Jump to content

Recommended Posts

Have spent the last 48 hours trying to clean my system of trojan dropper win32 sirefef.b ... NO ANTI VIRUS PROGRAM WORKS - here is my DDS log...

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Caroline at 11:10:42 on 2011-09-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.2548 [GMT 10:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\3690218385:1857817380.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\caroline\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [CamAppSTI.exe] c:\program files\usb2.0 pc camera\CamAppSTI.exe

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [VolPanel] "c:\program files\creative\sb x-fi mb\volume panel\VolPanlu.exe" /r

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\caroline\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\caroline\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F8ABE8E6-D705-4D2D-AB74-B07041CA1137} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F8ABE8E6-D705-4D2D-AB74-B07041CA1137}\341627F6C696E65602B456C6C6972E08993702960586F6E656 : DhcpNameServer = 10.4.85.135 10.4.176.231

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\caroline\appdata\roaming\mozilla\firefox\profiles\rxnwi4b5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc923c0&v=6.103.018.001&i=23&tp=ab&iy=&ychte=au&lng=en-GB&q=

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\caroline\appdata\roaming\mozilla\firefox\profiles\rxnwi4b5.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\caroline\appdata\roaming\mozilla\firefox\profiles\rxnwi4b5.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

FF - component: c:\users\caroline\appdata\roaming\mozilla\firefox\profiles\rxnwi4b5.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

FF - component: c:\users\caroline\appdata\roaming\mozilla\firefox\profiles\rxnwi4b5.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\caroline\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\users\caroline\appdata\roaming\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\users\caroline\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\caroline\appdata\roaming\mozilla\firefox\profiles\rxnwi4b5.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\users\caroline\appdata\roaming\mozilla\firefox\profiles\rxnwi4b5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\users\caroline\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\caroline\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext

FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}

FF - Ext: Zoodles: firefox@zoodles.com - %profile%\extensions\firefox@zoodles.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

.

============= SERVICES / DRIVERS ===============

.

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-7-17 54784]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-15 335240]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-15 27784]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-15 108552]

S1 SASDIFSV;SASDIFSV;c:\users\caroline\appdata\local\temp\sas_selfextract\sasdifsv.sys [2011-7-23 12880]

S1 SASKUTIL;SASKUTIL;c:\users\caroline\appdata\local\temp\sas_selfextract\saskutil.sys [2011-7-13 67664]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/08/10 20:20:09];c:\program files\cyberlink\powerdvd dx\000.fcl [2011-8-10 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\AEstSrv.exe [2011-8-10 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-10 176128]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\program files\avg\avg8\avgemc.exe [2009-8-15 908056]

S2 avg8wd;AVG Free8 WatchDog;c:\program files\avg\avg8\avgwdsvc.exe [2009-8-15 297752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-28 947528]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-7-16 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-16 79360]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-16 143968]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-4-5 102784]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-4-5 116736]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]

S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-7-16 79360]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-13 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-16 1343400]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

.

=============== Created Last 30 ================

.

2011-09-29 01:02:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 01:02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 00:51:28 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f899a3e5-ff22-4399-ba1f-3c7aceac2e41}\offreg.dll

2011-09-29 00:47:12 -------- d-----w- C:\autoruns

2011-09-28 06:40:10 -------- d-----w- c:\users\caroline\appdata\roaming\SUPERAntiSpyware.com

2011-09-28 06:40:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-28 06:19:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-28 06:19:04 -------- d-----w- c:\users\caroline\appdata\roaming\Malwarebytes

2011-09-28 06:18:57 -------- d-----w- c:\programdata\Malwarebytes

2011-09-27 07:48:04 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f899a3e5-ff22-4399-ba1f-3c7aceac2e41}\mpengine.dll

2011-09-27 07:35:34 48016 --sha-w- c:\windows\system32\c_78923.nl_

2011-09-27 02:26:17 -------- d-----w- c:\windows\system32\SPReview

2011-09-26 08:10:43 -------- d-----w- c:\users\caroline\appdata\roaming\QuickScan

2011-09-26 08:04:50 -------- d-----w- c:\users\caroline\appdata\local\Conduit

2011-09-26 04:52:10 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys

.

==================== Find3M ====================

.

2011-09-27 02:37:44 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-10 07:08:02 0 ----a-w- c:\windows\ativpsrm.bin

2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: ST9320325AS rev.0003DEM1 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85DDE4A0]<<

_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }

1 ntkrnlpa!IofCallDriver[0x8247752A] -> \Device\Harddisk0\DR0[0x85969410]

3 CLASSPNP[0x8ABA859E] -> ntkrnlpa!IofCallDriver[0x8247752A] -> [0x85CDC928]

\Driver\00000428[0x85C8DBC0] -> IRP_MJ_CREATE -> 0x85DDE4A0

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 11:12:24.97 ===============

Link to post
Share on other sites

The first symptom was Chrome diverting to ad pages... Now cant use Chrome, Firefox, IE - Safari does work however.

GMER runs for a few seconds then terminates

Avg wont work

Tried running them all in safe mode (after changing names / directories to get them to work)... no luck!

