Jump to content

Recommended Posts

My wifes computer has some issues with Google redirects in several browsers for a while now. Ran a few diagnostic tools.

Below are DDS.txt and attach.txt. I will post latest MBAM log in next post.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Michelle at 23:51:06 on 2011-10-26

.

============== Running Processes ===============

.

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\SysWOW64\brsvc01a.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\SysWOW64\brss01a.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files (x86)\itunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7E8PCPG\dds.scr

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081206

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File

TB: {A10EE5E6-56FA-4E89-91E9-D84263448359} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Google Sidewiki...

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{13FEF5EC-4156-4F3B-BED8-6C6CECC86475} : DhcpNameServer = 192.168.1.1 68.237.161.12

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

BHO-X64: Browser Address Error Redirector - No File

BHO-X64: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File

TB-X64: {A10EE5E6-56FA-4E89-91E9-D84263448359} - No File

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R? AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7

R? AERTFilters;Andrea RT Filters Service

R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? DockLoginService;Dock Login Service

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? McComponentHostService;McAfee Security Scan Component Host Service

R? PerfHost;Performance Counter DLL Host

R? pmxmouse;pmxmouse

R? pmxusblf;pmxusblf

R? SBSDWSCService;SBSD Security Center Service

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? AntiVirSchedulerService;Avira AntiVir Scheduler

S? AntiVirService;Avira AntiVir Guard

S? avgntflt;avgntflt

S? FontCache;Windows Font Cache Service

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? Point64;Microsoft IntelliPoint Filter Driver

S? PxHlpa64;PxHlpa64

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-10-27 01:46:59 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

.

==================== Find3M ====================

.

2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-22 17:53:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 23:59:20.75 ===============

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8026

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/26/2011 10:56:16 PM

mbam-log-2011-10-26 (22-56-16).txt

Scan type: Full scan (C:\|)

Objects scanned: 382853

Time elapsed: 1 hour(s), 8 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

attach.txt

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Did all that you stated, but nothing was found. Here are a couple of newer things that seem to be going wrong as I have been using this computer in addition to the Google Redirects. I hope this provides some additional clues. (These new items started before I ran the last set of instructions you gave me.

Current problems

1. Search on Google in either IE or Firefox, click on link and it takes me to different pages

2. My 32 bit versions of Firefox and IE keep crashing on launch. They are being prevented from running by DEP (Data Execution Prevention). I have not turned this feature off.

3. I am getting the occastional memory access violation by Teatimer.exe.

Thanks in advance for your help.

--------------------------------------------------------------------------------------------------------------

12:14:04.0583 2480 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

12:14:04.0646 2480 ============================================================

12:14:04.0646 2480 Current date / time: 2011/10/29 12:14:04.0646

12:14:04.0646 2480 SystemInfo:

12:14:04.0646 2480

12:14:04.0646 2480 OS Version: 6.0.6002 ServicePack: 2.0

12:14:04.0646 2480 Product type: Workstation

12:14:04.0646 2480 ComputerName: UPSTAIRS

12:14:04.0646 2480 UserName: Michelle

12:14:04.0646 2480 Windows directory: C:\Windows

12:14:04.0646 2480 System windows directory: C:\Windows

12:14:04.0646 2480 Running under WOW64

12:14:04.0646 2480 Processor architecture: Intel x64

12:14:04.0646 2480 Number of processors: 4

12:14:04.0646 2480 Page size: 0x1000

12:14:04.0646 2480 Boot type: Normal boot

12:14:04.0646 2480 ============================================================

12:14:05.0316 2480 Initialize success

12:14:13.0070 4368 ============================================================

12:14:13.0070 4368 Scan started

12:14:13.0070 4368 Mode: Manual; SigCheck; TDLFS;

