheduled update failed: No address found failed with error code 11004

attach.zip

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • Staff

Okay.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi Chris,

Sorry for the delay. I was trying to battle it before giving up and reformatting. I placed my previous post right before I took the steps below. I think I might have been successful, but if you wouldn't mind verifying, I've included the logs you requested. For the benefit of others reading this post I thought I'd preface the logs with this info:

Mbam would always detect both a file and a memory resident infected svchost.exe in my \Windows\System directory, and they would return soon after quarantining. I watched my task manager processes carefully, sorted by cpu usage, and noticed that right before the infected files reappeared I saw that dllhost.exe appeared briefly, followed by svchost.exe.

I tried to compare the \Windows\System directory to the one in the recovery OS (in the recovery partition that came with this computer) and I noticed that there was no such directory. I'm not familiar with Vista, but from my experience with previous Windows versions I had expected to see a system dir, along with a system32 dir. As an experiment I renamed the Windows\System directory, and poof! No more backdoor.bot warnings.

I ran regedit searching for references to windows\system\. The one that stood out was this:

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]

"File0"="C:\\WINDOWS\\SYSTEM\\SVCHOST.EXE"

"File1"="C:\\WINDOWS\\SYSTEM\\SVCHOST.EXE"

I deleted that key. Since doing that and renaming the \windows\system directory the computer is running a lot faster and subsequent mbam scans have been clean. I haven't noticed anything non-functional since renaming the directory. I'm pretty sure that directory isn't supposed to be there, maybe someone else running Vista can confirm.

In the DSS attach log you'll notice lots of Event Viewer messages; these are probably all due to my having manually disabled lots of services in my troubleshooting I had forgotten to reenable until recently.

I'm attaching the combofix.txt as a zip because it was so large, along with the dss attach file.

And I'm sorry if I shouldn't have, but I had to uninstall combofix because I couldn't connect back to the internet to reply otherwise. Maybe that's an indication I still have a problem?

=============================================================================

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7711

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

9/13/2011 8:44:58 PM

mbam-log-2011-09-13 (20-44-58).txt

Scan type: Quick scan

Objects scanned: 165911

Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=============================================================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Admin at 21:12:06 on 2011-09-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1452 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Windows\System32\alg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dllhost.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\ehome\ehsched.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\Office14\GROOVE.EXE

C:\Windows\System32\msdtc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\locator.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\snmptrap.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

C:\Windows\System32\svchost.exe -k termlfsvc

C:\Windows\System32\vds.exe

C:\Windows\system32\svchost.exe -k wcssvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\iashost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\System32\mobsync.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\windows\system32\wpclsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F122BA81-ACD5-4D61-AF47-A651FCC98B43} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-17 752128]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKslf83a81e7;MpKslf83a81e7;c:\programdata\microsoft\microsoft antimalware\definition updates\{bd013b0d-ceb1-4336-88ba-dea396c74268}\MpKslf83a81e7.sys [2011-9-13 28752]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-8-29 3246040]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-7 176128]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-22 366152]

R2 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]

R2 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termlfsvc [2008-1-20 21504]

R2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-8-29 167968]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-7 8312832]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-7 244736]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-3-30 97808]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22216]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]

S2 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]

S2 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

.

=============== Created Last 30 ================

.

2011-09-13 10:25:02 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bd013b0d-ceb1-4336-88ba-dea396c74268}\MpKslf83a81e7.sys

2011-09-13 10:24:58 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bd013b0d-ceb1-4336-88ba-dea396c74268}\mpengine.dll

2011-09-13 10:05:09 -------- d-----w- c:\program files\common files\HP

2011-09-13 10:01:47 729088 ----a-w- c:\windows\system32\hpwwiax3.dll

2011-09-13 10:01:47 364544 ----a-w- c:\windows\system32\hppldcoi.dll

2011-09-13 10:01:47 294912 ----a-w- c:\windows\system32\hpovst11.dll

2011-09-13 10:01:47 271704 ----a-w- c:\windows\system32\hpzids01.dll

2011-09-13 09:35:56 -------- d-----w- c:\windows\Downloaded Installations

2011-09-13 07:46:46 970752 ----a-w- c:\windows\system32\hpwtiop3.dll

2011-09-13 06:42:47 274944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5jy.dll

2011-09-13 06:41:54 118272 ----a-w- c:\windows\system32\hpz3l5jy.dll

2011-09-13 06:41:47 -------- d-----w- c:\windows\braveheart

2011-09-13 05:44:34 -------- d-----w- c:\users\admin\appdata\local\HP

2011-09-09 04:45:00 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-09 04:44:58 -------- d-----w- c:\users\admin\appdata\local\temp

2011-09-08 04:53:58 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2011-09-08 04:53:57 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a30a5f8b-0062-4c87-90b5-303d48142112}\gapaengine.dll

2011-09-03 05:43:07 -------- d-----w- c:\users\admin\appdata\roaming\f-secure

2011-08-31 06:40:13 691 ----a-w- c:\users\admin\appdata\roaming\GetValue.vbs

2011-08-31 06:40:13 35 ----a-w- c:\users\admin\appdata\roaming\SetValue.bat

2011-08-30 10:28:44 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe

2011-08-30 07:20:33 1916416 ----a-w- C:\aswMBR.exe

2011-08-30 05:05:46 302592 ----a-w- C:\o2chis5c.exe

2011-08-29 07:10:58 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-08-29 07:10:58 -------- d-----w- c:\users\admin\appdata\roaming\1F1C8B12-A5DA-4288-B01E-DC977B44C3B9

2011-08-29 07:10:44 600928 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-08-29 01:52:36 -------- d-----w- c:\program files\ESET

2011-08-28 19:26:23 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-08-28 17:09:19 -------- d-----w- c:\windows\pss

2011-08-28 16:53:41 -------- d-----w- c:\program files\iPod

2011-08-28 16:53:39 -------- d-----w- c:\program files\iTunes

2011-08-28 16:43:35 -------- d-----w- c:\program files\AMD APP

2011-08-28 16:40:01 218624 ----a-w- c:\windows\system32\tercdw32.dll

2011-08-24 18:02:40 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 17:59:55 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

.

==================== Find3M ====================

.

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-29 07:10:48 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-08-29 07:10:15 170528 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-08-28 16:23:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-08 06:37:28 53760 ----a-w- c:\windows\system32\OVDecode.dll

2011-07-08 06:36:46 13904896 ----a-w- c:\windows\system32\amdocl.dll

2011-07-08 04:14:40 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-07-08 03:33:28 17940992 ----a-w- c:\windows\system32\atioglxx.dll

2011-07-08 03:29:54 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-07-08 03:29:44 689152 ----a-w- c:\windows\system32\aticfx32.dll

2011-07-08 03:25:48 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-07-08 03:25:20 401408 ----a-w- c:\windows\system32\atieclxx.exe

2011-07-08 03:24:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-07-08 03:23:40 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-07-08 03:23:26 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-07-08 03:23:14 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-07-08 03:23:06 15872 ----a-w- c:\windows\system32\atimuixx.dll

2011-07-08 03:22:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-07-08 03:19:50 4275712 ----a-w- c:\windows\system32\atidxx32.dll

2011-07-08 03:05:46 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-07-08 03:02:06 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-07-08 03:01:58 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-07-08 03:00:34 4367360 ----a-w- c:\windows\system32\atiumdag.dll

2011-07-08 02:58:52 6740480 ----a-w- c:\windows\system32\aticaldd.dll

2011-07-08 02:55:56 4039680 ----a-w- c:\windows\system32\atiumdva.dll

2011-07-08 02:54:28 52736 ----a-w- c:\windows\system32\coinst.dll

2011-07-08 02:47:34 266240 ----a-w- c:\windows\system32\atiadlxx.dll

2011-07-08 02:47:20 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-07-08 02:47:10 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-07-08 02:46:42 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-07-08 02:46:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-07-08 02:45:58 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-07-08 02:45:30 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2011-07-08 02:45:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-07-04 03:18:53 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-07-04 03:18:37 315392 ----a-w- c:\windows\HideWin.exe

2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe

2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-17 20:13:55 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-06-17 13:31:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-06-16 10:34:06 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll

2011-06-16 10:34:06 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll

.

============= FINISH: 21:12:39.48 ===========

ComboFix.zip

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

ESET also reported:

C:\Windows\System32\tercdw32.dll a variant of Win32/Wimpixo.AL trojan cleaned by deleting - quarantined