Am i doomed?

No restore points prior to infection... all have been deleted.

I have windows 7 update disks - should I just reinstall? Will that fix the problem?

Link to post
Share on other sites

hijack this log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:20:14 PM, on 29/09/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AirPort\APAgent.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [CamAppSTI.exe] C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--

End of file - 11608 bytes

Link to post
Share on other sites

latest TDSS log:

---

18:26:19.0086 2516 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

18:26:20.0162 2516 ============================================================

18:26:20.0162 2516 Current date / time: 2011/09/29 18:26:20.0162

18:26:20.0162 2516 SystemInfo:

18:26:20.0162 2516

18:26:20.0162 2516 OS Version: 6.1.7601 ServicePack: 1.0

18:26:20.0162 2516 Product type: Workstation

18:26:20.0162 2516 ComputerName: CAROLINE-PC

18:26:20.0162 2516 UserName: Caroline

18:26:20.0162 2516 Windows directory: C:\Windows

18:26:20.0162 2516 System windows directory: C:\Windows

18:26:20.0162 2516 Processor architecture: Intel x86

18:26:20.0162 2516 Number of processors: 2

18:26:20.0162 2516 Page size: 0x1000

18:26:20.0162 2516 Boot type: Normal boot

18:26:20.0162 2516 ============================================================

18:26:23.0220 2516 Initialize success

18:26:29.0616 1584 ============================================================

18:26:29.0616 1584 Scan started

18:26:29.0616 1584 Mode: Manual; SigCheck; TDLFS;

18:26:29.0616 1584 ============================================================

18:26:31.0628 1584 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

18:26:31.0816 1584 1394ohci - ok

18:26:32.0034 1584 9143f4db (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3690218385:1857817380.exe

18:26:32.0034 1584 Suspicious file (Hidden): C:\Windows\3690218385:1857817380.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

18:26:32.0034 1584 9143f4db ( HiddenFile.Multi.Generic ) - warning

18:26:32.0034 1584 9143f4db - detected HiddenFile.Multi.Generic (1)

18:26:32.0533 1584 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

18:26:32.0596 1584 ACPI - ok

18:26:33.0656 1584 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

18:26:33.0719 1584 AcpiPmi - ok

18:26:34.0327 1584 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

18:26:34.0405 1584 adp94xx - ok

18:26:35.0466 1584 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

18:26:35.0528 1584 adpahci - ok

18:26:36.0106 1584 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

18:26:36.0168 1584 adpu320 - ok

18:26:36.0808 1584 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

18:26:36.0886 1584 AFD - ok

18:26:37.0463 1584 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

18:26:37.0525 1584 agp440 - ok

18:26:38.0102 1584 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

18:26:38.0149 1584 aic78xx - ok

18:26:38.0882 1584 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

18:26:38.0929 1584 aliide - ok

18:26:39.0506 1584 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

18:26:39.0553 1584 amdagp - ok

18:26:40.0099 1584 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

18:26:40.0146 1584 amdide - ok

18:26:40.0723 1584 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

18:26:40.0786 1584 AmdK8 - ok

18:26:41.0363 1584 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

18:26:41.0441 1584 AmdPPM - ok

18:26:42.0018 1584 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

18:26:42.0080 1584 amdsata - ok

18:26:42.0642 1584 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

18:26:42.0720 1584 amdsbs - ok

18:26:43.0266 1584 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

18:26:43.0313 1584 amdxata - ok

18:26:44.0374 1584 ApfiltrService (ccf9cc50dda86023626de4cda96a5934) C:\Windows\system32\DRIVERS\Apfiltr.sys

18:26:44.0483 1584 ApfiltrService - ok

18:26:45.0060 1584 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

18:26:45.0138 1584 AppID - ok

18:26:45.0824 1584 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

18:26:45.0887 1584 arc - ok

18:26:46.0433 1584 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

18:26:46.0495 1584 arcsas - ok

18:26:47.0119 1584 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

18:26:47.0213 1584 AsyncMac - ok

18:26:47.0759 1584 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

18:26:47.0806 1584 atapi - ok

18:26:48.0430 1584 AtiHdmiService (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys

18:26:48.0492 1584 AtiHdmiService - ok

18:26:49.0334 1584 atikmdag (6b70eb8e4aaf60598d61bcf8c41eacfb) C:\Windows\system32\DRIVERS\atikmdag.sys

18:26:49.0537 1584 atikmdag - ok

18:26:50.0146 1584 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys

18:26:50.0208 1584 ATSwpWDF - ok

18:26:50.0832 1584 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

18:26:50.0894 1584 b06bdrv - ok

18:26:51.0472 1584 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

18:26:51.0534 1584 b57nd60x - ok

18:26:52.0174 1584 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

18:26:52.0236 1584 Beep - ok

18:26:52.0829 1584 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

18:26:52.0891 1584 blbdrive - ok

18:26:53.0484 1584 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

18:26:53.0562 1584 bowser - ok

18:26:54.0124 1584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:26:54.0186 1584 BrFiltLo - ok