12:14:13.0070 4368 ============================================================

12:14:13.0772 4368 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

12:14:13.0850 4368 ACPI - ok

12:14:13.0912 4368 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

12:14:13.0943 4368 adfs - ok

12:14:13.0990 4368 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

12:14:14.0006 4368 adp94xx - ok

12:14:14.0037 4368 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

12:14:14.0052 4368 adpahci - ok

12:14:14.0068 4368 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

12:14:14.0084 4368 adpu160m - ok

12:14:14.0099 4368 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

12:14:14.0115 4368 adpu320 - ok

12:14:14.0208 4368 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

12:14:14.0224 4368 AFD - ok

12:14:14.0255 4368 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

12:14:14.0255 4368 agp440 - ok

12:14:14.0271 4368 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

12:14:14.0286 4368 aic78xx - ok

12:14:14.0302 4368 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

12:14:14.0318 4368 aliide - ok

12:14:14.0333 4368 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

12:14:14.0333 4368 amdide - ok

12:14:14.0364 4368 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

12:14:14.0396 4368 AmdK8 - ok

12:14:14.0458 4368 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

12:14:14.0474 4368 arc - ok

12:14:14.0474 4368 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

12:14:14.0489 4368 arcsas - ok

12:14:14.0505 4368 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

12:14:14.0536 4368 AsyncMac - ok

12:14:14.0567 4368 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

12:14:14.0583 4368 atapi - ok

12:14:14.0676 4368 atikmdag (2dddf9b8759ad74d7509b3d4ecbd2088) C:\Windows\system32\DRIVERS\atikmdag.sys

