TheBigLou Posted October 27, 2011 ID:489202 Share Posted October 27, 2011 My wifes computer has some issues with Google redirects in several browsers for a while now. Ran a few diagnostic tools.Below are DDS.txt and attach.txt. I will post latest MBAM log in next post..DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by Michelle at 23:51:06 on 2011-10-26.============== Running Processes ===============.C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Windows\SysWOW64\brsvc01a.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\SysWOW64\brss01a.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exec:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files (x86)\itunes\iTunesHelper.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7E8PCPG\dds.scr.============== Pseudo HJT Report ===============.uDefault_Search_URL = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081206uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dllBHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileTB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No FileTB: {A10EE5E6-56FA-4E89-91E9-D84263448359} - No FileuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200IE: Google Sidewiki...IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.1 68.237.161.12TCP: Interfaces\{13FEF5EC-4156-4F3B-BED8-6C6CECC86475} : DhcpNameServer = 192.168.1.1 68.237.161.12BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO-X64: Search Helper - No FileBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO-X64: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dllBHO-X64: Browser Address Error Redirector - No FileBHO-X64: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileTB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No FileTB-X64: {A10EE5E6-56FA-4E89-91E9-D84263448359} - No FilemRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false============= SERVICES / DRIVERS ===============.R? AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7R? AERTFilters;Andrea RT Filters ServiceR? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64R? DockLoginService;Dock Login ServiceR? gupdate;Google Update Service (gupdate)R? gupdatem;Google Update Service (gupdatem)R? McComponentHostService;McAfee Security Scan Component Host ServiceR? PerfHost;Performance Counter DLL HostR? pmxmouse;pmxmouseR? pmxusblf;pmxusblfR? SBSDWSCService;SBSD Security Center ServiceR? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0S? AntiVirSchedulerService;Avira AntiVir SchedulerS? AntiVirService;Avira AntiVir GuardS? avgntflt;avgntfltS? FontCache;Windows Font Cache ServiceS? MBAMProtector;MBAMProtectorS? MBAMService;MBAMServiceS? Point64;Microsoft IntelliPoint Filter DriverS? PxHlpa64;PxHlpa64.=============== File Associations ===============.JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================.2011-10-27 01:46:59 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys.==================== Find3M ====================.2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-08-22 17:53:21 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl.============= FINISH: 23:59:20.75 ===============Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8026Windows 6.0.6002 Service Pack 2Internet Explorer 9.0.8112.1642110/26/2011 10:56:16 PMmbam-log-2011-10-26 (22-56-16).txtScan type: Full scan (C:\|)Objects scanned: 382853Time elapsed: 1 hour(s), 8 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)attach.txt Link to post Share on other sites More sharing options...
LDTate Posted October 28, 2011 ID:489748 Share Posted October 28, 2011 Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs from these scans, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.Please download ATF Cleaner by Atribune.Download - ATF Cleaner»Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.Next:Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.It doesn't take long to run, once it is finished move onto the next stepNext:Note: if the Cure option is not there, please select 'Skip'. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.please post the contents of that log TDSSKiller log.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
TheBigLou Posted October 29, 2011 Author ID:489984 Share Posted October 29, 2011 Did all that you stated, but nothing was found. Here are a couple of newer things that seem to be going wrong as I have been using this computer in addition to the Google Redirects. I hope this provides some additional clues. (These new items started before I ran the last set of instructions you gave me.Current problems1. Search on Google in either IE or Firefox, click on link and it takes me to different pages2. My 32 bit versions of Firefox and IE keep crashing on launch. They are being prevented from running by DEP (Data Execution Prevention). I have not turned this feature off.3. I am getting the occastional memory access violation by Teatimer.exe.Thanks in advance for your help.