18:26:54.0763 1584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:26:54.0794 1584 BrFiltUp - ok

18:26:55.0465 1584 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

18:26:55.0559 1584 Brserid - ok

18:26:56.0120 1584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

18:26:56.0214 1584 BrSerWdm - ok

18:26:56.0791 1584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:26:56.0838 1584 BrUsbMdm - ok

18:26:57.0415 1584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

18:26:57.0478 1584 BrUsbSer - ok

18:26:58.0039 1584 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

18:26:58.0117 1584 BTHMODEM - ok

18:26:58.0710 1584 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

18:26:58.0788 1584 cdfs - ok

18:26:59.0381 1584 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

18:26:59.0443 1584 cdrom - ok

18:27:00.0052 1584 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

18:27:00.0114 1584 circlass - ok

18:27:00.0676 1584 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

18:27:00.0754 1584 CLFS - ok

18:27:01.0346 1584 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

18:27:01.0424 1584 CmBatt - ok

18:27:01.0955 1584 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

18:27:02.0002 1584 cmdide - ok

18:27:02.0579 1584 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

18:27:02.0657 1584 CNG - ok

18:27:03.0218 1584 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

18:27:03.0265 1584 Compbatt - ok

18:27:03.0842 1584 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

18:27:03.0905 1584 CompositeBus - ok

18:27:04.0482 1584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

18:27:04.0529 1584 crcdisk - ok

18:27:05.0558 1584 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys

18:27:05.0668 1584 CtClsFlt - ok

18:27:06.0260 1584 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

18:27:06.0338 1584 discache - ok

18:27:06.0931 1584 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

18:27:06.0978 1584 Disk - ok

18:27:07.0571 1584 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

18:27:07.0602 1584 drmkaud - ok

18:27:08.0195 1584 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

18:27:08.0273 1584 DXGKrnl - ok

18:27:08.0959 1584 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

18:27:09.0146 1584 ebdrv - ok

18:27:09.0755 1584 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

18:27:09.0833 1584 elxstor - ok

18:27:10.0441 1584 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

18:27:10.0504 1584 ErrDev - ok

18:27:11.0471 1584 ewusbnet (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys

18:27:11.0533 1584 ewusbnet - ok

18:27:12.0110 1584 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

18:27:12.0220 1584 ew_hwusbdev - ok

18:27:12.0797 1584 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

18:27:12.0937 1584 exfat - ok

18:27:13.0499 1584 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

18:27:13.0592 1584 fastfat - ok

18:27:14.0185 1584 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

18:27:14.0232 1584 fdc - ok

18:27:14.0809 1584 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

18:27:14.0872 1584 FileInfo - ok

18:27:15.0449 1584 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

18:27:15.0542 1584 Filetrace - ok

18:27:16.0525 1584 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

18:27:16.0572 1584 flpydisk - ok

18:27:17.0165 1584 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

18:27:17.0227 1584 FltMgr - ok

18:27:17.0820 1584 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

18:27:17.0867 1584 FsDepends - ok

18:27:18.0444 1584 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

18:27:18.0491 1584 Fs_Rec - ok

18:27:19.0099 1584 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

18:27:19.0193 1584 fvevol - ok

18:27:19.0786 1584 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:27:19.0832 1584 gagp30kx - ok

18:27:20.0394 1584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:27:20.0425 1584 GEARAspiWDM - ok

18:27:21.0018 1584 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

18:27:21.0065 1584 hcw85cir - ok

18:27:21.0642 1584 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

18:27:21.0704 1584 HdAudAddService - ok

18:27:22.0297 1584 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

18:27:22.0344 1584 HDAudBus - ok

18:27:22.0906 1584 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

18:27:22.0968 1584 HidBatt - ok

18:27:23.0530 1584 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

18:27:23.0623 1584 HidBth - ok

18:27:24.0185 1584 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

18:27:24.0263 1584 HidIr - ok

18:27:24.0856 1584 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

18:27:24.0918 1584 HidUsb - ok

18:27:25.0526 1584 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

18:27:25.0573 1584 HpSAMD - ok

18:27:26.0244 1584 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

18:27:26.0384 1584 HTTP - ok

18:27:26.0993 1584 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys

18:27:27.0086 1584 hwdatacard - ok

18:27:27.0648 1584 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

18:27:27.0695 1584 hwpolicy - ok

18:27:28.0272 1584 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

18:27:28.0366 1584 i8042prt - ok

18:27:28.0974 1584 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

18:27:29.0068 1584 iaStorV - ok

18:27:29.0660 1584 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

18:27:29.0707 1584 iirsp - ok

18:27:30.0284 1584 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

18:27:30.0331 1584 intelide - ok

18:27:30.0971 1584 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

18:27:31.0049 1584 intelppm - ok

18:27:31.0642 1584 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:27:31.0766 1584 IpFilterDriver - ok