12:14:14.0817 4368 atikmdag - ok

12:14:14.0864 4368 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

12:14:14.0879 4368 avgntflt - ok

12:14:14.0895 4368 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

12:14:14.0910 4368 avipbb - ok

12:14:14.0910 4368 Beep - ok

12:14:14.0926 4368 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

12:14:14.0973 4368 blbdrive - ok

12:14:15.0004 4368 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

12:14:15.0020 4368 bowser - ok

12:14:15.0035 4368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

12:14:15.0051 4368 BrFiltLo - ok

12:14:15.0066 4368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

12:14:15.0082 4368 BrFiltUp - ok

12:14:15.0113 4368 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

12:14:15.0160 4368 Brserid - ok

12:14:15.0191 4368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

12:14:15.0222 4368 BrSerWdm - ok

12:14:15.0238 4368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

12:14:15.0269 4368 BrUsbMdm - ok

12:14:15.0285 4368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

12:14:15.0332 4368 BrUsbSer - ok

12:14:15.0347 4368 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

12:14:15.0394 4368 BTHMODEM - ok

12:14:15.0410 4368 catchme - ok

12:14:15.0425 4368 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

12:14:15.0441 4368 cdfs - ok

12:14:15.0472 4368 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

12:14:15.0503 4368 cdrom - ok

12:14:15.0503 4368 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

12:14:15.0534 4368 circlass - ok

12:14:15.0581 4368 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

12:14:15.0597 4368 CLFS - ok

12:14:15.0612 4368 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

12:14:15.0628 4368 cmdide - ok

12:14:15.0644 4368 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

12:14:15.0644 4368 Compbatt - ok

12:14:15.0659 4368 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

12:14:15.0675 4368 crcdisk - ok

12:14:15.0706 4368 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

12:14:15.0722 4368 DfsC - ok

12:14:15.0753 4368 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

12:14:15.0753 4368 disk - ok

12:14:15.0800 4368 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

12:14:15.0815 4368 drmkaud - ok

12:14:15.0862 4368 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

12:14:15.0878 4368 DXGKrnl - ok

12:14:15.0909 4368 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys

12:14:15.0924 4368 e1express - ok

12:14:15.0940 4368 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

12:14:15.0971 4368 E1G60 - ok

12:14:16.0018 4368 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

12:14:16.0034 4368 Ecache - ok

12:14:16.0065 4368 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

12:14:16.0080 4368 elxstor - ok

12:14:16.0112 4368 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

12:14:16.0143 4368 ErrDev - ok

12:14:16.0221 4368 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

12:14:16.0221 4368 exfat - ok

12:14:16.0252 4368 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

12:14:16.0283 4368 fastfat - ok

12:14:16.0361 4368 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

12:14:16.0392 4368 fdc - ok

12:14:16.0392 4368 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

12:14:16.0408 4368 FileInfo - ok

12:14:16.0424 4368 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

12:14:16.0455 4368 Filetrace - ok

12:14:16.0470 4368 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

12:14:16.0502 4368 flpydisk - ok

12:14:16.0533 4368 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

12:14:16.0548 4368 FltMgr - ok

12:14:16.0564 4368 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

12:14:16.0580 4368 Fs_Rec - ok

12:14:16.0611 4368 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

12:14:16.0626 4368 gagp30kx - ok

12:14:16.0642 4368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:14:16.0658 4368 GEARAspiWDM - ok

12:14:16.0720 4368 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

12:14:16.0736 4368 HdAudAddService - ok

12:14:16.0767 4368 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:14:16.0814 4368 HDAudBus - ok

12:14:16.0829 4368 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

12:14:16.0860 4368 HidBth - ok

12:14:16.0876 4368 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

12:14:16.0923 4368 HidIr - ok

12:14:16.0938 4368 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

12:14:16.0970 4368 HidUsb - ok

12:14:17.0001 4368 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

12:14:17.0001 4368 HpCISSs - ok

12:14:17.0048 4368 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

12:14:17.0063 4368 HTTP - ok

12:14:17.0063 4368 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

12:14:17.0079 4368 i2omp - ok

12:14:17.0094 4368 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

12:14:17.0110 4368 i8042prt - ok

12:14:17.0126 4368 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

12:14:17.0141 4368 iaStorV - ok

12:14:17.0157 4368 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

12:14:17.0172 4368 iirsp - ok

12:14:17.0250 4368 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys

12:14:17.0282 4368 IntcAzAudAddService - ok

12:14:17.0344 4368 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

12:14:17.0344 4368 intelide - ok

12:14:17.0360 4368 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

12:14:17.0375 4368 intelppm - ok

12:14:17.0422 4368 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:14:17.0453 4368 IpFilterDriver - ok

12:14:17.0469 4368 IpInIp - ok

12:14:17.0484 4368 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

12:14:17.0516 4368 IPMIDRV - ok

12:14:17.0531 4368 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

12:14:17.0578 4368 IPNAT - ok

12:14:17.0594 4368 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

12:14:17.0625 4368 IRENUM - ok

12:14:17.0640 4368 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

12:14:17.0656 4368 isapnp - ok

12:14:17.0687 4368 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

12:14:17.0703 4368 iScsiPrt - ok

12:14:17.0703 4368 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

12:14:17.0718 4368 iteatapi - ok

12:14:17.0718 4368 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

12:14:17.0734 4368 iteraid - ok

12:14:17.0765 4368 Iviaspi (cfe46dd772cc2e158ce8107416bee5c6) C:\Windows\system32\drivers\Iviaspi.sys