Results of screen317's Security Check version 0.99.18

Windows Vista Service Pack 2

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 5

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe

``````````End of Log````````````

mbam is still occasionally reporting:

Carroll IP-BLOCK 219.146.53.72 (Type: outgoing, Port: 49675, Process: svchost.exe)

Although I haven't rebooted since ESET cleaned the trojan it found. I'll do that and report back.

Thanks,

Len

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

21:30:36.0942 9780 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

21:30:37.0502 9780 ============================================================

21:30:37.0502 9780 Current date / time: 2011/09/25 21:30:37.0502

21:30:37.0503 9780 SystemInfo:

21:30:37.0503 9780

21:30:37.0503 9780 OS Version: 6.0.6002 ServicePack: 2.0

21:30:37.0503 9780 Product type: Workstation

21:30:37.0503 9780 ComputerName: CARROLL-PC

21:30:37.0503 9780 UserName: Admin

21:30:37.0503 9780 Windows directory: C:\Windows

21:30:37.0503 9780 System windows directory: C:\Windows

21:30:37.0503 9780 Processor architecture: Intel x86

21:30:37.0503 9780 Number of processors: 4

21:30:37.0503 9780 Page size: 0x1000

21:30:37.0503 9780 Boot type: Normal boot

21:30:37.0503 9780 ============================================================

21:30:40.0226 9780 Initialize success

21:30:52.0313 4672 ============================================================

21:30:52.0313 4672 Scan started

21:30:52.0313 4672 Mode: Manual;

21:30:52.0313 4672 ============================================================

21:30:55.0871 4672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:30:55.0873 4672 ACPI - ok

21:30:55.0961 4672 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

21:30:55.0980 4672 adp94xx - ok

21:30:56.0012 4672 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

21:30:56.0018 4672 adpahci - ok

21:30:56.0058 4672 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

21:30:56.0061 4672 adpu160m - ok

21:30:56.0083 4672 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

21:30:56.0096 4672 adpu320 - ok

21:30:56.0180 4672 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys

21:30:56.0183 4672 afcdp - ok

21:30:56.0279 4672 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

21:30:56.0284 4672 AFD - ok

21:30:56.0376 4672 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

21:30:56.0378 4672 agp440 - ok

21:30:56.0392 4672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:30:56.0394 4672 aic78xx - ok

21:30:56.0410 4672 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

21:30:56.0425 4672 aliide - ok

21:30:56.0475 4672 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

21:30:56.0477 4672 amdagp - ok

21:30:56.0495 4672 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

21:30:56.0496 4672 amdide - ok

21:30:56.0557 4672 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

21:30:56.0559 4672 AmdK7 - ok

21:30:56.0574 4672 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

21:30:56.0590 4672 AmdK8 - ok

21:30:56.0882 4672 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys

21:30:56.0988 4672 amdkmdag - ok

21:30:57.0101 4672 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys

21:30:57.0105 4672 amdkmdap - ok

21:30:57.0205 4672 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

21:30:57.0207 4672 arc - ok

21:30:57.0259 4672 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

21:30:57.0270 4672 arcsas - ok

21:30:57.0331 4672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:30:57.0332 4672 AsyncMac - ok

21:30:57.0354 4672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

21:30:57.0354 4672 atapi - ok

21:30:57.0434 4672 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys

21:30:57.0454 4672 AtiHDAudioService - ok

21:30:57.0898 4672 atikmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys

21:30:57.0961 4672 atikmdag - ok

21:30:58.0077 4672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:30:58.0078 4672 Beep - ok

21:30:58.0098 4672 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

21:30:58.0109 4672 blbdrive - ok

21:30:58.0215 4672 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

21:30:58.0234 4672 bowser - ok

21:30:58.0281 4672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:30:58.0297 4672 BrFiltLo - ok

21:30:58.0362 4672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:30:58.0363 4672 BrFiltUp - ok

21:30:58.0384 4672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:30:58.0385 4672 Brserid - ok

21:30:58.0404 4672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:30:58.0421 4672 BrSerWdm - ok

21:30:58.0439 4672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:30:58.0440 4672 BrUsbMdm - ok

21:30:58.0456 4672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:30:58.0458 4672 BrUsbSer - ok

21:30:58.0468 4672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

21:30:58.0480 4672 BTHMODEM - ok

21:30:58.0778 4672 catchme - ok

21:30:59.0098 4672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:30:59.0149 4672 cdfs - ok

21:30:59.0242 4672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:30:59.0244 4672 cdrom - ok

21:30:59.0288 4672 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

21:30:59.0289 4672 circlass - ok

21:30:59.0385 4672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:30:59.0414 4672 CLFS - ok

21:30:59.0509 4672 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

21:30:59.0524 4672 cmdide - ok

21:30:59.0560 4672 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

21:30:59.0610 4672 Compbatt - ok

21:30:59.0629 4672 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

21:30:59.0630 4672 crcdisk - ok

21:30:59.0866 4672 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

21:30:59.0877 4672 Crusoe - ok

21:30:59.0974 4672 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

21:31:00.0000 4672 DfsC - ok

21:31:00.0069 4672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:31:00.0070 4672 disk - ok

21:31:00.0164 4672 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

21:31:00.0201 4672 Dot4 - ok

21:31:00.0630 4672 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

21:31:00.0652 4672 Dot4Print - ok

21:31:00.0699 4672 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

21:31:00.0737 4672 dot4usb - ok

21:31:00.0922 4672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:31:00.0967 4672 drmkaud - ok

21:31:01.0348 4672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

21:31:01.0381 4672 DXGKrnl - ok

21:31:01.0731 4672 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

21:31:01.0775 4672 e1express - ok

21:31:01.0843 4672 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:31:01.0846 4672 E1G60 - ok

21:31:01.0953 4672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:31:01.0964 4672 Ecache - ok

21:31:02.0092 4672 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

21:31:02.0097 4672 elxstor - ok

21:31:02.0436 4672 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

21:31:02.0449 4672 ErrDev - ok

21:31:02.0539 4672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:31:02.0542 4672 exfat - ok

21:31:02.0576 4672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:31:02.0579 4672 fastfat - ok

21:31:02.0727 4672 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

21:31:02.0738 4672 fdc - ok

21:31:02.0814 4672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:31:02.0816 4672 FileInfo - ok

21:31:02.0842 4672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:31:02.0843 4672 Filetrace - ok

21:31:02.0872 4672 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

21:31:02.0884 4672 flpydisk - ok

21:31:03.0044 4672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:31:03.0065 4672 FltMgr - ok

21:31:03.0111 4672 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

21:31:03.0136 4672 Fs_Rec - ok

21:31:03.0165 4672 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

21:31:03.0178 4672 gagp30kx - ok

21:31:03.0303 4672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:31:03.0353 4672 GEARAspiWDM - ok

21:31:03.0675 4672 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

21:31:03.0684 4672 HdAudAddService - ok

21:31:03.0724 4672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:31:03.0732 4672 HDAudBus - ok

21:31:03.0749 4672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:31:03.0751 4672 HidBth - ok

21:31:03.0763 4672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

21:31:03.0764 4672 HidIr - ok

21:31:03.0914 4672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

21:31:03.0919 4672 HidUsb - ok

21:31:03.0939 4672 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

21:31:03.0952 4672 HpCISSs - ok

21:31:04.0072 4672 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

21:31:04.0079 4672 HTTP - ok

21:31:04.0102 4672 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

21:31:04.0104 4672 i2omp - ok

21:31:04.0195 4672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:31:04.0197 4672 i8042prt - ok

21:31:04.0233 4672 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys

21:31:04.0238 4672 iaStor - ok

21:31:04.0251 4672 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

21:31:04.0255 4672 iaStorV - ok

21:31:04.0293 4672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:31:04.0295 4672 iirsp - ok

21:31:04.0364 4672 IntcAzAudAddService - ok

21:31:04.0454 4672 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

21:31:04.0466 4672 intelide - ok

21:31:04.0517 4672 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

21:31:04.0535 4672 intelppm - ok

21:31:04.0599 4672 IpInIp - ok

21:31:04.0636 4672 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

21:31:04.0654 4672 IPMIDRV - ok

21:31:04.0710 4672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:31:04.0712 4672 IPNAT - ok

21:31:04.0774 4672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:31:04.0787 4672 IRENUM - ok

21:31:04.0808 4672 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

21:31:04.0828 4672 isapnp - ok

21:31:04.0893 4672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:31:04.0908 4672 iScsiPrt - ok

21:31:04.0966 4672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:31:04.0979 4672 iteatapi - ok

21:31:05.0029 4672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:31:05.0031 4672 iteraid - ok

21:31:05.0052 4672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:31:05.0053 4672 kbdclass - ok

21:31:05.0128 4672 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

21:31:05.0129 4672 kbdhid - ok

21:31:05.0160 4672 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

21:31:05.0166 4672 KSecDD - ok

21:31:05.0258 4672 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

21:31:05.0274 4672 LHidFilt - ok

21:31:05.0305 4672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:31:05.0307 4672 lltdio - ok

21:31:05.0322 4672 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys

21:31:05.0324 4672 LMouFilt - ok

21:31:05.0360 4672 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

21:31:05.0376 4672 LSI_FC - ok

21:31:05.0396 4672 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

21:31:05.0399 4672 LSI_SAS - ok

21:31:05.0483 4672 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

21:31:05.0485 4672 LSI_SCSI - ok

21:31:05.0516 4672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:31:05.0517 4672 luafv - ok

21:31:05.0538 4672 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

21:31:05.0539 4672 MBAMProtector - ok

21:31:05.0612 4672 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

21:31:05.0614 4672 megasas - ok

21:31:05.0633 4672 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

21:31:05.0639 4672 MegaSR - ok

21:31:05.0750 4672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:31:05.0766 4672 Modem - ok

21:31:05.0792 4672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:31:05.0793 4672 monitor - ok

21:31:05.0859 4672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:31:05.0874 4672 mouclass - ok

21:31:05.0915 4672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

21:31:05.0930 4672 mouhid - ok

21:31:05.0993 4672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:31:05.0994 4672 MountMgr - ok

21:31:06.0072 4672 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

21:31:06.0075 4672 MpFilter - ok

21:31:06.0131 4672 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

21:31:06.0148 4672 mpio - ok

21:31:06.0280 4672 MpKsl8f59189e (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A8B4297-EE7A-40B0-8CE6-937F4FF19655}\MpKsl8f59189e.sys

21:31:06.0281 4672 MpKsl8f59189e - ok

21:31:06.0380 4672 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

21:31:06.0381 4672 MpNWMon - ok

21:31:06.0405 4672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:31:06.0416 4672 mpsdrv - ok

21:31:06.0443 4672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:31:06.0445 4672 Mraid35x - ok

21:31:06.0475 4672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:31:06.0477 4672 MRxDAV - ok

21:31:06.0519 4672 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:31:06.0521 4672 mrxsmb - ok

21:31:06.0554 4672 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:31:06.0557 4672 mrxsmb10 - ok

21:31:06.0589 4672 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:31:06.0591 4672 mrxsmb20 - ok

21:31:06.0608 4672 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

21:31:06.0610 4672 msahci - ok

21:31:06.0651 4672 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

21:31:06.0653 4672 msdsm - ok

21:31:06.0678 4672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:31:06.0679 4672 Msfs - ok

21:31:06.0729 4672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:31:06.0729 4672 msisadrv - ok

21:31:06.0774 4672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:31:06.0775 4672 MSKSSRV - ok

21:31:06.0835 4672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:31:06.0837 4672 MSPCLOCK - ok

21:31:06.0877 4672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:31:06.0878 4672 MSPQM - ok

21:31:06.0963 4672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:31:06.0966 4672 MsRPC - ok

21:31:06.0993 4672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:31:06.0994 4672 mssmbios - ok

21:31:07.0011 4672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:31:07.0012 4672 MSTEE - ok

21:31:07.0031 4672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:31:07.0032 4672 Mup - ok

21:31:07.0131 4672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:31:07.0139 4672 NativeWifiP - ok

21:31:07.0367 4672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:31:07.0374 4672 NDIS - ok

21:31:07.0411 4672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:31:07.0412 4672 NdisTapi - ok