--------------------------------------------------------------------------------------------------------------12:14:04.0583 2480 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:0112:14:04.0646 2480 ============================================================12:14:04.0646 2480 Current date / time: 2011/10/29 12:14:04.064612:14:04.0646 2480 SystemInfo:12:14:04.0646 2480 12:14:04.0646 2480 OS Version: 6.0.6002 ServicePack: 2.012:14:04.0646 2480 Product type: Workstation12:14:04.0646 2480 ComputerName: UPSTAIRS12:14:04.0646 2480 UserName: Michelle12:14:04.0646 2480 Windows directory: C:\Windows12:14:04.0646 2480 System windows directory: C:\Windows12:14:04.0646 2480 Running under WOW6412:14:04.0646 2480 Processor architecture: Intel x6412:14:04.0646 2480 Number of processors: 412:14:04.0646 2480 Page size: 0x100012:14:04.0646 2480 Boot type: Normal boot12:14:04.0646 2480 ============================================================12:14:05.0316 2480 Initialize success12:14:13.0070 4368 ============================================================12:14:13.0070 4368 Scan started12:14:13.0070 4368 Mode: Manual; SigCheck; TDLFS; 12:14:13.0070 4368 ============================================================12:14:13.0772 4368 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys12:14:13.0850 4368 ACPI - ok12:14:13.0912 4368 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys12:14:13.0943 4368 adfs - ok12:14:13.0990 4368 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys12:14:14.0006 4368 adp94xx - ok12:14:14.0037 4368 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys12:14:14.0052 4368 adpahci - ok12:14:14.0068 4368 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys12:14:14.0084 4368 adpu160m - ok12:14:14.0099 4368 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys12:14:14.0115 4368 adpu320 - ok12:14:14.0208 4368 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys12:14:14.0224 4368 AFD - ok12:14:14.0255 4368 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys12:14:14.0255 4368 agp440 - ok12:14:14.0271 4368 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys12:14:14.0286 4368 aic78xx - ok12:14:14.0302 4368 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys12:14:14.0318 4368 aliide - ok12:14:14.0333 4368 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys12:14:14.0333 4368 amdide - ok12:14:14.0364 4368 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys12:14:14.0396 4368 AmdK8 - ok12:14:14.0458 4368 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys12:14:14.0474 4368 arc - ok12:14:14.0474 4368 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys12:14:14.0489 4368 arcsas - ok12:14:14.0505 4368 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys12:14:14.0536 4368 AsyncMac - ok12:14:14.0567 4368 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys12:14:14.0583 4368 atapi - ok12:14:14.0676 4368 atikmdag (2dddf9b8759ad74d7509b3d4ecbd2088) C:\Windows\system32\DRIVERS\atikmdag.sys12:14:14.0817 4368 atikmdag - ok12:14:14.0864 4368 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys12:14:14.0879 4368 avgntflt - ok12:14:14.0895 4368 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys12:14:14.0910 4368 avipbb - ok12:14:14.0910 4368 Beep - ok12:14:14.0926 4368 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys12:14:14.0973 4368 blbdrive - ok12:14:15.0004 4368 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys12:14:15.0020 4368 bowser - ok12:14:15.0035 4368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys12:14:15.0051 4368 BrFiltLo - ok12:14:15.0066 4368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys12:14:15.0082 4368 BrFiltUp - ok12:14:15.0113 4368 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys12:14:15.0160 4368 Brserid - ok12:14:15.0191 4368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys12:14:15.0222 4368 BrSerWdm - ok12:14:15.0238 4368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys12:14:15.0269 4368 BrUsbMdm - ok12:14:15.0285 4368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys12:14:15.0332 4368 BrUsbSer - ok12:14:15.0347 4368 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys12:14:15.0394 4368 BTHMODEM - ok12:14:15.0410 4368 catchme - ok12:14:15.0425 4368 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys12:14:15.0441 4368 cdfs - ok12:14:15.0472 4368 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys12:14:15.0503 4368 cdrom - ok12:14:15.0503 4368 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys12:14:15.0534 4368 circlass - ok12:14:15.0581 4368 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys12:14:15.0597 4368 CLFS - ok12:14:15.0612 4368 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys12:14:15.0628 4368 cmdide - ok12:14:15.0644 4368 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys12:14:15.0644 4368 Compbatt - ok12:14:15.0659 4368 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys12:14:15.0675 4368 crcdisk - ok12:14:15.0706 4368 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys12:14:15.0722 4368 DfsC - ok12:14:15.0753 4368 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys12:14:15.0753 4368 disk - ok12:14:15.0800 4368 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys12:14:15.0815 4368 drmkaud - ok12:14:15.0862 4368 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys12:14:15.0878 4368 DXGKrnl - ok12:14:15.0909 4368 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys12:14:15.0924 4368 e1express - ok12:14:15.0940 4368 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys12:14:15.0971 4368 E1G60 - ok12:14:16.0018 4368 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys12:14:16.0034 4368 Ecache - ok12:14:16.0065 4368 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys12:14:16.0080 4368 elxstor - ok12:14:16.0112 4368 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys12:14:16.0143 4368 ErrDev - ok12:14:16.0221 4368 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys12:14:16.0221 4368 exfat - ok12:14:16.0252 4368 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys12:14:16.0283 4368 fastfat - ok12:14:16.0361 4368 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys12:14:16.0392 4368 fdc - ok12:14:16.0392 4368 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys12:14:16.0408 4368 FileInfo - ok12:14:16.0424 4368 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys12:14:16.0455 4368 Filetrace - ok12:14:16.0470 4368 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys12:14:16.0502 4368 flpydisk - ok12:14:16.0533 4368 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys12:14:16.0548 4368 FltMgr - ok12:14:16.0564 4368 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys12:14:16.0580 4368 Fs_Rec - ok12:14:16.0611 4368 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys12:14:16.0626 4368 gagp30kx - ok12:14:16.0642 4368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys12:14:16.0658 4368 GEARAspiWDM - ok12:14:16.0720 4368 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys12:14:16.0736 4368 HdAudAddService - ok12:14:16.0767 4368 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys12:14:16.0814 4368 HDAudBus - ok12:14:16.0829 4368 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys12:14:16.0860 4368 HidBth - ok12:14:16.0876 4368 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys12:14:16.0923 4368 HidIr - ok12:14:16.0938 4368 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys12:14:16.0970 4368 HidUsb - ok12:14:17.0001 4368 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys12:14:17.0001 4368 HpCISSs - ok12:14:17.0048 4368 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys12:14:17.0063 4368 HTTP - ok12:14:17.0063 4368 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys12:14:17.0079 4368 i2omp - ok12:14:17.0094 4368 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys12:14:17.0110 4368 i8042prt - ok12:14:17.0126 4368 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys12:14:17.0141 4368 iaStorV - ok12:14:17.0157 4368 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys12:14:17.0172 4368 iirsp - ok12:14:17.0250 4368 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys12:14:17.0282 4368 IntcAzAudAddService - ok12:14:17.0344 4368 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys12:14:17.0344 4368 intelide - ok12:14:17.0360 4368 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys12:14:17.0375 4368 intelppm - ok12:14:17.0422 4368 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys12:14:17.0453 4368 IpFilterDriver - ok12:14:17.0469 4368 IpInIp - ok12:14:17.0484 4368 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys12:14:17.0516 4368 IPMIDRV - ok12:14:17.0531 4368 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys12:14:17.0578 4368 IPNAT - ok12:14:17.0594 4368 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys12:14:17.0625 4368 IRENUM - ok12:14:17.0640 4368 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys12:14:17.0656 4368 isapnp - ok12:14:17.0687 4368 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys12:14:17.0703 4368 iScsiPrt - ok12:14:17.0703 4368 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys12:14:17.0718 4368 iteatapi - ok12:14:17.0718 4368 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys12:14:17.0734 4368 iteraid - ok12:14:17.0765 4368 Iviaspi (cfe46dd772cc2e158ce8107416bee5c6) C:\Windows\system32\drivers\Iviaspi.sys12:14:17.0765 4368 Iviaspi - ok12:14:17.0796 4368 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys12:14:17.0796 4368 kbdclass - ok12:14:17.0812 4368 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys12:14:17.0843 4368 kbdhid - ok12:14:17.0874 4368 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys12:14:17.0890 4368 KSecDD - ok12:14:17.0906 4368 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys12:14:17.0921 4368 ksthunk - ok12:14:17.0952 4368 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys12:14:17.0984 4368 lltdio - ok12:14:18.0015 4368 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys12:14:18.0015 4368 LSI_FC - ok12:14:18.0030 4368 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys12:14:18.0046 4368 LSI_SAS - ok12:14:18.0062 4368 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys12:14:18.0062 4368 LSI_SCSI - ok12:14:18.0077 4368 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys12:14:18.0108 4368 luafv - ok12:14:18.0124 4368 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys12:14:18.0140 4368 MBAMProtector - ok12:14:18.0171 4368 