12:14:17.0765 4368 Iviaspi - ok

12:14:17.0796 4368 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

12:14:17.0796 4368 kbdclass - ok

12:14:17.0812 4368 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

12:14:17.0843 4368 kbdhid - ok

12:14:17.0874 4368 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

12:14:17.0890 4368 KSecDD - ok

12:14:17.0906 4368 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

12:14:17.0921 4368 ksthunk - ok

12:14:17.0952 4368 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

12:14:17.0984 4368 lltdio - ok

12:14:18.0015 4368 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

12:14:18.0015 4368 LSI_FC - ok

12:14:18.0030 4368 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

12:14:18.0046 4368 LSI_SAS - ok

12:14:18.0062 4368 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

12:14:18.0062 4368 LSI_SCSI - ok

12:14:18.0077 4368 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

12:14:18.0108 4368 luafv - ok

12:14:18.0124 4368 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

12:14:18.0140 4368 MBAMProtector - ok

12:14:18.0171 4368 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

12:14:18.0171 4368 megasas - ok

12:14:18.0233 4368 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

12:14:18.0249 4368 MegaSR - ok

12:14:18.0280 4368 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

12:14:18.0311 4368 Modem - ok

12:14:18.0342 4368 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

12:14:18.0374 4368 monitor - ok

12:14:18.0389 4368 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

12:14:18.0389 4368 mouclass - ok

12:14:18.0420 4368 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

12:14:18.0452 4368 mouhid - ok

12:14:18.0467 4368 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

12:14:18.0483 4368 MountMgr - ok

12:14:18.0498 4368 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

12:14:18.0514 4368 mpio - ok

12:14:18.0514 4368 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

12:14:18.0545 4368 mpsdrv - ok

12:14:18.0561 4368 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

12:14:18.0561 4368 Mraid35x - ok

12:14:18.0592 4368 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

12:14:18.0608 4368 MRxDAV - ok

12:14:18.0639 4368 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:14:18.0654 4368 mrxsmb - ok

12:14:18.0654 4368 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:14:18.0670 4368 mrxsmb10 - ok

12:14:18.0686 4368 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:14:18.0701 4368 mrxsmb20 - ok

12:14:18.0717 4368 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

12:14:18.0717 4368 msahci - ok

12:14:18.0732 4368 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

12:14:18.0732 4368 msdsm - ok

12:14:18.0764 4368 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

12:14:18.0795 4368 Msfs - ok

12:14:18.0795 4368 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

12:14:18.0810 4368 msisadrv - ok

12:14:18.0826 4368 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

12:14:18.0857 4368 MSKSSRV - ok

12:14:18.0857 4368 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

12:14:18.0888 4368 MSPCLOCK - ok

12:14:18.0904 4368 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

12:14:18.0920 4368 MSPQM - ok

12:14:18.0966 4368 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

12:14:18.0966 4368 MsRPC - ok

12:14:18.0982 4368 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

12:14:18.0998 4368 mssmbios - ok

12:14:19.0013 4368 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

12:14:19.0029 4368 MSTEE - ok

12:14:19.0044 4368 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

12:14:19.0060 4368 Mup - ok

12:14:19.0107 4368 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

12:14:19.0107 4368 NativeWifiP - ok

12:14:19.0154 4368 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

12:14:19.0169 4368 NDIS - ok

12:14:19.0216 4368 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

12:14:19.0232 4368 NdisTapi - ok

12:14:19.0278 4368 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

12:14:19.0310 4368 Ndisuio - ok

12:14:19.0341 4368 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

12:14:19.0372 4368 NdisWan - ok

12:14:19.0403 4368 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

12:14:19.0419 4368 NDProxy - ok

12:14:19.0419 4368 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

12:14:19.0450 4368 NetBIOS - ok

12:14:19.0497 4368 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

12:14:19.0512 4368 netbt - ok

12:14:19.0528 4368 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

12:14:19.0544 4368 nfrd960 - ok

12:14:19.0559 4368 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

12:14:19.0590 4368 Npfs - ok

12:14:19.0590 4368 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

12:14:19.0622 4368 nsiproxy - ok

12:14:19.0668 4368 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

12:14:19.0731 4368 Ntfs - ok

12:14:19.0793 4368 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys

12:14:19.0793 4368 NuidFltr - ok

12:14:19.0809 4368 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

12:14:19.0840 4368 Null - ok

12:14:19.0856 4368 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

12:14:19.0856 4368 nvraid - ok

12:14:19.0871 4368 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

12:14:19.0887 4368 nvstor - ok

12:14:19.0887 4368 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

12:14:19.0902 4368 nv_agp - ok

12:14:19.0902 4368 NwlnkFlt - ok

12:14:19.0918 4368 NwlnkFwd - ok

12:14:19.0949 4368 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

12:14:19.0996 4368 ohci1394 - ok

12:14:20.0027 4368 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys

12:14:20.0043 4368 Packet - ok

12:14:20.0058 4368 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

12:14:20.0090 4368 Parport - ok

12:14:20.0121 4368 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

12:14:20.0121 4368 partmgr - ok

12:14:20.0152 4368 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

12:14:20.0168 4368 pci - ok

12:14:20.0199 4368 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

12:14:20.0214 4368 pciide - ok

12:14:20.0261 4368 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

12:14:20.0277 4368 pcmcia - ok

12:14:20.0308 4368 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

12:14:20.0355 4368 PEAUTH - ok

12:14:20.0402 4368 pmxmouse (95cfc57970275e9445f7f9eaa6030a7e) C:\Windows\system32\DRIVERS\pmxmouse.sys