21:31:07.0424 4672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:31:07.0440 4672 Ndisuio - ok

21:31:07.0514 4672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:31:07.0517 4672 NdisWan - ok

21:31:07.0532 4672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:31:07.0544 4672 NDProxy - ok

21:31:07.0629 4672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:31:07.0630 4672 NetBIOS - ok

21:31:07.0694 4672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:31:07.0696 4672 netbt - ok

21:31:07.0777 4672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:31:07.0789 4672 nfrd960 - ok

21:31:07.0819 4672 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

21:31:07.0820 4672 NisDrv - ok

21:31:07.0923 4672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:31:07.0924 4672 Npfs - ok

21:31:07.0934 4672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:31:07.0935 4672 nsiproxy - ok

21:31:08.0016 4672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:31:08.0030 4672 Ntfs - ok

21:31:08.0051 4672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:31:08.0053 4672 ntrigdigi - ok

21:31:08.0066 4672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:31:08.0077 4672 Null - ok

21:31:08.0098 4672 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

21:31:08.0100 4672 nvraid - ok

21:31:08.0119 4672 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

21:31:08.0120 4672 nvstor - ok

21:31:08.0172 4672 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

21:31:08.0197 4672 nv_agp - ok

21:31:08.0205 4672 NwlnkFlt - ok

21:31:08.0214 4672 NwlnkFwd - ok

21:31:08.0288 4672 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

21:31:08.0303 4672 ohci1394 - ok

21:31:08.0392 4672 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:31:08.0395 4672 Parport - ok

21:31:08.0491 4672 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

21:31:08.0492 4672 partmgr - ok

21:31:08.0507 4672 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:31:08.0508 4672 Parvdm - ok

21:31:08.0587 4672 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms

21:31:08.0627 4672 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok

21:31:08.0676 4672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:31:08.0678 4672 pci - ok

21:31:08.0728 4672 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

21:31:08.0728 4672 pciide - ok

21:31:08.0756 4672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

21:31:08.0759 4672 pcmcia - ok

21:31:08.0825 4672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:31:08.0857 4672 PEAUTH - ok

21:31:08.0947 4672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:31:08.0961 4672 PptpMiniport - ok

21:31:09.0022 4672 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

21:31:09.0024 4672 Processor - ok

21:31:09.0100 4672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:31:09.0105 4672 PSched - ok

21:31:09.0173 4672 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

21:31:09.0174 4672 PxHelp20 - ok

21:31:09.0260 4672 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

21:31:09.0275 4672 ql2300 - ok

21:31:09.0328 4672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:31:09.0331 4672 ql40xx - ok

21:31:09.0345 4672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:31:09.0347 4672 QWAVEdrv - ok

21:31:09.0663 4672 R300 (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys

21:31:09.0728 4672 R300 - ok

21:31:09.0796 4672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:31:09.0797 4672 RasAcd - ok

21:31:09.0815 4672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:31:09.0817 4672 Rasl2tp - ok

21:31:09.0876 4672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:31:09.0877 4672 RasPppoe - ok

21:31:09.0913 4672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:31:09.0937 4672 RasSstp - ok

21:31:09.0992 4672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:31:09.0996 4672 rdbss - ok

21:31:10.0008 4672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:31:10.0010 4672 RDPCDD - ok

21:31:10.0033 4672 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

21:31:10.0038 4672 rdpdr - ok

21:31:10.0095 4672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:31:10.0097 4672 RDPENCDD - ok

21:31:10.0120 4672 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

21:31:10.0124 4672 RDPWD - ok

21:31:10.0153 4672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:31:10.0167 4672 rspndr - ok

21:31:10.0234 4672 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys

21:31:10.0238 4672 RTL8169 - ok

21:31:10.0299 4672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:31:10.0301 4672 sbp2port - ok

21:31:10.0330 4672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:31:10.0331 4672 secdrv - ok

21:31:10.0417 4672 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

21:31:10.0418 4672 Serenum - ok

21:31:10.0431 4672 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

21:31:10.0433 4672 Serial - ok

21:31:10.0447 4672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:31:10.0449 4672 sermouse - ok

21:31:10.0474 4672 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

21:31:10.0486 4672 sffdisk - ok

21:31:10.0509 4672 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

21:31:10.0510 4672 sffp_mmc - ok

21:31:10.0519 4672 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

21:31:10.0520 4672 sffp_sd - ok

21:31:10.0538 4672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:31:10.0549 4672 sfloppy - ok

21:31:10.0571 4672 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

21:31:10.0582 4672 sisagp - ok

21:31:10.0600 4672 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

21:31:10.0616 4672 SiSRaid2 - ok

21:31:10.0687 4672 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

21:31:10.0689 4672 SiSRaid4 - ok

21:31:10.0749 4672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:31:10.0751 4672 Smb - ok

21:31:10.0796 4672 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys

21:31:10.0799 4672 snapman - ok

21:31:10.0820 4672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:31:10.0821 4672 spldr - ok

21:31:10.0892 4672 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

21:31:10.0896 4672 srv - ok

21:31:10.0927 4672 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

21:31:10.0930 4672 srv2 - ok

21:31:11.0000 4672 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

21:31:11.0002 4672 srvnet - ok

21:31:11.0076 4672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:31:11.0077 4672 swenum - ok

21:31:11.0098 4672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:31:11.0099 4672 Symc8xx - ok

21:31:11.0109 4672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:31:11.0111 4672 Sym_hi - ok

21:31:11.0128 4672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:31:11.0142 4672 Sym_u3 - ok

21:31:11.0298 4672 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys

21:31:11.0315 4672 Tcpip - ok

21:31:11.0368 4672 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys

21:31:11.0375 4672 Tcpip6 - ok

21:31:11.0393 4672 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys

21:31:11.0409 4672 tcpipreg - ok

21:31:11.0434 4672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:31:11.0449 4672 TDPIPE - ok

21:31:11.0539 4672 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys

21:31:11.0549 4672 tdrpman273 - ok

21:31:11.0599 4672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:31:11.0610 4672 TDTCP - ok

21:31:11.0664 4672 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

21:31:11.0666 4672 tdx - ok

21:31:11.0697 4672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:31:11.0710 4672 TermDD - ok

21:31:11.0746 4672 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

21:31:11.0747 4672 tifsfilter - ok

21:31:11.0820 4672 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys

21:31:11.0828 4672 timounter - ok

21:31:11.0893 4672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:31:11.0895 4672 tssecsrv - ok

21:31:11.0909 4672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:31:11.0921 4672 tunmp - ok

21:31:11.0972 4672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:31:11.0984 4672 tunnel - ok

21:31:12.0004 4672 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

21:31:12.0006 4672 uagp35 - ok

21:31:12.0070 4672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:31:12.0074 4672 udfs - ok

21:31:12.0099 4672 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

21:31:12.0101 4672 uliagpkx - ok

21:31:12.0125 4672 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

21:31:12.0130 4672 uliahci - ok

21:31:12.0186 4672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:31:12.0201 4672 UlSata - ok

21:31:12.0235 4672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:31:12.0252 4672 ulsata2 - ok

21:31:12.0275 4672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:31:12.0277 4672 umbus - ok

21:31:12.0338 4672 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

21:31:12.0341 4672 usbaudio - ok

21:31:12.0399 4672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:31:12.0400 4672 usbccgp - ok

21:31:12.0466 4672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

21:31:12.0468 4672 usbcir - ok

21:31:12.0535 4672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:31:12.0552 4672 usbehci - ok

21:31:12.0581 4672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:31:12.0585 4672 usbhub - ok

21:31:12.0600 4672 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

21:31:12.0602 4672 usbohci - ok

21:31:12.0624 4672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

21:31:12.0637 4672 usbprint - ok

21:31:12.0730 4672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

21:31:12.0743 4672 usbscan - ok

21:31:12.0773 4672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:31:12.0774 4672 USBSTOR - ok

21:31:12.0790 4672 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

21:31:12.0791 4672 usbuhci - ok

21:31:12.0821 4672 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

21:31:12.0834 4672 vga - ok

21:31:12.0882 4672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:31:12.0900 4672 VgaSave - ok

21:31:12.0960 4672 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

21:31:12.0962 4672 viaagp - ok

21:31:12.0975 4672 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

21:31:12.0987 4672 ViaC7 - ok

21:31:13.0017 4672 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

21:31:13.0019 4672 viaide - ok

21:31:13.0035 4672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:31:13.0036 4672 volmgr - ok

21:31:13.0096 4672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:31:13.0100 4672 volmgrx - ok

21:31:13.0140 4672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:31:13.0143 4672 volsnap - ok

21:31:13.0193 4672 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

21:31:13.0196 4672 vsmraid - ok

21:31:13.0250 4672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:31:13.0251 4672 WacomPen - ok

21:31:13.0266 4672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:31:13.0280 4672 Wanarp - ok

21:31:13.0284 4672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:31:13.0285 4672 Wanarpv6 - ok

21:31:13.0322 4672 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

21:31:13.0324 4672 Wd - ok

21:31:13.0351 4672 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

21:31:13.0358 4672 Wdf01000 - ok

21:31:13.0461 4672 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

21:31:13.0462 4672 WmiAcpi - ok

21:31:13.0596 4672 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

21:31:13.0614 4672 WpdUsb - ok

21:31:13.0713 4672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:31:13.0714 4672 ws2ifsl - ok

21:31:13.0806 4672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:31:13.0809 4672 WUDFRd - ok

21:31:13.0869 4672 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0

21:31:13.0886 4672 \Device\Harddisk0\DR0 - ok

21:31:13.0903 4672 Boot (0x1200) (112daeb0f664b6bc662155f6433f062a) \Device\Harddisk0\DR0\Partition0

21:31:13.0903 4672 \Device\Harddisk0\DR0\Partition0 - ok

21:31:13.0906 4672 Boot (0x1200) (6f2987e9589b6d803a6a2aec082524d2) \Device\Harddisk0\DR0\Partition1

21:31:13.0907 4672 \Device\Harddisk0\DR0\Partition1 - ok

21:31:13.0909 4672 ============================================================

21:31:13.0909 4672 Scan finished

21:31:13.0909 4672 ============================================================

21:31:13.0919 9012 Detected object count: 0

21:31:13.0920 9012 Actual detected object count: 0

21:31:22.0530 9036 Deinitialize success

Link to post
Share on other sites

Hmm.

Grab a fresh copy of ComboFix, run it, and post its log directly into your reply. Use multiple posts if necessary.

Well this got interesting.

Downloaded combofix from bleepingcomputer.com. Ran it as usual, walked away for about 15 minutes, came back and the computer was in the middle of a reboot. Didn't expect that. Finished rebooting and logged into my username and it launched combofix immediately except it was starting and stopping maybe 5 times/second, the blue command window jumping all over the screen. Disabled my mbam (windows defender was still off). No difference and I couldn't kill the process from the task manager (which alternated in name between combofix.exe and combofix/pev.3XE) It was so amazing to watch I took a movie of it.

Re-downloaded combofix from the alternate server on bleepingcomputer's site. Was in spanish but went ahead with it. Ran it and it said there was a never version, did I want to update? Sure. Updated and complained about not being able to find combofix.com. Went through the whole sequence again with same result.

Thinking maybe the browswer was hijacked to a hacked copy of combofix, I downloaded it onto a thumbdrive from another computer and ran it from there. This time it ran normally. Here's the report

=================================================================================================

ComboFix 11-09-27.04 - Admin 09/27/2011 22:43:44.3.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2044 [GMT -7:00]

Running from: c:\users\Carroll\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\program files\google\common\google updater\googleupdaterservice.exe

.

-- Previous Run --

.

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\atapi.sys

.

--------

.

.

((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))

.

.

2011-09-28 06:00 . 2011-09-28 06:01 -------- d-----w- c:\users\Admin\AppData\Local\temp

2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-28 06:00 . 2011-09-28 06:00 -------- d-----w- c:\users\Carroll\AppData\Local\temp

2011-09-27 16:03 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29C0D02A-949C-4D79-8259-9372964D3064}\mpengine.dll