18:27:32.0359 1584 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

18:27:32.0453 1584 IPMIDRV - ok

18:27:33.0014 1584 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

18:27:33.0124 1584 IPNAT - ok

18:27:33.0716 1584 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

18:27:33.0794 1584 IRENUM - ok

18:27:34.0356 1584 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

18:27:34.0403 1584 isapnp - ok

18:27:34.0980 1584 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

18:27:35.0042 1584 iScsiPrt - ok

18:27:35.0620 1584 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys

18:27:35.0666 1584 itecir - ok

18:27:36.0696 1584 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys

18:27:36.0774 1584 k57nd60x - ok

18:27:37.0351 1584 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

18:27:37.0414 1584 kbdclass - ok

18:27:38.0006 1584 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

18:27:38.0084 1584 kbdhid - ok

18:27:38.0677 1584 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

18:27:38.0740 1584 KSecDD - ok

18:27:39.0301 1584 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

18:27:39.0348 1584 KSecPkg - ok

18:27:39.0941 1584 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

18:27:40.0050 1584 lltdio - ok

18:27:40.0658 1584 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:27:40.0705 1584 LSI_FC - ok

18:27:41.0282 1584 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:27:41.0329 1584 LSI_SAS - ok

18:27:41.0906 1584 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:27:41.0953 1584 LSI_SAS2 - ok

18:27:42.0530 1584 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:27:42.0577 1584 LSI_SCSI - ok

18:27:43.0154 1584 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

18:27:43.0279 1584 luafv - ok

18:27:43.0841 1584 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

18:27:43.0888 1584 megasas - ok

18:27:44.0449 1584 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

18:27:44.0512 1584 MegaSR - ok

18:27:45.0073 1584 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

18:27:45.0167 1584 Modem - ok

18:27:46.0212 1584 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

18:27:46.0274 1584 monitor - ok

18:27:46.0867 1584 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

18:27:46.0914 1584 mouclass - ok

18:27:47.0507 1584 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

18:27:47.0554 1584 mouhid - ok

18:27:48.0146 1584 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

18:27:48.0193 1584 mountmgr - ok

18:27:48.0755 1584 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

18:27:48.0833 1584 MpFilter - ok

18:27:49.0410 1584 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

18:27:49.0472 1584 mpio - ok

18:27:49.0722 1584 MpKsl0d25eab3 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79A1996C-3F07-40FF-B06E-6BA3CCB6D568}\MpKsl0d25eab3.sys

18:27:49.0784 1584 MpKsl0d25eab3 - ok

18:27:50.0003 1584 MpKsl35baffc2 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79A1996C-3F07-40FF-B06E-6BA3CCB6D568}\MpKsl35baffc2.sys

18:27:50.0050 1584 MpKsl35baffc2 - ok

18:27:50.0642 1584 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

18:27:50.0705 1584 MpNWMon - ok

18:27:51.0391 1584 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

18:27:51.0485 1584 mpsdrv - ok

18:27:52.0046 1584 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

18:27:52.0124 1584 MRxDAV - ok

18:27:52.0733 1584 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:27:52.0826 1584 mrxsmb - ok

18:27:53.0435 1584 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:27:53.0497 1584 mrxsmb10 - ok

18:27:54.0106 1584 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:27:54.0184 1584 mrxsmb20 - ok