12:14:20.0402 4368 pmxmouse - ok

12:14:20.0417 4368 pmxusblf (5bd4334a61ec1c17a24b5b160a693427) C:\Windows\system32\DRIVERS\pmxusblf.sys

12:14:20.0433 4368 pmxusblf - ok

12:14:20.0480 4368 Point64 (24c4a668c1b574ebaf7126ab68f96012) C:\Windows\system32\DRIVERS\point64k.sys

12:14:20.0480 4368 Point64 - ok

12:14:20.0526 4368 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

12:14:20.0542 4368 PptpMiniport - ok

12:14:20.0558 4368 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

12:14:20.0589 4368 Processor - ok

12:14:20.0636 4368 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

12:14:20.0651 4368 PSched - ok

12:14:20.0682 4368 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

12:14:20.0698 4368 PxHlpa64 - ok

12:14:20.0760 4368 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

12:14:20.0776 4368 ql2300 - ok

12:14:20.0807 4368 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

12:14:20.0807 4368 ql40xx - ok

12:14:20.0838 4368 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

12:14:20.0854 4368 QWAVEdrv - ok

12:14:20.0948 4368 R300 (2dddf9b8759ad74d7509b3d4ecbd2088) C:\Windows\system32\DRIVERS\atikmdag.sys

12:14:21.0057 4368 R300 - ok

12:14:21.0088 4368 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

12:14:21.0119 4368 RasAcd - ok

12:14:21.0135 4368 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:14:21.0150 4368 Rasl2tp - ok

12:14:21.0182 4368 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

12:14:21.0197 4368 RasPppoe - ok

12:14:21.0228 4368 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

12:14:21.0244 4368 RasSstp - ok

12:14:21.0306 4368 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

12:14:21.0322 4368 rdbss - ok

12:14:21.0338 4368 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:14:21.0369 4368 RDPCDD - ok

12:14:21.0384 4368 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

12:14:21.0416 4368 rdpdr - ok

12:14:21.0416 4368 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

12:14:21.0447 4368 RDPENCDD - ok

12:14:21.0462 4368 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

12:14:21.0494 4368 RDPWD - ok

12:14:21.0525 4368 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

12:14:21.0540 4368 rspndr - ok

12:14:21.0572 4368 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

12:14:21.0587 4368 sbp2port - ok

12:14:21.0618 4368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:14:21.0650 4368 secdrv - ok