2011-09-20 11:55 . 2011-09-20 11:55 -------- d-----w- c:\programdata\HP Product Assistant

2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Common Files\HP

2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Hewlett-Packard

2011-09-20 11:37 . 2007-10-31 04:19 729088 ----a-w- c:\windows\system32\hpwwiax3.dll

2011-09-20 11:37 . 2007-01-17 08:37 364544 ----a-w- c:\windows\system32\hppldcoi.dll

2011-09-20 11:37 . 2007-01-17 08:31 294912 ----a-w- c:\windows\system32\hpovst11.dll

2011-09-20 10:33 . 2011-09-20 10:34 -------- d-----w- c:\programdata\PCDr

2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Admin\AppData\Roaming\PCDr

2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Carroll\AppData\Roaming\PCDr

2011-09-20 10:23 . 2007-10-31 04:19 970752 ----a-w- c:\windows\system32\hpwtiop3.dll

2011-09-20 09:15 . 2011-09-20 09:14 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-15 23:19 . 2011-09-15 23:19 -------- d-----w- c:\users\Caylen

2011-09-14 04:47 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-13 09:35 . 2011-09-13 09:35 -------- d-----w- c:\windows\Downloaded Installations

2011-09-13 06:42 . 2008-07-01 19:00 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5jy.dll

2011-09-13 06:41 . 2008-07-01 19:10 118272 ----a-w- c:\windows\system32\hpz3l5jy.dll

2011-09-13 06:41 . 2011-09-13 06:41 -------- d-----w- c:\windows\braveheart

2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Roaming\HP

2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Local\HP

2011-09-12 04:31 . 2011-09-12 04:31 -------- d-----w- c:\program files\Common Files\Adobe

2011-09-08 07:16 . 2011-09-08 07:16 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes

2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A30A5F8B-0062-4C87-90B5-303D48142112}\gapaengine.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-09-03 05:43 . 2011-09-03 05:43 -------- d-----w- c:\users\Admin\AppData\Roaming\f-secure

2011-08-31 06:40 . 2011-08-31 06:40 691 ----a-w- c:\users\Admin\AppData\Roaming\GetValue.vbs

2011-08-31 06:40 . 2011-08-31 06:40 35 ----a-w- c:\users\Admin\AppData\Roaming\SetValue.bat

2011-08-30 10:28 . 2011-08-30 10:05 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe

2011-08-30 07:20 . 2011-08-30 06:45 1916416 ----a-w- C:\aswMBR.exe

2011-08-30 05:05 . 2011-08-30 04:22 302592 ----a-w- C:\o2chis5c.exe

2011-08-29 07:10 . 2011-08-29 07:11 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-08-29 07:10 . 2011-08-29 07:10 -------- d-----w- c:\users\Admin\AppData\Roaming\1F1C8B12-A5DA-4288-B01E-DC977B44C3B9

2011-08-29 07:10 . 2011-08-29 07:10 600928 ----a-w- c:\windows\system32\drivers\timntr.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-21 16:35 . 2011-07-03 22:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-12 23:14 . 2011-05-22 09:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-01 00:00 . 2011-06-08 07:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-29 07:10 . 2011-04-18 01:51 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-08-29 07:10 . 2009-10-24 08:34 170528 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-08-12 02:44 . 2011-08-24 17:59 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-22 02:54 . 2011-08-11 10:08 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-11 10:08 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-11 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-11 13:25 . 2011-08-24 18:02 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-08 06:37 . 2011-07-08 06:37 53760 ----a-w- c:\windows\system32\OVDecode.dll

2011-07-08 06:36 . 2011-07-08 06:36 13904896 ----a-w- c:\windows\system32\amdocl.dll

2011-07-08 04:14 . 2011-07-08 04:14 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-07-08 03:33 . 2011-07-08 03:33 17940992 ----a-w- c:\windows\system32\atioglxx.dll

2011-07-08 03:29 . 2011-07-08 03:29 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-07-08 03:29 . 2011-05-25 03:07 689152 ----a-w- c:\windows\system32\aticfx32.dll

2011-07-08 03:25 . 2011-07-08 03:25 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-07-08 03:25 . 2011-07-08 03:25 401408 ----a-w- c:\windows\system32\atieclxx.exe

2011-07-08 03:24 . 2011-07-08 03:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-07-08 03:23 . 2011-07-08 03:23 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-07-08 03:23 . 2011-07-08 03:23 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-07-08 03:23 . 2011-07-08 03:23 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-07-08 03:23 . 2011-07-08 03:23 15872 ----a-w- c:\windows\system32\atimuixx.dll

2011-07-08 03:22 . 2011-07-08 03:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-07-08 03:19 . 2011-07-08 03:19 4275712 ----a-w- c:\windows\system32\atidxx32.dll

2011-07-08 03:05 . 2011-07-08 03:05 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-07-08 03:02 . 2011-07-08 03:02 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-07-08 03:01 . 2011-07-08 03:01 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-07-08 03:00 . 2008-09-05 04:01 4367360 ----a-w- c:\windows\system32\atiumdag.dll

2011-07-08 02:58 . 2011-07-08 02:58 6740480 ----a-w- c:\windows\system32\aticaldd.dll

2011-07-08 02:55 . 2011-07-08 02:55 4039680 ----a-w- c:\windows\system32\atiumdva.dll

2011-07-08 02:54 . 2011-05-25 02:18 52736 ----a-w- c:\windows\system32\coinst.dll

2011-07-08 02:47 . 2011-07-08 02:47 266240 ----a-w- c:\windows\system32\atiadlxx.dll

2011-07-08 02:47 . 2011-07-08 02:47 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-07-08 02:47 . 2011-07-08 02:47 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-07-08 02:46 . 2011-07-08 02:46 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-07-08 02:46 . 2011-07-08 02:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-07-08 02:45 . 2011-05-25 02:24 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-07-08 02:45 . 2011-05-25 02:24 37376 ----a-w- c:\windows\system32\atitmpxx.dll

2011-07-08 02:45 . 2011-07-08 02:45 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-07-06 15:31 . 2011-08-10 19:29 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-07-04 03:18 . 2011-07-04 03:18 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-07-04 03:18 . 2011-07-04 03:18 315392 ----a-w- c:\windows\HideWin.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5550840]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-28 394832]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-11 2536440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Scrub2k"="c:\windows\braveheart\scrub2k.exe" [2007-04-24 65536]

.

c:\users\Carroll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-7 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]

path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

backup=c:\windows\pss\Dell Dock.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754314201-960120119-4017272859-1000]

"EnableNotificationsRef"=dword:00000002

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]

R2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-08-22 21744]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-08-29 752128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-29 3246040]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S2 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-08-29 167968]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-03-30 97808]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

termlfsvc REG_MULTI_SZ

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29]

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29]

.

2011-09-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]

.

2011-09-28 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-27 23:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(7752)

c:\program files\Logitech\SetPoint\lgscroll.dll

.

Completion time: 2011-09-27 23:13:51

ComboFix-quarantined-files.txt 2011-09-28 06:13

ComboFix2.txt 2011-09-14 05:22

.

Pre-Run: 310,881,845,248 bytes free

Post-Run: 309,802,078,208 bytes free

.

- - End Of File - - 964105A85D591151CD3FF2404AC719D7

Link to post
Share on other sites

Hi,

How are things running now? In detail, describe which issues remain.

Hi Chris, thanks for checking back. It's still trying to phone home:

00:31:07 Carroll IP-BLOCK 124.125.251.195 (Type: outgoing, Port: 49675, Process: svchost.exe)

00:31:07 Carroll IP-BLOCK 124.125.251.195 (Type: outgoing, Port: 49675, Process: svchost.exe)

00:31:15 Carroll IP-BLOCK 124.125.251.195 (Type: outgoing, Port: 49675, Process: svchost.exe)

03:59:10 Carroll MESSAGE Scheduled update executed successfully

03:59:11 Carroll MESSAGE IP Protection stopped

03:59:25 Carroll MESSAGE Database updated successfully

03:59:26 Carroll MESSAGE IP Protection started successfully

07:39:59 Carroll MESSAGE Scheduled scan executed successfully

08:15:50 Carroll IP-BLOCK 83.128.64.228 (Type: outgoing, Port: 49675, Process: svchost.exe)

08:15:58 Carroll IP-BLOCK 83.128.64.228 (Type: outgoing, Port: 49675, Process: svchost.exe)

08:16:06 Carroll IP-BLOCK 83.128.64.228 (Type: outgoing, Port: 49675, Process: svchost.exe)

08:59:10 Carroll MESSAGE Scheduled update executed successfully

Link to post
Share on other sites

  • Staff

Hmm.

Before we attempt additional troubleshooting steps, please do this:

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

When it finishes, post its log.

Link to post
Share on other sites

Thanks for sticking with me.

ComboFix 11-10-07.02 - Admin 10/06/2011 22:40:19.3.4 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2499 [GMT -7:00]

Running from: c:\users\Admin\Desktop\sega.com

Command switches used :: /killall

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll

c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll

c:\programdata\PCDr\5830\Downloads\b3c595f3-948c-4aae-b2a9-7aaa0df99c97.dll

c:\programdata\PCDr\5830\Downloads\b4ec5042-c9eb-4e0d-b56f-68c71eb653bf.dll

c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))

.

.

2011-10-07 05:54 . 2011-10-07 06:05 -------- d-----w- c:\users\Admin\AppData\Local\temp

2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-07 05:54 . 2011-10-07 05:54 -------- d-----w- c:\users\Carroll\AppData\Local\temp

2011-10-07 05:17 . 2011-10-07 05:17 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics

2011-10-07 04:18 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1334C62F-F4EA-4B1D-8CAA-943C407E2473}\mpengine.dll

2011-09-20 11:55 . 2011-09-20 11:55 -------- d-----w- c:\programdata\HP Product Assistant

2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Common Files\HP

2011-09-20 11:40 . 2011-09-20 11:40 -------- d-----w- c:\program files\Hewlett-Packard

2011-09-20 11:37 . 2007-10-31 04:19 729088 ----a-w- c:\windows\system32\hpwwiax3.dll

2011-09-20 11:37 . 2007-01-17 08:37 364544 ----a-w- c:\windows\system32\hppldcoi.dll

2011-09-20 11:37 . 2007-01-17 08:31 294912 ----a-w- c:\windows\system32\hpovst11.dll

2011-09-20 10:33 . 2011-10-07 05:15 -------- d-----w- c:\programdata\PCDr

2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Admin\AppData\Roaming\PCDr

2011-09-20 10:25 . 2011-09-20 10:25 -------- d-----w- c:\users\Carroll\AppData\Roaming\PCDr

2011-09-20 10:23 . 2007-10-31 04:19 970752 ----a-w- c:\windows\system32\hpwtiop3.dll

2011-09-20 09:15 . 2011-09-20 09:14 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-14 04:47 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-09-13 09:35 . 2011-09-13 09:35 -------- d-----w- c:\windows\Downloaded Installations

2011-09-13 06:42 . 2008-07-01 19:00 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5jy.dll

2011-09-13 06:41 . 2008-07-01 19:10 118272 ----a-w- c:\windows\system32\hpz3l5jy.dll

2011-09-13 06:41 . 2011-09-13 06:41 -------- d-----w- c:\windows\braveheart

2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Roaming\HP

2011-09-13 05:44 . 2011-09-13 05:44 -------- d-----w- c:\users\Admin\AppData\Local\HP

2011-09-12 04:31 . 2011-09-12 04:31 -------- d-----w- c:\program files\Common Files\Adobe

2011-09-08 07:16 . 2011-09-08 07:16 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes

2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 04:53 . 2011-05-22 02:21 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A30A5F8B-0062-4C87-90B5-303D48142112}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-21 16:35 . 2011-07-03 22:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-12 23:14 . 2011-05-22 09:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-01 00:00 . 2011-06-08 07:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 06:40 . 2011-08-31 06:40 691 ----a-w- c:\users\Admin\AppData\Roaming\GetValue.vbs

2011-08-31 06:40 . 2011-08-31 06:40 35 ----a-w- c:\users\Admin\AppData\Roaming\SetValue.bat

2011-08-30 10:05 . 2011-08-30 10:28 1884866 ----a-w- C:\SmitfraudFix run in safemode.exe

2011-08-30 06:45 . 2011-08-30 07:20 1916416 ----a-w- C:\aswMBR.exe

2011-08-30 04:22 . 2011-08-30 05:05 302592 ----a-w- C:\o2chis5c.exe

2011-08-29 07:11 . 2011-08-29 07:10 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-08-29 07:10 . 2011-04-18 01:51 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-08-29 07:10 . 2011-08-29 07:10 600928 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-08-29 07:10 . 2009-10-24 08:34 170528 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-08-12 02:44 . 2011-08-24 17:59 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-22 02:54 . 2011-08-11 10:08 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-11 10:08 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-11 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-11 13:25 . 2011-08-24 18:02 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5550840]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-28 394832]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-11 2536440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

.

c:\users\Carroll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-7 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]

path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

backup=c:\windows\pss\Dell Dock.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754314201-960120119-4017272859-1000]

"EnableNotificationsRef"=dword:00000002

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]

R2 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-08-22 21744]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-08-29 752128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-29 3246040]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S2 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-08-29 167968]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-03-30 97808]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

termlfsvc REG_MULTI_SZ