18:27:54.0730 1584 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

18:27:54.0776 1584 msahci - ok

18:27:55.0354 1584 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

18:27:55.0416 1584 msdsm - ok

18:27:55.0993 1584 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

18:27:56.0071 1584 Msfs - ok

18:27:56.0648 1584 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

18:27:56.0726 1584 mshidkmdf - ok

18:27:57.0272 1584 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

18:27:57.0319 1584 msisadrv - ok

18:27:57.0912 1584 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

18:27:58.0006 1584 MSKSSRV - ok

18:27:58.0645 1584 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

18:27:58.0708 1584 MSPCLOCK - ok

18:27:59.0269 1584 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

18:27:59.0347 1584 MSPQM - ok

18:27:59.0924 1584 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

18:27:59.0971 1584 MsRPC - ok

18:28:00.0580 1584 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

18:28:00.0626 1584 mssmbios - ok

18:28:01.0204 1584 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

18:28:01.0266 1584 MSTEE - ok

18:28:01.0812 1584 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

18:28:01.0874 1584 MTConfig - ok

18:28:02.0420 1584 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

18:28:02.0467 1584 Mup - ok

18:28:03.0060 1584 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

18:28:03.0138 1584 NativeWifiP - ok

18:28:03.0731 1584 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

18:28:03.0824 1584 NDIS - ok

18:28:04.0433 1584 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

18:28:04.0542 1584 NdisCap - ok

18:28:05.0135 1584 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

18:28:05.0213 1584 NdisTapi - ok

18:28:05.0806 1584 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

18:28:05.0884 1584 Ndisuio - ok

18:28:06.0445 1584 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

18:28:06.0555 1584 NdisWan - ok

18:28:07.0179 1584 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

18:28:07.0272 1584 NDProxy - ok

18:28:07.0865 1584 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

18:28:07.0959 1584 NetBIOS - ok

18:28:08.0567 1584 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

18:28:08.0692 1584 NetBT - ok

18:28:09.0425 1584 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

18:28:09.0612 1584 netw5v32 - ok

18:28:10.0189 1584 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

18:28:10.0236 1584 nfrd960 - ok

18:28:10.0813 1584 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

18:28:10.0891 1584 NisDrv - ok

18:28:11.0562 1584 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys

18:28:14.0885 1584 NPF - ok

18:28:15.0493 1584 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

18:28:15.0587 1584 Npfs - ok

18:28:16.0164 1584 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

18:28:16.0258 1584 nsiproxy - ok

18:28:16.0897 1584 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

18:28:17.0163 1584 Ntfs - ok

18:28:18.0005 1584 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

18:28:18.0083 1584 Null - ok

18:28:18.0676 1584 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

18:28:18.0738 1584 nvraid - ok

18:28:19.0300 1584 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

18:28:19.0362 1584 nvstor - ok

18:28:19.0924 1584 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

18:28:19.0986 1584 nv_agp - ok

18:28:20.0563 1584 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA001Ufd.sys

18:28:20.0657 1584 OA001Ufd - ok

18:28:21.0234 1584 OA001Vid (4075063d25af9da64101769854b83787) C:\Windows\system32\DRIVERS\OA001Vid.sys

18:28:21.0281 1584 OA001Vid - ok

18:28:21.0843 1584 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

18:28:21.0936 1584 ohci1394 - ok

18:28:22.0529 1584 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

18:28:22.0576 1584 Parport - ok

18:28:23.0153 1584 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

18:28:23.0200 1584 partmgr - ok

18:28:23.0777 1584 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

18:28:23.0839 1584 Parvdm - ok

18:28:24.0401 1584 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

18:28:24.0463 1584 pci - ok

18:28:25.0041 1584 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

18:28:25.0087 1584 pciide - ok

18:28:25.0665 1584 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

18:28:25.0711 1584 pcmcia - ok

18:28:26.0289 1584 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

18:28:26.0335 1584 pcw - ok

18:28:26.0928 1584 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

18:28:27.0037 1584 PEAUTH - ok

18:28:27.0724 1584 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

18:28:27.0817 1584 PptpMiniport - ok

18:28:28.0363 1584 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

18:28:28.0410 1584 Processor - ok

18:28:29.0019 1584 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

18:28:29.0112 1584 Psched - ok

18:28:29.0705 1584 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys

18:28:29.0752 1584 PxHelp20 - ok

18:28:30.0376 1584 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

18:28:30.0501 1584 ql2300 - ok

18:28:31.0078 1584 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

18:28:31.0140 1584 ql40xx - ok

18:28:31.0702 1584 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

18:28:31.0764 1584 QWAVEdrv - ok

18:28:32.0326 1584 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

18:28:32.0435 1584 RasAcd - ok

18:28:33.0012 1584 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:28:33.0090 1584 RasAgileVpn - ok

18:28:33.0683 1584 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:28:33.0777 1584 Rasl2tp - ok

18:28:34.0775 1584 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

18:28:34.0869 1584 RasPppoe - ok

18:28:35.0461 1584 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

18:28:35.0555 1584 RasSstp - ok

18:28:36.0148 1584 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

18:28:36.0241 1584 rdbss - ok

18:28:36.0803 1584 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

18:28:36.0865 1584 rdpbus - ok

18:28:37.0427 1584 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:28:37.0489 1584 RDPCDD - ok

18:28:38.0145 1584 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

18:28:38.0207 1584 RDPENCDD - ok

18:28:38.0769 1584 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

18:28:38.0862 1584 RDPREFMP - ok

18:28:39.0533 1584 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

18:28:39.0658 1584 RDPWD - ok

18:28:40.0266 1584 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

18:28:40.0329 1584 rdyboost - ok

18:28:40.0921 1584 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys

18:28:40.0984 1584 rimmptsk - ok

18:28:41.0561 1584 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

18:28:41.0608 1584 rimsptsk - ok

18:28:42.0201 1584 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

18:28:42.0232 1584 rismxdp - ok

18:28:42.0887 1584 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

18:28:42.0996 1584 rspndr - ok

18:28:43.0386 1584 SASDIFSV (39763504067962108505bff25f024345) C:\Users\Caroline\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS

18:28:43.0480 1584 SASDIFSV - ok

18:28:43.0823 1584 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Users\Caroline\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS

18:28:43.0885 1584 SASKUTIL - ok

18:28:44.0478 1584 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

18:28:44.0525 1584 sbp2port - ok

18:28:45.0118 1584 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

18:28:45.0211 1584 scfilter - ok

18:28:45.0835 1584 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

18:28:45.0898 1584 sdbus - ok

18:28:46.0491 1584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

18:28:46.0584 1584 secdrv - ok

18:28:47.0177 1584 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

18:28:47.0255 1584 Serenum - ok

18:28:47.0926 1584 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

18:28:48.0035 1584 Serial - ok

18:28:48.0612 1584 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

18:28:48.0675 1584 sermouse - ok

18:28:49.0735 1584 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

18:28:49.0813 1584 sffdisk - ok

18:28:50.0422 1584 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

18:28:50.0484 1584 sffp_mmc - ok

18:28:51.0046 1584 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

18:28:51.0108 1584 sffp_sd - ok

18:28:51.0654 1584 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

18:28:51.0701 1584 sfloppy - ok

18:28:52.0278 1584 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

18:28:52.0325 1584 sisagp - ok

18:28:52.0918 1584 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:28:52.0965 1584 SiSRaid2 - ok