12:14:21.0681 4368 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

12:14:21.0728 4368 Serenum - ok

12:14:21.0728 4368 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

12:14:21.0774 4368 Serial - ok

12:14:21.0790 4368 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

12:14:21.0821 4368 sermouse - ok

12:14:21.0837 4368 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

12:14:21.0868 4368 sffdisk - ok

12:14:21.0884 4368 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

12:14:21.0899 4368 sffp_mmc - ok

12:14:21.0915 4368 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

12:14:21.0946 4368 sffp_sd - ok

12:14:21.0962 4368 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

12:14:21.0993 4368 sfloppy - ok

12:14:22.0024 4368 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

12:14:22.0024 4368 SiSRaid2 - ok

12:14:22.0040 4368 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

12:14:22.0040 4368 SiSRaid4 - ok

12:14:22.0086 4368 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

12:14:22.0102 4368 Smb - ok

12:14:22.0133 4368 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

12:14:22.0133 4368 spldr - ok

12:14:22.0164 4368 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

12:14:22.0180 4368 srv - ok

12:14:22.0211 4368 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

12:14:22.0227 4368 srv2 - ok

12:14:22.0227 4368 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

12:14:22.0242 4368 srvnet - ok

12:14:22.0274 4368 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

12:14:22.0289 4368 swenum - ok

12:14:22.0305 4368 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

12:14:22.0320 4368 Symc8xx - ok

12:14:22.0336 4368 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

12:14:22.0336 4368 Sym_hi - ok

12:14:22.0352 4368 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

12:14:22.0367 4368 Sym_u3 - ok

12:14:22.0414 4368 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

12:14:22.0445 4368 Tcpip - ok

12:14:22.0492 4368 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

12:14:22.0523 4368 Tcpip6 - ok

12:14:22.0586 4368 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

12:14:22.0601 4368 tcpipreg - ok

12:14:22.0617 4368 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

12:14:22.0648 4368 TDPIPE - ok

12:14:22.0664 4368 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

12:14:22.0710 4368 TDTCP - ok

12:14:22.0726 4368 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

12:14:22.0757 4368 tdx - ok

12:14:22.0773 4368 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

12:14:22.0788 4368 TermDD - ok

12:14:22.0820 4368 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:14:22.0851 4368 tssecsrv - ok

12:14:22.0851 4368 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

12:14:22.0866 4368 tunmp - ok

12:14:22.0898 4368 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

12:14:22.0913 4368 tunnel - ok

12:14:22.0929 4368 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

12:14:22.0929 4368 uagp35 - ok

12:14:22.0976 4368 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

12:14:22.0991 4368 udfs - ok

12:14:23.0007 4368 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

12:14:23.0022 4368 uliagpkx - ok

12:14:23.0038 4368 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

12:14:23.0054 4368 uliahci - ok

12:14:23.0069 4368 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

12:14:23.0069 4368 UlSata - ok

12:14:23.0085 4368 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

12:14:23.0100 4368 ulsata2 - ok

12:14:23.0116 4368 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

12:14:23.0132 4368 umbus - ok

12:14:23.0178 4368 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

12:14:23.0194 4368 usbccgp - ok

12:14:23.0210 4368 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

12:14:23.0256 4368 usbcir - ok

12:14:23.0303 4368 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

12:14:23.0319 4368 usbehci - ok

12:14:23.0350 4368 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

12:14:23.0381 4368 usbhub - ok

12:14:23.0397 4368 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

12:14:23.0428 4368 usbohci - ok

12:14:23.0459 4368 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

12:14:23.0490 4368 usbprint - ok

12:14:23.0522 4368 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

12:14:23.0537 4368 usbscan - ok

12:14:23.0553 4368 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:14:23.0584 4368 USBSTOR - ok

12:14:23.0600 4368 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

12:14:23.0631 4368 usbuhci - ok

12:14:23.0646 4368 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

12:14:23.0662 4368 vga - ok

12:14:23.0678 4368 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

12:14:23.0709 4368 VgaSave - ok

12:14:23.0724 4368 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

12:14:23.0724 4368 viaide - ok

12:14:23.0756 4368 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

12:14:23.0771 4368 volmgr - ok

12:14:23.0802 4368 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

12:14:23.0818 4368 volmgrx - ok

12:14:23.0849 4368 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

12:14:23.0865 4368 volsnap - ok

12:14:23.0880 4368 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

12:14:23.0880 4368 vsmraid - ok

12:14:23.0912 4368 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

12:14:23.0958 4368 WacomPen - ok

12:14:23.0990 4368 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

12:14:24.0005 4368 Wanarp - ok

12:14:24.0021 4368 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

12:14:24.0036 4368 Wanarpv6 - ok

12:14:24.0052 4368 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

12:14:24.0052 4368 Wd - ok

12:14:24.0083 4368 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

12:14:24.0114 4368 Wdf01000 - ok

12:14:24.0146 4368 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

12:14:24.0177 4368 WmiAcpi - ok

12:14:24.0192 4368 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

12:14:24.0224 4368 ws2ifsl - ok

12:14:24.0255 4368 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:14:24.0286 4368 WUDFRd - ok

12:14:24.0333 4368 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

12:14:24.0442 4368 \Device\Harddisk0\DR0 - ok

12:14:24.0458 4368 Boot (0x1200) (3a011f6f77f9f50769d15f3b9da1c9e0) \Device\Harddisk0\DR0\Partition0