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29]

.

2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29]

.

2011-10-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]

.

2011-10-07 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-06 23:05

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehRecvr.exe

c:\windows\ehome\ehsched.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\System32\msdtc.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

c:\windows\system32\locator.exe

c:\windows\System32\snmptrap.exe

c:\program files\Common Files\SureThing Shared\stllssvr.exe

c:\windows\system32\UI0Detect.exe

c:\windows\System32\vds.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\wbem\WmiApSrv.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\iashost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2011-10-06 23:10:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-07 06:10

ComboFix2.txt 2011-09-28 06:13

ComboFix3.txt 2011-09-14 05:22

.

Pre-Run: 298,395,996,160 bytes free

Post-Run: 295,120,961,536 bytes free

.

- - End Of File - - 586E535801C2C7D52D4E9F223CEC0142

Still:

00:31:00 Carroll IP-BLOCK 218.7.221.58 (Type: outgoing, Port: 49675, Process: svchost.exe)

00:31:08 Carroll IP-BLOCK 218.7.221.58 (Type: outgoing, Port: 49675, Process: svchost.exe)

00:31:08 Carroll IP-BLOCK 218.7.221.58 (Type: outgoing, Port: 49675, Process: svchost.exe)

Link to post
Share on other sites

  • Staff

Let's see if one of your legitimate programs is responsible for this:

Click Start --> Run, and type in msconfig.exe

Click the Startup tab, then click Disable all...

Click OK.

Restart your computer and use it normally for a bit, and let me know if the problem persists. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.

Let me know how it goes.

-screen317

Link to post
Share on other sites

Ok, did that. Had to start mbam manually obviously and initiate realtime protection.

A couple of hours later and it's back:

02:38:08 Carroll IP-BLOCK 195.161.7.26 (Type: outgoing, Port: 49675, Process: svchost.exe)

Before I tried your suggestion I was looking through recent logs and found this from yesterday:

17:18:39 Carroll IP-BLOCK 117.21.224.235 (Type: outgoing, Port: 57088, Process: iexplore.exe)

Don't know if this thing is morphing to use a different process or if it might be a new issue. Maybe it was just a result of her visiting a questionable website. It's just odd that nothing was called from svchost.exe on that day, whereas usually svchost makes several attempts/day.

Bottom line, startup|disable all didn't kill it.

Thanks

Link to post
Share on other sites

Thanks Chris, I hope by a full protection log you meant for me to post DDS results. If not please let me know what you want.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Admin at 21:43:44 on 2011-10-16

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1845 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Windows\System32\alg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\ehome\ehsched.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\msdtc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\locator.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\snmptrap.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\svchost.exe -k wcssvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\iashost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sAOB Monitor] c:\program files\acronis\trueimagehome\onlinebackupstandalone\TrueImageMonitor.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\windows\system32\wpclsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{F122BA81-ACD5-4D61-AF47-A651FCC98B43} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-17 752128]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl7fc09d29;MpKsl7fc09d29;c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\MpKsl7fc09d29.sys [2011-10-16 28752]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-8-29 3246040]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-7 176128]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-22 366152]

R2 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R2 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-8-29 167968]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-7 8312832]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-7 244736]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-3-30 97808]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22216]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]

S2 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-11 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-8-22 21744]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-16 08:56:45 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\MpKsl7fc09d29.sys

2011-10-16 08:56:17 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\offreg.dll

2011-10-16 08:56:11 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fa3d21e4-046d-41fe-806b-4aa62a46d98b}\mpengine.dll

2011-10-13 01:08:52 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 01:08:52 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 01:08:52 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 01:08:52 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 01:08:51 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 01:08:42 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-10-13 01:08:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 01:08:35 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 01:08:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-13 01:08:35 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-11 07:33:47 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{045e4158-f032-4513-ab4a-d34ab2ec0cf4}\gapaengine.dll

2011-10-07 07:08:29 -------- d--h--w- c:\windows\PIF

2011-10-07 06:10:14 -------- d-----w- c:\users\admin\appdata\local\temp

2011-10-07 06:09:12 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-07 05:17:01 -------- d-----w- c:\users\admin\appdata\local\ElevatedDiagnostics

2011-09-28 04:58:16 98816 ----a-w- c:\windows\sed.exe

2011-09-28 04:58:16 518144 ----a-w- c:\windows\SWREG.exe

2011-09-28 04:58:16 256000 ----a-w- c:\windows\PEV.exe

2011-09-28 04:58:16 208896 ----a-w- c:\windows\MBR.exe

2011-09-20 11:40:28 -------- d-----w- c:\program files\common files\HP

2011-09-20 11:37:35 729088 ----a-w- c:\windows\system32\hpwwiax3.dll

2011-09-20 11:37:34 364544 ----a-w- c:\windows\system32\hppldcoi.dll

2011-09-20 11:37:34 294912 ----a-w- c:\windows\system32\hpovst11.dll

2011-09-20 10:33:54 -------- d-----w- c:\programdata\PCDr

2011-09-20 10:25:33 -------- d-----w- c:\users\admin\appdata\roaming\PCDr

2011-09-20 10:23:45 970752 ----a-w- c:\windows\system32\hpwtiop3.dll

2011-09-20 09:15:10 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

==================== Find3M ====================

.

2011-09-21 16:35:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 06:40:13 691 ----a-w- c:\users\admin\appdata\roaming\GetValue.vbs

2011-08-31 06:40:13 35 ----a-w- c:\users\admin\appdata\roaming\SetValue.bat

2011-08-30 06:45:10 1916416 ----a-w- C:\aswMBR.exe

2011-08-30 04:22:22 302592 ----a-w- C:\o2chis5c.exe

2011-08-29 07:11:00 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-08-29 07:10:48 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-08-29 07:10:45 600928 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-08-29 07:10:15 170528 ----a-w- c:\windows\system32\drivers\snapman.sys

.

============= FINISH: 21:44:47.83 ===============

Also see Attach.zip

MBAM log:

02:59:13 Carroll MESSAGE Scheduled update executed successfully

02:59:30 Carroll MESSAGE IP Protection stopped

03:01:17 Carroll MESSAGE Database updated successfully

03:01:20 Carroll MESSAGE IP Protection started successfully

04:29:59 Carroll MESSAGE Scheduled scan executed successfully

06:59:10 Carroll MESSAGE Scheduled update executed successfully

06:59:11 Carroll MESSAGE IP Protection stopped

06:59:21 Carroll MESSAGE Database updated successfully

06:59:22 Carroll MESSAGE IP Protection started successfully

07:09:54 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)

07:09:54 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)

07:10:02 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)

07:10:02 Carroll IP-BLOCK 62.45.155.85 (Type: outgoing, Port: 58615, Process: svchost.exe)

07:39:59 Carroll MESSAGE Scheduled scan executed successfully

08:59:10 Carroll MESSAGE Scheduled update executed successfully

08:59:11 Carroll MESSAGE IP Protection stopped

08:59:17 Carroll MESSAGE Database updated successfully

08:59:18 Carroll MESSAGE IP Protection started successfully

10:59:10 Carroll MESSAGE Scheduled update executed successfully

10:59:11 Carroll MESSAGE IP Protection stopped

10:59:16 Carroll MESSAGE Database updated successfully

10:59:17 Carroll MESSAGE IP Protection started successfully

14:59:14 Carroll MESSAGE Scheduled update executed successfully

14:59:16 Carroll MESSAGE IP Protection stopped

14:59:32 Carroll MESSAGE Database updated successfully

14:59:33 Carroll MESSAGE IP Protection started successfully

DDS Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

ESET Online Scanner v3

Java™ 6 Update 5

Adobe Flash Player

Restart your computer.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Get the latest version of Java and Adobe Flash Player.

Reboot and see if the blocks persist. If so:

Click Start, enter cmd.exe, and right-click on cmd.exe when it appears. Click Run as Admin...

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Link to post
Share on other sites

Ok, attempted your instructions.

Couldn't find an instance of Java 6 Update 5 or any other java version to uninstall in Vista's Programs and Features control panel applet. Couldn't find it in any Start program file menu either, nor any uninstall exe file in the Java program dirs. I had installed it early on in this process with you. Maybe there's not supposed to be an uninstall app? Anyway I deleted the two java directories I found in the Program Files directory. Hmm, maybe I should have scanned the registry for remnants.

The other anomally was when trying to run TFC it crashed after awhile, I believe I got a Windows message saying the program had stopped responding or similar. Got it to run by booting into safe mode, but I wonder if that might have an impact on TFC's effectiveness.

Followed rest of instructions. No change. So the chkdsk report follows.

A botched installation of an hp printer program 'Solution Center' annoys every once in awhile to install but can't. I don't think it's related to my svchost calls because the IP's traced to Guatemala the last few times I checked, and Mbam obviously thinks it's evil enough to block. But for yuks I'm going to block in msconfig startup or in services and let you know if anything changes.

Thanks again.

The type of the file system is NTFS.

Volume label is OS.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent complete. (0 of 294144 file records processed)

0 percent complete. (876 of 294144 file records processed)

0 percent complete. (10632 of 294144 file records processed)

0 percent complete. (12182 of 294144 file records processed)

0 percent complete. (16295 of 294144 file records processed)

1 percent complete. (29415 of 294144 file records processed)

1 percent complete. (33025 of 294144 file records processed)

1 percent complete. (46046 of 294144 file records processed)

1 percent complete. (50730 of 294144 file records processed)

1 percent complete. (58593 of 294144 file records processed)

2 percent complete. (58829 of 294144 file records processed)

2 percent complete. (82754 of 294144 file records processed)

3 percent complete. (88244 of 294144 file records processed)

4 percent complete. (117658 of 294144 file records processed)

5 percent complete. (147072 of 294144 file records processed)

6 percent complete. (176487 of 294144 file records processed)

6 percent complete. (190465 of 294144 file records processed)

7 percent complete. (205901 of 294144 file records processed)

8 percent complete. (235316 of 294144 file records processed)

9 percent complete. (264730 of 294144 file records processed)

294144 file records processed. File verification completed.

889 large file records processed. 0 bad file records processed. 0 EA records processed. 96 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)...

11 percent complete. (7932 of 358338 index entries processed)

11 percent complete. (10646 of 358338 index entries processed)

11 percent complete. (13241 of 358338 index entries processed)

12 percent complete. (16191 of 358338 index entries processed)

13 percent complete. (24450 of 358338 index entries processed)

13 percent complete. (31887 of 358338 index entries processed)

14 percent complete. (32710 of 358338 index entries processed)

15 percent complete. (40969 of 358338 index entries processed)

15 percent complete. (47874 of 358338 index entries processed)

16 percent complete. (49229 of 358338 index entries processed)

17 percent complete. (57488 of 358338 index entries processed)

18 percent complete. (65747 of 358338 index entries processed)

19 percent complete. (74007 of 358338 index entries processed)

20 percent complete. (82266 of 358338 index entries processed)

21 percent complete. (90526 of 358338 index entries processed)

22 percent complete. (98785 of 358338 index entries processed)

23 percent complete. (107044 of 358338 index entries processed)

24 percent complete. (115304 of 358338 index entries processed)

25 percent complete. (123563 of 358338 index entries processed)

26 percent complete. (131823 of 358338 index entries processed)

27 percent complete. (140082 of 358338 index entries processed)

28 percent complete. (148341 of 358338 index entries processed)

29 percent complete. (156601 of 358338 index entries processed)

30 percent complete. (164860 of 358338 index entries processed)

31 percent complete. (173120 of 358338 index entries processed)

32 percent complete. (181379 of 358338 index entries processed)

33 percent complete. (189638 of 358338 index entries processed)

34 percent complete. (197898 of 358338 index entries processed)

35 percent complete. (206157 of 358338 index entries processed)

36 percent complete. (214417 of 358338 index entries processed)

37 percent complete. (222676 of 358338 index entries processed)

38 percent complete. (230935 of 358338 index entries processed)

39 percent complete. (239195 of 358338 index entries processed)

40 percent complete. (247454 of 358338 index entries processed)

41 percent complete. (255714 of 358338 index entries processed)

42 percent complete. (263973 of 358338 index entries processed)

43 percent complete. (272232 of 358338 index entries processed)