18:28:53.0511 1584 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

18:28:53.0557 1584 SiSRaid4 - ok

18:28:54.0150 1584 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

18:28:54.0244 1584 Smb - ok

18:28:55.0008 1584 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

18:28:55.0055 1584 spldr - ok

18:28:55.0804 1584 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

18:28:55.0882 1584 srv - ok

18:28:56.0443 1584 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

18:28:56.0506 1584 srv2 - ok

18:28:57.0099 1584 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

18:28:57.0161 1584 srvnet - ok

18:28:57.0769 1584 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

18:28:57.0816 1584 stexstor - ok

18:28:58.0487 1584 STHDA (666954876b4c973eee61b1b2332b58c4) C:\Windows\system32\DRIVERS\stwrt.sys

18:28:58.0565 1584 STHDA - ok

18:28:59.0173 1584 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

18:28:59.0220 1584 swenum - ok

18:28:59.0922 1584 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

18:29:00.0031 1584 Tcpip - ok

18:29:00.0655 1584 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

18:29:00.0765 1584 TCPIP6 - ok

18:29:01.0326 1584 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

18:29:01.0404 1584 tcpipreg - ok

18:29:01.0966 1584 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

18:29:02.0044 1584 TDPIPE - ok

18:29:02.0605 1584 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

18:29:02.0683 1584 TDTCP - ok

18:29:03.0276 1584 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

18:29:03.0370 1584 tdx - ok

18:29:04.0540 1584 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

18:29:04.0602 1584 TermDD - ok

18:29:05.0257 1584 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:29:05.0351 1584 tssecsrv - ok

18:29:05.0959 1584 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

18:29:06.0037 1584 TsUsbFlt - ok

18:29:06.0615 1584 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

18:29:06.0724 1584 tunnel - ok

18:29:07.0270 1584 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

18:29:07.0332 1584 uagp35 - ok

18:29:07.0909 1584 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

18:29:08.0003 1584 udfs - ok

18:29:08.0580 1584 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

18:29:08.0627 1584 uliagpkx - ok

18:29:09.0313 1584 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

18:29:09.0391 1584 umbus - ok

18:29:09.0953 1584 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

18:29:10.0000 1584 UmPass - ok

18:29:10.0608 1584 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

18:29:10.0671 1584 USBAAPL - ok

18:29:11.0263 1584 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

18:29:11.0341 1584 usbccgp - ok

18:29:11.0919 1584 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

18:29:11.0981 1584 usbcir - ok

18:29:12.0558 1584 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys

18:29:12.0605 1584 usbehci - ok

18:29:13.0213 1584 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

18:29:13.0276 1584 usbhub - ok

18:29:14.0352 1584 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys

18:29:14.0383 1584 usbohci - ok

18:29:14.0976 1584 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

18:29:15.0023 1584 usbprint - ok

18:29:15.0585 1584 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:29:15.0647 1584 USBSTOR - ok

18:29:16.0209 1584 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys

18:29:16.0255 1584 usbuhci - ok

18:29:16.0864 1584 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

18:29:16.0911 1584 vdrvroot - ok

18:29:17.0488 1584 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

18:29:17.0566 1584 vga - ok

18:29:18.0143 1584 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

18:29:18.0221 1584 VgaSave - ok

18:29:18.0798 1584 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

18:29:18.0845 1584 vhdmp - ok

18:29:19.0453 1584 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

18:29:19.0516 1584 viaagp - ok

18:29:20.0093 1584 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

18:29:20.0140 1584 ViaC7 - ok

18:29:21.0123 1584 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

18:29:21.0169 1584 viaide - ok

18:29:21.0762 1584 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

18:29:21.0809 1584 volmgr - ok

18:29:22.0386 1584 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

18:29:22.0449 1584 volmgrx - ok

18:29:23.0010 1584 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

18:29:23.0057 1584 volsnap - ok

18:29:23.0650 1584 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

18:29:23.0697 1584 vsmraid - ok

18:29:24.0367 1584 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

18:29:24.0414 1584 vwifibus - ok

18:29:25.0007 1584 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

18:29:25.0069 1584 WacomPen - ok

18:29:25.0647 1584 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

18:29:25.0740 1584 WANARP - ok

18:29:25.0771 1584 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

18:29:25.0865 1584 Wanarpv6 - ok

18:29:26.0458 1584 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

18:29:26.0505 1584 Wd - ok

18:29:27.0082 1584 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

18:29:27.0160 1584 Wdf01000 - ok

18:29:28.0127 1584 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

18:29:28.0205 1584 WfpLwf - ok

18:29:28.0767 1584 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

18:29:28.0813 1584 WIMMount - ok

18:29:29.0484 1584 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

18:29:29.0562 1584 WinUsb - ok

18:29:30.0139 1584 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

18:29:30.0202 1584 WmiAcpi - ok

18:29:30.0826 1584 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

18:29:30.0919 1584 ws2ifsl - ok

18:29:31.0512 1584 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

18:29:31.0575 1584 WSDPrintDevice - ok

18:29:32.0136 1584 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

18:29:32.0214 1584 WudfPf - ok

18:29:32.0807 1584 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:29:32.0916 1584 WUDFRd - ok