12:14:24.0458 4368 \Device\Harddisk0\DR0\Partition0 - ok

12:14:24.0458 4368 Boot (0x1200) (8262796f56d4093ecf65ee8196cf773e) \Device\Harddisk0\DR0\Partition1

12:14:24.0473 4368 \Device\Harddisk0\DR0\Partition1 - ok

12:14:24.0473 4368 ============================================================

12:14:24.0473 4368 Scan finished

12:14:24.0473 4368 ============================================================

12:14:24.0473 4192 Detected object count: 0

12:14:24.0473 4192 Actual detected object count: 0

12:14:38.0747 4648 Deinitialize success

Link to post
Share on other sites

Well nothing yet....

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Still has all of the problems listed in my last post. A couple of interesting things happened while running Combofix that I will list hoping that it will give you a clue.

1. While Combofix was scrolling files when first run about 7 or 8 IE windows opened and all crashed with the DEP message that I listed in my last post.

2. When I first started running combofix I saw the message in the software window "Failed to get data frin 'Enable LUA'"

3. After the Reboot, while Combofix was preparing the log a Pop up warning window poped up and stated "PVE.EXE" has stopped working...."

ComboFix 11-10-29.05 - Michelle 10/29/2011 19:03:48.1.4 - x64

Running from: c:\users\Michelle\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))

.

.

2011-10-29 23:36 . 2011-10-29 23:41 -------- d-----w- c:\users\Michelle\AppData\Local\temp

2011-10-29 23:36 . 2011-10-29 23:36 -------- d-----w- c:\users\Lou\AppData\Local\temp

2011-10-29 23:36 . 2011-10-29 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-26 23:21 . 2011-10-26 23:21 -------- d-----w- c:\program files (x86)\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 01:37 . 2011-05-18 17:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 09:06 . 2010-05-05 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-08-31 21:00 . 2011-07-17 01:29 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [x]

R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]

R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]

R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53]

.

2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53]

.

2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001Core.job

- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06]

.

2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001UA.job

- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 2206280]

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uLocal Page = c:\windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

WebBrowser-{A10EE5E6-56FA-4E89-91E9-D84263448359} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exe

AddRemove-CoffeeCup Shopping Cart Creator 3.1.0 - c:\program files (x86)\CoffeeCup Software\CoffeeCup ShoppingCart\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\brsvc01a.exe

c:\windows\SysWOW64\brss01a.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

.

**************************************************************************

.

Completion time: 2011-10-29 20:02:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-30 00:01

ComboFix2.txt 2011-07-30 01:15

.

Pre-Run: 323,016,417,280 bytes free

Post-Run: 322,851,753,984 bytes free

.

- - End Of File - - 44E593AB4736283C8F3B32E183DC0BB9

Link to post
Share on other sites

SPYBOT TEATIMER

  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Next:

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

I had errors trying to change the settings of teatimer, so I uninstalled it....might have been corrupted. Going to resinstall it fresh now.

As far as EST scanner goes. No erros found....Very small log below

It ran and completed fine.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

FireFox::
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

The process ran exactly like it did when I ran it earlier, except it asked me if I wanted to downlaod a newer version of combofix, which I did.

I will have the problems mentioned above. To reiterate

1. When I run IE out of the Program Files directory it can run, otherwise if I run it or Firefox out of the Program Files(x86 directory it shuts down immediately due to DEP

2. Searches bring me to websites other than the ones I am trying to get to when searching via Google.

--------------------------------------------------------------------------------------

ComboFix 11-11-01.04 - Michelle 11/01/2011 20:41:22.1.4 - x64

Running from: c:\users\Michelle\Desktop\ComboFix.exe

Command switches used :: c:\users\Michelle\Desktop\cfscript.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))

.

.