44 percent complete. (280492 of 358338 index entries processed)

45 percent complete. (288751 of 358338 index entries processed)

45 percent complete. (294147 of 358338 index entries processed)

45 percent complete. (294155 of 358338 index entries processed)

45 percent complete. (294357 of 358338 index entries processed)

45 percent complete. (294718 of 358338 index entries processed)

45 percent complete. (295179 of 358338 index entries processed)

45 percent complete. (295337 of 358338 index entries processed)

45 percent complete. (295461 of 358338 index entries processed)

45 percent complete. (295813 of 358338 index entries processed)

45 percent complete. (295863 of 358338 index entries processed)

45 percent complete. (296012 of 358338 index entries processed)

45 percent complete. (296219 of 358338 index entries processed)

45 percent complete. (296335 of 358338 index entries processed)

45 percent complete. (296341 of 358338 index entries processed)

45 percent complete. (296700 of 358338 index entries processed)

45 percent complete. (296769 of 358338 index entries processed)

45 percent complete. (296792 of 358338 index entries processed)

45 percent complete. (296973 of 358338 index entries processed)

46 percent complete. (297011 of 358338 index entries processed)

46 percent complete. (297718 of 358338 index entries processed)

46 percent complete. (298021 of 358338 index entries processed)

46 percent complete. (298116 of 358338 index entries processed)

46 percent complete. (298204 of 358338 index entries processed)

46 percent complete. (298939 of 358338 index entries processed)

46 percent complete. (299449 of 358338 index entries processed)

46 percent complete. (299856 of 358338 index entries processed)

46 percent complete. (300118 of 358338 index entries processed)

46 percent complete. (300776 of 358338 index entries processed)

46 percent complete. (301220 of 358338 index entries processed)

46 percent complete. (301660 of 358338 index entries processed)

46 percent complete. (301838 of 358338 index entries processed)

46 percent complete. (302053 of 358338 index entries processed)

46 percent complete. (302439 of 358338 index entries processed)

46 percent complete. (302555 of 358338 index entries processed)

46 percent complete. (302680 of 358338 index entries processed)

46 percent complete. (302854 of 358338 index entries processed)

46 percent complete. (303022 of 358338 index entries processed)

46 percent complete. (303251 of 358338 index entries processed)

46 percent complete. (303369 of 358338 index entries processed)

46 percent complete. (303551 of 358338 index entries processed)

46 percent complete. (303704 of 358338 index entries processed)

46 percent complete. (303960 of 358338 index entries processed)

46 percent complete. (304251 of 358338 index entries processed)

46 percent complete. (304549 of 358338 index entries processed)

46 percent complete. (304785 of 358338 index entries processed)

46 percent complete. (305072 of 358338 index entries processed)

47 percent complete. (305270 of 358338 index entries processed)

47 percent complete. (305388 of 358338 index entries processed)

47 percent complete. (305516 of 358338 index entries processed)

47 percent complete. (306126 of 358338 index entries processed)

47 percent complete. (306329 of 358338 index entries processed)

47 percent complete. (306624 of 358338 index entries processed)

47 percent complete. (306814 of 358338 index entries processed)

47 percent complete. (306995 of 358338 index entries processed)

47 percent complete. (307437 of 358338 index entries processed)

47 percent complete. (307614 of 358338 index entries processed)

47 percent complete. (307759 of 358338 index entries processed)

47 percent complete. (307975 of 358338 index entries processed)

47 percent complete. (308150 of 358338 index entries processed)

47 percent complete. (308383 of 358338 index entries processed)

47 percent complete. (309543 of 358338 index entries processed)

47 percent complete. (309585 of 358338 index entries processed)

47 percent complete. (309616 of 358338 index entries processed)

47 percent complete. (309657 of 358338 index entries processed)

47 percent complete. (309760 of 358338 index entries processed)

47 percent complete. (309780 of 358338 index entries processed)

47 percent complete. (309807 of 358338 index entries processed)

47 percent complete. (309888 of 358338 index entries processed)

47 percent complete. (310090 of 358338 index entries processed)

47 percent complete. (310182 of 358338 index entries processed)

47 percent complete. (310327 of 358338 index entries processed)

47 percent complete. (310602 of 358338 index entries processed)

47 percent complete. (310850 of 358338 index entries processed)

47 percent complete. (311002 of 358338 index entries processed)

47 percent complete. (311141 of 358338 index entries processed)

47 percent complete. (311251 of 358338 index entries processed)

47 percent complete. (311432 of 358338 index entries processed)

47 percent complete. (311557 of 358338 index entries processed)

47 percent complete. (311675 of 358338 index entries processed)

47 percent complete. (311802 of 358338 index entries processed)

47 percent complete. (311897 of 358338 index entries processed)

47 percent complete. (312005 of 358338 index entries processed)

47 percent complete. (312088 of 358338 index entries processed)

47 percent complete. (312225 of 358338 index entries processed)

47 percent complete. (312428 of 358338 index entries processed)

47 percent complete. (312538 of 358338 index entries processed)

47 percent complete. (312665 of 358338 index entries processed)

47 percent complete. (313493 of 358338 index entries processed)

48 percent complete. (313529 of 358338 index entries processed)

48 percent complete. (313854 of 358338 index entries processed)

48 percent complete. (314120 of 358338 index entries processed)

48 percent complete. (314519 of 358338 index entries processed)

48 percent complete. (314770 of 358338 index entries processed)

48 percent complete. (314874 of 358338 index entries processed)

48 percent complete. (315130 of 358338 index entries processed)

48 percent complete. (315385 of 358338 index entries processed)

48 percent complete. (315597 of 358338 index entries processed)

48 percent complete. (315782 of 358338 index entries processed)

48 percent complete. (316281 of 358338 index entries processed)

48 percent complete. (316591 of 358338 index entries processed)

48 percent complete. (316746 of 358338 index entries processed)

48 percent complete. (316936 of 358338 index entries processed)

48 percent complete. (317137 of 358338 index entries processed)

48 percent complete. (317346 of 358338 index entries processed)

48 percent complete. (317766 of 358338 index entries processed)

48 percent complete. (318744 of 358338 index entries processed)

48 percent complete. (318916 of 358338 index entries processed)

48 percent complete. (319134 of 358338 index entries processed)

48 percent complete. (319311 of 358338 index entries processed)

48 percent complete. (319509 of 358338 index entries processed)

48 percent complete. (319626 of 358338 index entries processed)

48 percent complete. (319798 of 358338 index entries processed)

48 percent complete. (319995 of 358338 index entries processed)

48 percent complete. (320261 of 358338 index entries processed)

48 percent complete. (320423 of 358338 index entries processed)

48 percent complete. (320763 of 358338 index entries processed)

48 percent complete. (320935 of 358338 index entries processed)

48 percent complete. (321135 of 358338 index entries processed)

48 percent complete. (321269 of 358338 index entries processed)

48 percent complete. (321480 of 358338 index entries processed)

48 percent complete. (321677 of 358338 index entries processed)

49 percent complete. (321789 of 358338 index entries processed)

49 percent complete. (321872 of 358338 index entries processed)

49 percent complete. (321909 of 358338 index entries processed)

49 percent complete. (321945 of 358338 index entries processed)

49 percent complete. (321980 of 358338 index entries processed)

49 percent complete. (322050 of 358338 index entries processed)

49 percent complete. (322072 of 358338 index entries processed)

49 percent complete. (322112 of 358338 index entries processed)

49 percent complete. (322185 of 358338 index entries processed)

49 percent complete. (322289 of 358338 index entries processed)

49 percent complete. (322469 of 358338 index entries processed)

49 percent complete. (322612 of 358338 index entries processed)

49 percent complete. (322829 of 358338 index entries processed)

49 percent complete. (323056 of 358338 index entries processed)

49 percent complete. (323224 of 358338 index entries processed)

49 percent complete. (323399 of 358338 index entries processed)

49 percent complete. (323644 of 358338 index entries processed)

49 percent complete. (323848 of 358338 index entries processed)

49 percent complete. (324274 of 358338 index entries processed)

49 percent complete. (324439 of 358338 index entries processed)

49 percent complete. (324557 of 358338 index entries processed)

49 percent complete. (324608 of 358338 index entries processed)

49 percent complete. (324770 of 358338 index entries processed)

49 percent complete. (324917 of 358338 index entries processed)

49 percent complete. (325366 of 358338 index entries processed)

49 percent complete. (325983 of 358338 index entries processed)

358338 index entries processed. Index verification completed.

0 unindexed files processed. CHKDSK is verifying security descriptors (stage 3 of 3)...

53 percent complete. (0 of 294144 descriptors processed)

53 percent complete. (13389 of 294144 descriptors processed)

54 percent complete. (14242 of 294144 descriptors processed)

55 percent complete. (39020 of 294144 descriptors processed)

56 percent complete. (63799 of 294144 descriptors processed)

57 percent complete. (88577 of 294144 descriptors processed)

58 percent complete. (113355 of 294144 descriptors processed)

59 percent complete. (138133 of 294144 descriptors processed)

60 percent complete. (162911 of 294144 descriptors processed)

61 percent complete. (187690 of 294144 descriptors processed)

62 percent complete. (212468 of 294144 descriptors processed)

63 percent complete. (237246 of 294144 descriptors processed)

64 percent complete. (262024 of 294144 descriptors processed)

65 percent complete. (286802 of 294144 descriptors processed)

294144 security descriptors processed. Security descriptor verification completed.

32098 data files processed. CHKDSK is verifying Usn Journal...

99 percent complete. (0 of 36617416 USN bytes processed)

99 percent complete. (15339520 of 36617416 USN bytes processed)

99 percent complete. (29495296 of 36617416 USN bytes processed)

100 percent complete. (36610048 of 36617416 USN bytes processed)

36617416 USN bytes processed. Usn Journal verification completed.

Windows has checked the file system and found no problems.

472592383 KB total disk space.

186679156 KB in 234963 files.

121708 KB in 32099 indexes.

0 KB in bad sectors.

423659 KB in use by the system.

65536 KB occupied by the log file.

285367860 KB available on disk.

4096 bytes in each allocation unit.

118148095 total allocation units on disk.

71341965 allocation units available on disk.

Link to post
Share on other sites

ComboFix 11-10-24.05 - Admin 10/24/2011 21:51:28.3.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1614 [GMT -7:00]

Running from: c:\users\Carroll\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA0812FD-0B30-403C-AD65-1CF6727E3A10}.xps

c:\users\Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD58AEC7-3FCD-42BF-984A-D2739C5B6D38}.xps

.

.

((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))

.

.

2011-10-25 05:01 . 2011-10-25 05:02 -------- d-----w- c:\users\Admin\AppData\Local\temp

2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Caylen\AppData\Local\temp

2011-10-25 05:01 . 2011-10-25 05:01 -------- d-----w- c:\users\Carroll\AppData\Local\temp

2011-10-24 19:13 . 2011-10-24 19:13 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\MpKsl9ee4e23e.sys

2011-10-24 19:13 . 2011-10-24 19:13 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\offreg.dll

2011-10-24 19:13 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\mpengine.dll

2011-10-21 06:26 . 2011-10-21 06:26 -------- d-----w- c:\users\Carroll\AppData\Roaming\SUPERAntiSpyware.com

2011-10-21 06:25 . 2011-10-21 06:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-21 06:25 . 2011-10-21 06:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-10-18 10:29 . 2011-10-18 10:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-18 10:28 . 2011-10-18 10:28 -------- d-----w- c:\program files\Common Files\Java

2011-10-18 10:26 . 2011-10-18 10:26 -------- d-----w- c:\program files\Java

2011-10-13 01:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 01:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 01:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 01:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 01:08 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 01:08 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-10-13 01:08 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 01:08 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 01:08 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 01:08 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-11 07:33 . 2011-10-11 07:32 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{045E4158-F032-4513-AB4A-D34AB2EC0CF4}\gapaengine.dll

2011-10-07 07:20 . 2011-10-07 07:20 -------- d-----w- c:\users\Caylen\AppData\Roaming\Malwarebytes

2011-10-07 07:08 . 2011-10-07 07:08 -------- d--h--w- c:\windows\PIF

2011-10-07 05:17 . 2011-10-07 05:17 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-18 10:26 . 2011-09-20 09:15 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-07 03:48 . 2011-05-22 09:14 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-01 00:00 . 2011-06-08 07:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 06:40 . 2011-08-31 06:40 691 ----a-w- c:\users\Admin\AppData\Roaming\GetValue.vbs

2011-08-31 06:40 . 2011-08-31 06:40 35 ----a-w- c:\users\Admin\AppData\Roaming\SetValue.bat

2011-08-30 06:45 . 2011-08-30 07:20 1916416 ----a-w- C:\aswMBR.exe

2011-08-30 04:22 . 2011-08-30 05:05 302592 ----a-w- C:\o2chis5c.exe