18:29:33.0213 1584 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\CyberLink\PowerDVD DX\000.fcl

18:29:33.0696 1584 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok

18:29:33.0805 1584 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

18:29:33.0946 1584 \Device\Harddisk1\DR1 - ok

18:29:34.0242 1584 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

18:29:34.0445 1584 \Device\Harddisk0\DR0 - ok

18:29:34.0476 1584 Boot (0x1200) (7d2beab5ac87541e1ba9f98c0be75a3f) \Device\Harddisk1\DR1\Partition0

18:29:34.0476 1584 \Device\Harddisk1\DR1\Partition0 - ok

18:29:34.0476 1584 Boot (0x1200) (93d94efad9dabc34885946e720089be0) \Device\Harddisk1\DR1\Partition1

18:29:34.0476 1584 \Device\Harddisk1\DR1\Partition1 - ok

18:29:34.0523 1584 Boot (0x1200) (422fb10e1e9f58efbc1f6c0a6d1e1b4b) \Device\Harddisk0\DR0\Partition0

18:29:34.0523 1584 \Device\Harddisk0\DR0\Partition0 - ok

18:29:34.0523 1584 ============================================================

18:29:34.0523 1584 Scan finished

18:29:34.0523 1584 ============================================================

18:29:34.0554 5728 Detected object count: 1

18:29:34.0554 5728 Actual detected object count: 1

18:30:40.0262 5728 HKLM\SYSTEM\ControlSet001\services\9143f4db - will be deleted on reboot

18:30:40.0605 5728 HKLM\SYSTEM\ControlSet002\services\9143f4db - will be deleted on reboot

18:30:40.0667 5728 C:\Windows\3690218385:1857817380.exe - will be deleted on reboot

18:30:40.0667 5728 9143f4db ( HiddenFile.Multi.Generic ) - User select action: Delete

18:31:18.0450 2128 Deinitialize success

Link to post
Share on other sites

Ok sorry I ignored the warnings about waiting until I get a response and ran combofix... log as follows

---

ComboFix 11-09-29.02 - Caroline 29/09/2011 22:10:56.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3037.2051 [GMT 10:00]

Running from: c:\users\Caroline\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Caroline\Desktop\Setup.exe

c:\windows\$NtUninstallKB39527$

c:\windows\$NtUninstallKB39527$\2437149915\@

c:\windows\$NtUninstallKB39527$\2437149915\click.tlb

c:\windows\$NtUninstallKB39527$\2437149915\L\lsondcac

c:\windows\$NtUninstallKB39527$\2437149915\loader.tlb

c:\windows\$NtUninstallKB39527$\2437149915\U\@00000001

c:\windows\$NtUninstallKB39527$\2437149915\U\@000000c0

c:\windows\$NtUninstallKB39527$\2437149915\U\@000000cb

c:\windows\$NtUninstallKB39527$\2437149915\U\@000000cf

c:\windows\$NtUninstallKB39527$\2437149915\U\@80000000

c:\windows\$NtUninstallKB39527$\2437149915\U\@800000c0

c:\windows\$NtUninstallKB39527$\2437149915\U\@800000cb

c:\windows\$NtUninstallKB39527$\2437149915\U\@800000cf

c:\windows\$NtUninstallKB39527$\313307960

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\3690218385

c:\windows\jestertb.dll

c:\windows\system32\

c:\windows\system32\c_78923.nls

c:\windows\winhelp.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))

.

.

2011-09-29 12:23 . 2011-09-29 12:27 -------- d-----w- c:\users\Caroline\AppData\Local\temp

2011-09-29 12:23 . 2011-09-29 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-29 12:08 . 2011-09-29 12:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79A1996C-3F07-40FF-B06E-6BA3CCB6D568}\offreg.dll

2011-09-29 12:06 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-09-29 10:25 . 2011-09-29 10:25 -------- d-----w- c:\program files\ESET

2011-09-29 08:39 . 2011-08-31 07:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 08:14 . 2011-09-29 08:14 388096 ----a-r- c:\users\Caroline\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-29 08:14 . 2011-09-29 08:14 -------- d-----w- c:\program files\Trend Micro

2011-09-29 06:45 . 2011-09-29 06:45 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E732726F-C866-4A97-A1B8-097C733D4CF8}\gapaengine.dll

2011-09-29 06:45 . 2011-09-12 06:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79A1996C-3F07-40FF-B06E-6BA3CCB6D568}\mpengine.dll