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys12:14:18.0171 4368 megasas - ok12:14:18.0233 4368 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys12:14:18.0249 4368 MegaSR - ok12:14:18.0280 4368 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys12:14:18.0311 4368 Modem - ok12:14:18.0342 4368 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys12:14:18.0374 4368 monitor - ok12:14:18.0389 4368 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys12:14:18.0389 4368 mouclass - ok12:14:18.0420 4368 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys12:14:18.0452 4368 mouhid - ok12:14:18.0467 4368 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys12:14:18.0483 4368 MountMgr - ok12:14:18.0498 4368 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys12:14:18.0514 4368 mpio - ok12:14:18.0514 4368 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys12:14:18.0545 4368 mpsdrv - ok12:14:18.0561 4368 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys12:14:18.0561 4368 Mraid35x - ok12:14:18.0592 4368 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys12:14:18.0608 4368 MRxDAV - ok12:14:18.0639 4368 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys12:14:18.0654 4368 mrxsmb - ok12:14:18.0654 4368 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys12:14:18.0670 4368 mrxsmb10 - ok12:14:18.0686 4368 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys12:14:18.0701 4368 mrxsmb20 - ok12:14:18.0717 4368 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys12:14:18.0717 4368 msahci - ok12:14:18.0732 4368 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys12:14:18.0732 4368 msdsm - ok12:14:18.0764 4368 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys12:14:18.0795 4368 Msfs - ok12:14:18.0795 4368 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys12:14:18.0810 4368 msisadrv - ok12:14:18.0826 4368 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys12:14:18.0857 4368 MSKSSRV - ok12:14:18.0857 4368 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys12:14:18.0888 4368 MSPCLOCK - ok12:14:18.0904 4368 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys12:14:18.0920 4368 MSPQM - ok12:14:18.0966 4368 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys12:14:18.0966 4368 MsRPC - ok12:14:18.0982 4368 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys12:14:18.0998 4368 mssmbios - ok12:14:19.0013 4368 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys12:14:19.0029 4368 MSTEE - ok12:14:19.0044 4368 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys12:14:19.0060 4368 Mup - ok12:14:19.0107 4368 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys12:14:19.0107 4368 NativeWifiP - ok12:14:19.0154 4368 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys12:14:19.0169 4368 NDIS - ok12:14:19.0216 4368 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys12:14:19.0232 4368 NdisTapi - ok12:14:19.0278 4368 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys12:14:19.0310 4368 Ndisuio - ok12:14:19.0341 4368 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys12:14:19.0372 4368 NdisWan - ok12:14:19.0403 4368 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys12:14:19.0419 4368 NDProxy - ok12:14:19.0419 4368 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys12:14:19.0450 4368 NetBIOS - ok12:14:19.0497 4368 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys12:14:19.0512 4368 netbt - ok12:14:19.0528 4368 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys12:14:19.0544 4368 nfrd960 - ok12:14:19.0559 4368 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys12:14:19.0590 4368 Npfs - ok12:14:19.0590 4368 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys12:14:19.0622 4368 nsiproxy - ok12:14:19.0668 4368 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys12:14:19.0731 4368 Ntfs - ok12:14:19.0793 4368 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys12:14:19.0793 4368 NuidFltr - ok12:14:19.0809 4368 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys12:14:19.0840 4368 Null - ok12:14:19.0856 4368 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys12:14:19.0856 4368 nvraid - ok12:14:19.0871 4368 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys12:14:19.0887 4368 nvstor - ok12:14:19.0887 4368 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys12:14:19.0902 4368 nv_agp - ok12:14:19.0902 4368 NwlnkFlt - ok12:14:19.0918 4368 NwlnkFwd - ok12:14:19.0949 4368 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys12:14:19.0996 4368 ohci1394 - ok12:14:20.0027 4368 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys12:14:20.0043 4368 Packet - ok12:14:20.0058 4368 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys12:14:20.0090 4368 Parport - ok12:14:20.0121 4368 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys12:14:20.0121 4368 partmgr - ok12:14:20.0152 4368 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys12:14:20.0168 4368 pci - ok12:14:20.0199 4368 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys12:14:20.0214 4368 pciide - ok12:14:20.0261 4368 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys12:14:20.0277 4368 pcmcia - ok12:14:20.0308 4368 