2011-08-29 07:11 . 2011-08-29 07:10 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-08-29 07:10 . 2011-04-18 01:51 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-08-29 07:10 . 2011-08-29 07:10 600928 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-08-29 07:10 . 2009-10-24 08:34 170528 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-08-12 02:44 . 2011-08-24 17:59 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-28 5550840]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]

"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-11 2536440]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-28 394832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\Carroll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-7 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3754314201-960120119-4017272859-1000]

"EnableNotificationsRef"=dword:00000002

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]

R2 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-08-29 752128]

S1 MpKsl9ee4e23e;MpKsl9ee4e23e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{420E1185-E9E3-4EBF-B756-0E79AE757CD3}\MpKsl9ee4e23e.sys [2011-10-24 28752]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-08-29 3246040]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-08-29 167968]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-03-30 97808]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL955436CF

*NewlyCreated* - MPKSL9C0D9055

*NewlyCreated* - MPKSL9EE4E23E

*NewlyCreated* - MPKSLE9ABC97A

*Deregistered* - MpKsl955436cf

*Deregistered* - MpKsl9c0d9055

*Deregistered* - MpKsle9abc97a

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

termlfsvc REG_MULTI_SZ

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29]

.

2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-12 04:29]

.

2011-10-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]

.

2011-10-25 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-24 22:02

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\users\Admin\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1564)

c:\program files\Logitech\SetPoint\lgscroll.dll

.

Completion time: 2011-10-24 22:05:36

ComboFix-quarantined-files.txt 2011-10-25 05:05

ComboFix2.txt 2011-10-07 06:10

ComboFix3.txt 2011-09-28 06:13

ComboFix4.txt 2011-09-14 05:22

.

Pre-Run: 298,761,576,448 bytes free

Post-Run: 298,793,975,808 bytes free

.

- - End Of File - - 2C73EB8E0D130442DDA55E473A23DE28

22:23:07.0657 5948 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

22:23:07.0824 5948 ============================================================

22:23:07.0824 5948 Current date / time: 2011/10/24 22:23:07.0824

22:23:07.0824 5948 SystemInfo:

22:23:07.0825 5948

22:23:07.0825 5948 OS Version: 6.0.6002 ServicePack: 2.0

22:23:07.0825 5948 Product type: Workstation

22:23:07.0825 5948 ComputerName: CARROLL-PC

22:23:07.0825 5948 UserName: Admin

22:23:07.0825 5948 Windows directory: C:\Windows

22:23:07.0825 5948 System windows directory: C:\Windows

22:23:07.0825 5948 Processor architecture: Intel x86

22:23:07.0825 5948 Number of processors: 4

22:23:07.0825 5948 Page size: 0x1000

22:23:07.0825 5948 Boot type: Normal boot

22:23:07.0825 5948 ============================================================

22:23:11.0789 5948 Initialize success

22:23:29.0468 1796 ============================================================

22:23:29.0468 1796 Scan started

22:23:29.0468 1796 Mode: Manual;

22:23:29.0468 1796 ============================================================

22:23:32.0729 1796 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

22:23:32.0745 1796 ACPI - ok

22:23:32.0971 1796 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

22:23:33.0048 1796 adp94xx - ok

22:23:33.0467 1796 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

22:23:33.0524 1796 adpahci - ok

22:23:33.0642 1796 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

22:23:33.0676 1796 adpu160m - ok

22:23:34.0049 1796 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

22:23:34.0063 1796 adpu320 - ok

22:23:34.0453 1796 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys

22:23:34.0488 1796 afcdp - ok

22:23:34.0828 1796 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

22:23:34.0895 1796 AFD - ok

22:23:35.0423 1796 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

22:23:35.0445 1796 agp440 - ok

22:23:35.0710 1796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

22:23:35.0776 1796 aic78xx - ok

22:23:36.0012 1796 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

22:23:36.0013 1796 aliide - ok

22:23:36.0417 1796 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

22:23:36.0444 1796 amdagp - ok

22:23:36.0797 1796 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

22:23:36.0799 1796 amdide - ok

22:23:36.0981 1796 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

22:23:36.0982 1796 AmdK7 - ok

22:23:37.0077 1796 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

22:23:37.0090 1796 AmdK8 - ok

22:23:40.0204 1796 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys

22:23:43.0443 1796 amdkmdag - ok

22:23:44.0002 1796 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys

22:23:44.0085 1796 amdkmdap - ok

22:23:44.0846 1796 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

22:23:44.0853 1796 arc - ok

22:23:45.0085 1796 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

22:23:45.0087 1796 arcsas - ok

22:23:45.0311 1796 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

22:23:45.0338 1796 AsyncMac - ok

22:23:45.0741 1796 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

22:23:45.0742 1796 atapi - ok

22:23:46.0321 1796 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys

22:23:46.0361 1796 AtiHDAudioService - ok

22:23:48.0403 1796 atikmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys

22:23:48.0467 1796 atikmdag - ok

22:23:49.0005 1796 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

22:23:49.0035 1796 Beep - ok

22:23:49.0533 1796 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

22:23:49.0549 1796 blbdrive - ok

22:23:50.0310 1796 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

22:23:50.0316 1796 bowser - ok

22:23:50.0540 1796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

22:23:50.0573 1796 BrFiltLo - ok

22:23:50.0820 1796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

22:23:50.0860 1796 BrFiltUp - ok

22:23:51.0059 1796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

22:23:51.0076 1796 Brserid - ok

22:23:51.0449 1796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

22:23:51.0462 1796 BrSerWdm - ok

22:23:51.0702 1796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

22:23:51.0723 1796 BrUsbMdm - ok

22:23:52.0165 1796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

22:23:52.0183 1796 BrUsbSer - ok

22:23:52.0463 1796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

22:23:52.0483 1796 BTHMODEM - ok

22:23:52.0826 1796 catchme - ok

22:23:53.0234 1796 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

22:23:53.0246 1796 cdfs - ok

22:23:53.0387 1796 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

22:23:53.0414 1796 cdrom - ok

22:23:53.0700 1796 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

22:23:53.0716 1796 circlass - ok

22:23:53.0830 1796 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

22:23:53.0852 1796 CLFS - ok

22:23:54.0340 1796 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

22:23:54.0353 1796 cmdide - ok

22:23:54.0475 1796 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

22:23:54.0489 1796 Compbatt - ok

22:23:54.0874 1796 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

22:23:54.0882 1796 crcdisk - ok

22:23:54.0942 1796 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

22:23:54.0958 1796 Crusoe - ok

22:23:55.0186 1796 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

22:23:55.0210 1796 DfsC - ok

22:23:55.0656 1796 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

22:23:55.0678 1796 disk - ok

22:23:55.0855 1796 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

22:23:55.0917 1796 Dot4 - ok

22:23:56.0333 1796 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

22:23:56.0355 1796 Dot4Print - ok

22:23:56.0495 1796 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

22:23:56.0521 1796 dot4usb - ok

22:23:56.0986 1796 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

22:23:56.0999 1796 drmkaud - ok

22:23:57.0403 1796 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

22:23:57.0458 1796 DXGKrnl - ok

22:23:57.0770 1796 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

22:23:57.0793 1796 e1express - ok

22:23:57.0833 1796 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

22:23:57.0844 1796 E1G60 - ok

22:23:58.0116 1796 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

22:23:58.0152 1796 Ecache - ok

22:23:58.0278 1796 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

22:23:58.0283 1796 elxstor - ok

22:23:58.0309 1796 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

22:23:58.0310 1796 ErrDev - ok

22:23:58.0399 1796 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

22:23:58.0404 1796 exfat - ok

22:23:58.0838 1796 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

22:23:58.0841 1796 fastfat - ok

22:23:58.0925 1796 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

22:23:58.0935 1796 fdc - ok

22:23:58.0984 1796 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

22:23:59.0009 1796 FileInfo - ok

22:23:59.0059 1796 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

22:23:59.0079 1796 Filetrace - ok

22:23:59.0101 1796 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

22:23:59.0102 1796 flpydisk - ok

22:23:59.0281 1796 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

22:23:59.0284 1796 FltMgr - ok

22:23:59.0489 1796 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

22:23:59.0513 1796 Fs_Rec - ok

22:23:59.0929 1796 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

22:23:59.0930 1796 gagp30kx - ok

22:24:00.0047 1796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:24:00.0069 1796 GEARAspiWDM - ok

22:24:00.0501 1796 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

22:24:00.0535 1796 HdAudAddService - ok

22:24:00.0742 1796 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:24:00.0776 1796 HDAudBus - ok

22:24:01.0196 1796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

22:24:01.0215 1796 HidBth - ok

22:24:01.0491 1796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

22:24:01.0504 1796 HidIr - ok

22:24:02.0084 1796 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

22:24:02.0112 1796 HidUsb - ok

22:24:02.0444 1796 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

22:24:02.0455 1796 HpCISSs - ok

22:24:02.0750 1796 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

22:24:02.0777 1796 HTTP - ok

22:24:03.0083 1796 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

22:24:03.0096 1796 i2omp - ok

22:24:03.0261 1796 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

22:24:03.0278 1796 i8042prt - ok

22:24:03.0854 1796 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys

22:24:03.0888 1796 iaStor - ok

22:24:04.0141 1796 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

22:24:04.0168 1796 iaStorV - ok

22:24:04.0355 1796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

22:24:04.0366 1796 iirsp - ok

22:24:04.0527 1796 IntcAzAudAddService - ok

22:24:04.0728 1796 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

22:24:04.0741 1796 intelide - ok

22:24:04.0836 1796 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

22:24:04.0837 1796 intelppm - ok

22:24:05.0044 1796 IpInIp - ok

22:24:05.0080 1796 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

22:24:05.0092 1796 IPMIDRV - ok

22:24:05.0224 1796 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

22:24:05.0226 1796 IPNAT - ok

22:24:05.0373 1796 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

22:24:05.0389 1796 IRENUM - ok

22:24:05.0548 1796 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

22:24:05.0563 1796 isapnp - ok

22:24:05.0816 1796 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

22:24:05.0839 1796 iScsiPrt - ok

22:24:06.0071 1796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

22:24:06.0087 1796 iteatapi - ok

22:24:06.0236 1796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

22:24:06.0238 1796 iteraid - ok

22:24:06.0296 1796 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

22:24:06.0297 1796 kbdclass - ok

22:24:06.0797 1796 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

22:24:06.0817 1796 kbdhid - ok

22:24:07.0054 1796 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

22:24:07.0061 1796 KSecDD - ok

22:24:07.0505 1796 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

22:24:07.0516 1796 LHidFilt - ok

22:24:07.0632 1796 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

22:24:07.0633 1796 lltdio - ok

22:24:08.0182 1796 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys

22:24:08.0193 1796 LMouFilt - ok

22:24:08.0431 1796 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

22:24:08.0449 1796 LSI_FC - ok

22:24:08.0736 1796 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

22:24:08.0750 1796 LSI_SAS - ok

22:24:08.0933 1796 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

22:24:08.0972 1796 LSI_SCSI - ok

22:24:09.0443 1796 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

22:24:09.0445 1796 luafv - ok

22:24:09.0923 1796 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

22:24:09.0944 1796 MBAMProtector - ok

22:24:10.0116 1796 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

22:24:10.0132 1796 megasas - ok

22:24:10.0440 1796 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

22:24:10.0458 1796 MegaSR - ok

22:24:10.0585 1796 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

22:24:10.0624 1796 Modem - ok

22:24:10.0942 1796 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

22:24:10.0942 1796 monitor - ok

22:24:11.0044 1796 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

22:24:11.0092 1796 mouclass - ok

22:24:11.0475 1796 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

22:24:11.0500 1796 mouhid - ok

22:24:11.0695 1796 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

22:24:11.0741 1796 MountMgr - ok

22:24:12.0412 1796 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

22:24:12.0580 1796 MpFilter - ok

22:24:12.0909 1796 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

22:24:12.0952 1796 mpio - ok

22:24:13.0539 1796 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

22:24:13.0573 1796 MpNWMon - ok

22:24:13.0976 1796 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

22:24:14.0003 1796 mpsdrv - ok

22:24:14.0086 1796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

22:24:14.0088 1796 Mraid35x - ok