2011-09-29 06:29 . 2011-09-29 06:30 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-29 03:33 . 2011-09-29 03:33 -------- d-----w- C:\TDSSKiller_Quarantine

2011-09-29 02:39 . 2010-09-07 05:39 150392 ----a-w- c:\windows\junction.exe

2011-09-29 01:02 . 2011-09-29 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 00:47 . 2011-09-29 00:47 -------- d-----w- C:\autoruns

2011-09-28 06:40 . 2011-09-28 06:40 -------- d-----w- c:\users\Caroline\AppData\Roaming\SUPERAntiSpyware.com

2011-09-28 06:40 . 2011-09-28 06:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-28 06:19 . 2011-09-28 06:19 -------- d-----w- c:\users\Caroline\AppData\Roaming\Malwarebytes

2011-09-28 06:18 . 2011-09-28 06:18 -------- d-----w- c:\programdata\Malwarebytes

2011-09-27 07:48 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F899A3E5-FF22-4399-BA1F-3C7ACEAC2E41}\mpengine.dll

2011-09-27 02:26 . 2011-09-27 02:26 -------- d-----w- c:\windows\system32\SPReview

2011-09-26 08:10 . 2011-09-26 08:10 -------- d-----w- c:\users\Caroline\AppData\Roaming\QuickScan

2011-09-26 08:04 . 2011-09-29 00:03 -------- d-----w- c:\users\Caroline\AppData\Local\Conduit

2011-09-26 04:52 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-09-03 13:49 . 2011-09-03 13:49 -------- d-----w- c:\users\Caroline\AppData\Roaming\Media Player Classic

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-29 03:34 . 2009-07-13 23:11 35328 ----a-w- c:\windows\system32\drivers\npfs.sys

2011-09-29 02:34 . 2011-08-13 09:13 74752 ----a-w- c:\windows\system32\drivers\tdx.sys

2011-09-29 00:42 . 2011-09-29 00:44 625100 ----a-w- C:\Autoruns.zip

2011-09-27 02:37 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-08-10 10:40 . 2011-08-10 10:40 443 ----a-w- c:\users\Caroline\AppData\Local\Win7_Upgrade.bat

2011-07-22 04:54 . 2011-08-10 09:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27 . 2011-08-10 09:43 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:15 . 2011-08-10 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:17 . 2011-08-10 09:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-10 09:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-10 09:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-10 09:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29 . 2011-08-23 21:52 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30 . 2011-08-10 09:51 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-27 233472]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"CamAppSTI.exe"="c:\program files\USB2.0 PC Camera\CamAppSTI.exe" [2009-01-04 28672]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2008-12-17 14848]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-12 198160]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"VolPanel"="c:\program files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-12-09 237693]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

c:\users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-2 969792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-07-16 07:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 MpKslf5aeba2e;MpKslf5aeba2e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79A1996C-3F07-40FF-B06E-6BA3CCB6D568}\MpKslf5aeba2e.sys [x]

R1 SASDIFSV;SASDIFSV;c:\users\Caroline\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\Caroline\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 124180]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 129784]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-07-16 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-16 79360]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-26 102784]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-27 116736]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 129784]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-07-16 79360]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-16 1343400]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/08/10 20:20];c:\program files\CyberLink\PowerDVD DX\000.fcl [2009-06-24 10:19 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\aestsrv.exe [2009-03-02 79176]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 173500]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-16 1659396]

S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 227012]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-16 482176]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-05 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - AvgTdiX

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 05:26]

.

2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 05:26]

.

2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830190901-1196825469-921618408-1000Core.job

- c:\users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 01:41]

.

2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830190901-1196825469-921618408-1000UA.job

- c:\users\Caroline\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 01:41]

.

2011-01-05 c:\windows\Tasks\User_Feed_Synchronization-{3014F0BA-7AEA-44EA-98C1-A5AA4282AE2D}.job

- c:\windows\system32\msfeedssync.exe [2011-08-13 12:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\rxnwi4b5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc923c0&v=6.103.018.001&i=23&tp=ab&iy=&ychte=au&lng=en-GB&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}

FF - Ext: Zoodles: firefox@zoodles.com - %profile%\extensions\firefox@zoodles.com

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-04577047.sys

SafeBoot-19798193.sys

SafeBoot-47375347.sys

SafeBoot-57021256.sys

SafeBoot-58419602.sys

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3344)

c:\users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7f2308f435f2c4c1\STacSV.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-09-29 22:33:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-29 12:33

.

Pre-Run: 91,985,932,288 bytes free

Post-Run: 92,486,873,088 bytes free

.

- - End Of File - - AB767B3FF158552706A70078E5B2EAE7

Link to post
Share on other sites

No luck with Overnight scan... after 8 hrs still at 2% so aborted (microsoft SE). During a full scan with MBAM now - seems to be very slow.

Paused and did RKill - log:

---

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 30/09/2011 at 9:21:22.

Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

C:\ProgramData\DatacardService\DCService.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe

Rkill completed on 30/09/2011 at 9:22:51.

Link to post
Share on other sites

  • Staff

Thanks for letting us know.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.