2011-11-02 01:14 . 2011-11-02 02:16 -------- d-----w- c:\users\Michelle\AppData\Local\temp

2011-11-02 01:14 . 2011-11-02 01:14 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-11-02 01:14 . 2011-11-02 01:14 -------- d-----w- c:\users\Lou\AppData\Local\temp

2011-11-02 01:14 . 2011-11-02 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-30 16:03 . 2011-10-30 16:03 -------- d-----w- c:\program files (x86)\ESET

2011-10-30 12:41 . 2011-10-30 12:41 -------- d-----w- c:\users\Michelle\AppData\Local\Adobe

2011-10-26 23:21 . 2011-10-26 23:21 -------- d-----w- c:\program files (x86)\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 01:37 . 2011-05-18 17:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 09:06 . 2010-05-05 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-08-31 21:00 . 2011-07-17 01:29 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [x]

R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]

R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]

R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53]

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001Core.job

- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001UA.job

- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 2206280]

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uLocal Page = c:\windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki...

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{A10EE5E6-56FA-4E89-91E9-D84263448359} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\brsvc01a.exe

c:\windows\SysWOW64\brss01a.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe

.

**************************************************************************

.

Completion time: 2011-11-01 22:34:22 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-02 02:34

ComboFix2.txt 2011-10-30 00:02

ComboFix3.txt 2011-07-30 01:15

.

Pre-Run: 319,931,240,448 bytes free

Post-Run: 321,545,506,816 bytes free

.

- - End Of File - - E5E6C9D2A17654ADEFCD9C1CCB0DE040

Link to post
Share on other sites

Something is causing the Google search results to bring me to pages other than the ones I clicked on. I have other computers on the network that don't have the same issue, so I ruled out a router type redirect.

When Combofix ran, there were about 8 IE windows that seemed to close down..not sure if they were IE services that was terminated or if that is a normal part of combofix.

There was a program called PEV.EXE that was terminated also when I ran combofix.

I can disable DEP, but don't feel comfortable until the google redirect issue is solved. Not sure where to go from here.

Link to post
Share on other sites

When Combofix ran, there were about 8 IE windows that seemed to close down..not sure if they were IE services that was terminated or if that is a normal part of combofix.
That's normal
There was a program called PEV.EXE that was terminated also when I ran combofix.
That's a combofix file.

Try this:

You can open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.

•Type iexplore –extoff in the Run box on the Start menu

•Click “Internet Explorer (No Add-ons)” under All Programs -> Accessories -> System Tools

•Right-clicking the IE icon on the Start Menu (if IE is your default browser) and selecting “Browse Without Add-Ons”

Link to post
Share on other sites

I tried running IE with no add ones and it still crashes because of DEP. The one in the Program Files(x86) directory is the one with the problems. My copy of IE in the Program Files drive seems to be doing OK, but is not the default.

After the beow virus were found I am seeing some improvement in the google search. Waiting on more data, but I don't think its clean yet.

Avira Virus scanner just came back with some new results. I don't know if virus was new to the system or a new update allowed them to be detected. Let me know if this provides a clue.

Virus or unwanted program 'HTML/Crypted.Gen [virus]'

detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO1AGE01\mwlAdFrame[1].htm.

Action performed: Deny access

Virus or unwanted program 'HTML/Crypted.Gen [virus]'

detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BV961MPP\mwlAdFrame[1].htm.

Action performed: Deny access

Virus or unwanted program 'HTML/Crypted.Gen [virus]'

detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R06YB433\mwlAdFrame[1].htm.

Action performed: Deny access

Virus or unwanted program 'HTML/Crypted.Gen [virus]'

detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO8TPJVV\mwlAdFrame[1].htm.

Action performed: Deny access

Virus or unwanted program 'HTML/Crypted.Gen [virus]'

detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9X48AA53\mwlAdFrame[1].htm.

Action performed: Deny access

Virus or unwanted program 'HTML/Crypted.Gen [virus]'

detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO1AGE01\mwlAdFrame[1].htm.

Action performed: Deny access

Virus or unwanted program 'HTML/Crypted.Gen [virus]'

detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1URTQ8FZ\mwlAdFrame[1].htm.

Action performed: Deny access

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.