22:24:14.0202 1796 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

22:24:14.0227 1796 MRxDAV - ok

22:24:14.0729 1796 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:24:14.0755 1796 mrxsmb - ok

22:24:15.0731 1796 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:24:15.0872 1796 mrxsmb10 - ok

22:24:16.0302 1796 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:24:16.0358 1796 mrxsmb20 - ok

22:24:16.0761 1796 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

22:24:16.0786 1796 msahci - ok

22:24:16.0904 1796 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

22:24:16.0933 1796 msdsm - ok

22:24:17.0513 1796 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

22:24:17.0514 1796 Msfs - ok

22:24:18.0252 1796 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

22:24:18.0354 1796 msisadrv - ok

22:24:18.0564 1796 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

22:24:18.0565 1796 MSKSSRV - ok

22:24:19.0051 1796 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

22:24:19.0077 1796 MSPCLOCK - ok

22:24:19.0184 1796 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

22:24:19.0185 1796 MSPQM - ok

22:24:19.0657 1796 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

22:24:19.0823 1796 MsRPC - ok

22:24:20.0402 1796 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

22:24:20.0402 1796 mssmbios - ok

22:24:21.0052 1796 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

22:24:21.0075 1796 MSTEE - ok

22:24:21.0551 1796 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

22:24:21.0572 1796 Mup - ok

22:24:21.0813 1796 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

22:24:21.0836 1796 NativeWifiP - ok

22:24:22.0780 1796 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

22:24:23.0301 1796 NDIS - ok

22:24:24.0136 1796 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

22:24:24.0159 1796 NdisTapi - ok

22:24:24.0358 1796 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

22:24:24.0383 1796 Ndisuio - ok

22:24:24.0894 1796 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

22:24:24.0927 1796 NdisWan - ok

22:24:25.0449 1796 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

22:24:25.0474 1796 NDProxy - ok

22:24:25.0953 1796 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

22:24:25.0975 1796 NetBIOS - ok

22:24:26.0214 1796 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

22:24:26.0256 1796 netbt - ok

22:24:26.0568 1796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

22:24:26.0608 1796 nfrd960 - ok

22:24:26.0815 1796 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:24:26.0860 1796 NisDrv - ok

22:24:27.0122 1796 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

22:24:27.0148 1796 Npfs - ok

22:24:27.0271 1796 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

22:24:27.0272 1796 nsiproxy - ok

22:24:27.0497 1796 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

22:24:27.0619 1796 Ntfs - ok

22:24:27.0783 1796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

22:24:27.0784 1796 ntrigdigi - ok

22:24:27.0792 1796 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

22:24:27.0793 1796 Null - ok

22:24:27.0860 1796 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

22:24:27.0877 1796 nvraid - ok

22:24:27.0924 1796 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

22:24:27.0942 1796 nvstor - ok

22:24:28.0385 1796 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

22:24:28.0401 1796 nv_agp - ok

22:24:28.0417 1796 NwlnkFlt - ok

22:24:28.0486 1796 NwlnkFwd - ok

22:24:28.0921 1796 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

22:24:28.0922 1796 ohci1394 - ok

22:24:29.0193 1796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

22:24:29.0212 1796 Parport - ok

22:24:29.0641 1796 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

22:24:29.0672 1796 partmgr - ok

22:24:30.0296 1796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

22:24:30.0330 1796 Parvdm - ok

22:24:30.0698 1796 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

22:24:30.0703 1796 pci - ok

22:24:31.0060 1796 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

22:24:31.0087 1796 pciide - ok

22:24:31.0443 1796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

22:24:31.0480 1796 pcmcia - ok

22:24:32.0032 1796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

22:24:32.0097 1796 PEAUTH - ok

22:24:32.0505 1796 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

22:24:32.0532 1796 PptpMiniport - ok

22:24:32.0629 1796 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

22:24:32.0630 1796 Processor - ok

22:24:32.0988 1796 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

22:24:33.0013 1796 PSched - ok

22:24:33.0197 1796 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

22:24:33.0226 1796 PxHelp20 - ok

22:24:33.0681 1796 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

22:24:33.0724 1796 ql2300 - ok

22:24:33.0986 1796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

22:24:33.0988 1796 ql40xx - ok

22:24:34.0036 1796 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

22:24:34.0037 1796 QWAVEdrv - ok

22:24:34.0787 1796 R300 (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys

22:24:34.0852 1796 R300 - ok

22:24:34.0945 1796 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

22:24:34.0946 1796 RasAcd - ok

22:24:34.0966 1796 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:24:34.0967 1796 Rasl2tp - ok

22:24:35.0033 1796 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

22:24:35.0034 1796 RasPppoe - ok

22:24:35.0078 1796 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

22:24:35.0080 1796 RasSstp - ok

22:24:35.0124 1796 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

22:24:35.0128 1796 rdbss - ok

22:24:35.0166 1796 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:24:35.0189 1796 RDPCDD - ok

22:24:35.0243 1796 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

22:24:35.0247 1796 rdpdr - ok

22:24:35.0266 1796 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

22:24:35.0267 1796 RDPENCDD - ok

22:24:35.0339 1796 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

22:24:35.0345 1796 RDPWD - ok

22:24:35.0367 1796 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

22:24:35.0369 1796 rspndr - ok

22:24:35.0483 1796 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys

22:24:35.0493 1796 RTL8169 - ok

22:24:35.0652 1796 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

22:24:35.0653 1796 SASDIFSV - ok

22:24:35.0713 1796 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

22:24:35.0715 1796 SASKUTIL - ok

22:24:35.0753 1796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

22:24:35.0765 1796 sbp2port - ok

22:24:35.0853 1796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:24:35.0855 1796 secdrv - ok

22:24:35.0875 1796 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

22:24:35.0876 1796 Serenum - ok

22:24:35.0915 1796 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

22:24:35.0917 1796 Serial - ok

22:24:35.0947 1796 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

22:24:35.0949 1796 sermouse - ok

22:24:35.0973 1796 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

22:24:35.0974 1796 sffdisk - ok

22:24:35.0991 1796 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

22:24:35.0992 1796 sffp_mmc - ok

22:24:36.0028 1796 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

22:24:36.0029 1796 sffp_sd - ok

22:24:36.0085 1796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

22:24:36.0086 1796 sfloppy - ok

22:24:36.0112 1796 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

22:24:36.0114 1796 sisagp - ok

22:24:36.0131 1796 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

22:24:36.0133 1796 SiSRaid2 - ok

22:24:36.0165 1796 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

22:24:36.0177 1796 SiSRaid4 - ok

22:24:36.0238 1796 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

22:24:36.0239 1796 Smb - ok

22:24:36.0320 1796 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys

22:24:36.0330 1796 snapman - ok

22:24:36.0460 1796 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

22:24:36.0462 1796 spldr - ok

22:24:36.0600 1796 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

22:24:36.0626 1796 srv - ok

22:24:36.0700 1796 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

22:24:36.0703 1796 srv2 - ok

22:24:36.0711 1796 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

22:24:36.0713 1796 srvnet - ok

22:24:36.0774 1796 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

22:24:36.0775 1796 swenum - ok

22:24:36.0792 1796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

22:24:36.0794 1796 Symc8xx - ok

22:24:36.0873 1796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

22:24:36.0899 1796 Sym_hi - ok

22:24:36.0931 1796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

22:24:36.0933 1796 Sym_u3 - ok

22:24:37.0013 1796 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys

22:24:37.0025 1796 Tcpip - ok

22:24:37.0056 1796 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys

22:24:37.0063 1796 Tcpip6 - ok

22:24:37.0116 1796 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys

22:24:37.0118 1796 tcpipreg - ok

22:24:37.0397 1796 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

22:24:37.0398 1796 TDPIPE - ok

22:24:37.0546 1796 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys

22:24:37.0556 1796 tdrpman273 - ok

22:24:37.0588 1796 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

22:24:37.0589 1796 TDTCP - ok

22:24:37.0664 1796 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

22:24:37.0675 1796 tdx - ok

22:24:37.0712 1796 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

22:24:37.0714 1796 TermDD - ok

22:24:37.0787 1796 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

22:24:37.0789 1796 tifsfilter - ok

22:24:37.0928 1796 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys

22:24:37.0941 1796 timounter - ok

22:24:38.0013 1796 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:24:38.0014 1796 tssecsrv - ok

22:24:38.0036 1796 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

22:24:38.0037 1796 tunmp - ok

22:24:38.0095 1796 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

22:24:38.0097 1796 tunnel - ok

22:24:38.0118 1796 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

22:24:38.0120 1796 uagp35 - ok

22:24:38.0186 1796 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

22:24:38.0190 1796 udfs - ok

22:24:38.0298 1796 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

22:24:38.0300 1796 uliagpkx - ok

22:24:38.0341 1796 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

22:24:38.0369 1796 uliahci - ok

22:24:38.0414 1796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

22:24:38.0416 1796 UlSata - ok

22:24:38.0476 1796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

22:24:38.0498 1796 ulsata2 - ok

22:24:38.0515 1796 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

22:24:38.0517 1796 umbus - ok

22:24:38.0623 1796 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

22:24:38.0625 1796 usbaudio - ok

22:24:38.0707 1796 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

22:24:38.0709 1796 usbccgp - ok

22:24:38.0760 1796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

22:24:38.0762 1796 usbcir - ok

22:24:38.0834 1796 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

22:24:38.0835 1796 usbehci - ok

22:24:38.0988 1796 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

22:24:38.0991 1796 usbhub - ok

22:24:39.0060 1796 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

22:24:39.0062 1796 usbohci - ok

22:24:39.0098 1796 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

22:24:39.0099 1796 usbprint - ok

22:24:39.0170 1796 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

22:24:39.0172 1796 usbscan - ok

22:24:39.0197 1796 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:24:39.0198 1796 USBSTOR - ok

22:24:39.0213 1796 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

22:24:39.0224 1796 usbuhci - ok

22:24:39.0300 1796 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

22:24:39.0322 1796 vga - ok

22:24:39.0356 1796 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

22:24:39.0377 1796 VgaSave - ok

22:24:39.0421 1796 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

22:24:39.0423 1796 viaagp - ok

22:24:39.0449 1796 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

22:24:39.0450 1796 ViaC7 - ok

22:24:39.0483 1796 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

22:24:39.0485 1796 viaide - ok

22:24:39.0500 1796 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

22:24:39.0502 1796 volmgr - ok

22:24:39.0578 1796 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

22:24:39.0582 1796 volmgrx - ok

22:24:39.0647 1796 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

22:24:39.0680 1796 volsnap - ok

22:24:39.0847 1796 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

22:24:39.0873 1796 vsmraid - ok

22:24:40.0238 1796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

22:24:40.0269 1796 WacomPen - ok

22:24:40.0384 1796 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:24:40.0412 1796 Wanarp - ok

22:24:40.0416 1796 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:24:40.0417 1796 Wanarpv6 - ok

22:24:40.0579 1796 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

22:24:40.0608 1796 Wd - ok

22:24:40.0941 1796 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

22:24:41.0008 1796 Wdf01000 - ok

22:24:41.0706 1796 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

22:24:41.0763 1796 WmiAcpi - ok

22:24:42.0236 1796 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

22:24:42.0275 1796 WpdUsb - ok

22:24:42.0647 1796 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

22:24:42.0668 1796 ws2ifsl - ok

22:24:43.0156 1796 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:24:43.0158 1796 WUDFRd - ok

22:24:43.0242 1796 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0

22:24:43.0309 1796 \Device\Harddisk0\DR0 - ok

22:24:43.0359 1796 Boot (0x1200) (112daeb0f664b6bc662155f6433f062a) \Device\Harddisk0\DR0\Partition0

22:24:43.0386 1796 \Device\Harddisk0\DR0\Partition0 - ok

22:24:43.0398 1796 Boot (0x1200) (6f2987e9589b6d803a6a2aec082524d2) \Device\Harddisk0\DR0\Partition1

22:24:43.0399 1796 \Device\Harddisk0\DR0\Partition1 - ok

22:24:43.0399 1796 ============================================================

22:24:43.0399 1796 Scan finished

22:24:43.0399 1796 ============================================================

22:24:43.0409 5356 Detected object count: 0

22:24:43.0409 5356 Actual detected object count: 0

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.