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys12:14:20.0355 4368 PEAUTH - ok12:14:20.0402 4368 pmxmouse (95cfc57970275e9445f7f9eaa6030a7e) C:\Windows\system32\DRIVERS\pmxmouse.sys12:14:20.0402 4368 pmxmouse - ok12:14:20.0417 4368 pmxusblf (5bd4334a61ec1c17a24b5b160a693427) C:\Windows\system32\DRIVERS\pmxusblf.sys12:14:20.0433 4368 pmxusblf - ok12:14:20.0480 4368 Point64 (24c4a668c1b574ebaf7126ab68f96012) C:\Windows\system32\DRIVERS\point64k.sys12:14:20.0480 4368 Point64 - ok12:14:20.0526 4368 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys12:14:20.0542 4368 PptpMiniport - ok12:14:20.0558 4368 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys12:14:20.0589 4368 Processor - ok12:14:20.0636 4368 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys12:14:20.0651 4368 PSched - ok12:14:20.0682 4368 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys12:14:20.0698 4368 PxHlpa64 - ok12:14:20.0760 4368 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys12:14:20.0776 4368 ql2300 - ok12:14:20.0807 4368 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys12:14:20.0807 4368 ql40xx - ok12:14:20.0838 4368 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys12:14:20.0854 4368 QWAVEdrv - ok12:14:20.0948 4368 R300 (2dddf9b8759ad74d7509b3d4ecbd2088) C:\Windows\system32\DRIVERS\atikmdag.sys12:14:21.0057 4368 R300 - ok12:14:21.0088 4368 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys12:14:21.0119 4368 RasAcd - ok12:14:21.0135 4368 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys12:14:21.0150 4368 Rasl2tp - ok12:14:21.0182 4368 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys12:14:21.0197 4368 RasPppoe - ok12:14:21.0228 4368 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys12:14:21.0244 4368 RasSstp - ok12:14:21.0306 4368 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys12:14:21.0322 4368 rdbss - ok12:14:21.0338 4368 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys12:14:21.0369 4368 RDPCDD - ok12:14:21.0384 4368 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys12:14:21.0416 4368 rdpdr - ok12:14:21.0416 4368 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys12:14:21.0447 4368 RDPENCDD - ok12:14:21.0462 4368 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys12:14:21.0494 4368 RDPWD - ok12:14:21.0525 4368 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys12:14:21.0540 4368 rspndr - ok12:14:21.0572 4368 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys12:14:21.0587 4368 sbp2port - ok12:14:21.0618 4368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys12:14:21.0650 4368 secdrv - ok12:14:21.0681 4368 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys12:14:21.0728 4368 Serenum - ok12:14:21.0728 4368 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys12:14:21.0774 4368 Serial - ok12:14:21.0790 4368 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys12:14:21.0821 4368 sermouse - ok12:14:21.0837 4368 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys12:14:21.0868 4368 sffdisk - ok12:14:21.0884 4368 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys12:14:21.0899 4368 sffp_mmc - ok12:14:21.0915 4368 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys12:14:21.0946 4368 sffp_sd - ok12:14:21.0962 4368 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys12:14:21.0993 4368 sfloppy - ok12:14:22.0024 4368 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys12:14:22.0024 4368 SiSRaid2 - ok12:14:22.0040 4368 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys12:14:22.0040 4368 SiSRaid4 - ok12:14:22.0086 4368 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys12:14:22.0102 4368 Smb - ok12:14:22.0133 4368 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys12:14:22.0133 4368 spldr - ok12:14:22.0164 4368 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys12:14:22.0180 4368 srv - ok12:14:22.0211 4368 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys12:14:22.0227 4368 srv2 - ok12:14:22.0227 4368 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys12:14:22.0242 4368 srvnet - ok12:14:22.0274 4368 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys12:14:22.0289 4368 swenum - ok12:14:22.0305 4368 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys12:14:22.0320 4368 Symc8xx - ok12:14:22.0336 4368 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys12:14:22.0336 4368 Sym_hi - ok12:14:22.0352 4368 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys12:14:22.0367 4368 Sym_u3 - ok12:14:22.0414 4368 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys12:14:22.0445 4368 Tcpip - ok12:14:22.0492 4368 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys12:14:22.0523 4368 Tcpip6 - ok12:14:22.0586 4368 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys12:14:22.0601 4368 tcpipreg - ok12:14:22.0617 4368 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys12:14:22.0648 4368 TDPIPE - ok12:14:22.0664 4368 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys12:14:22.0710 4368 TDTCP - ok12:14:22.0726 4368 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys12:14:22.0757 4368 tdx - ok12:14:22.0773 4368 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys12:14:22.0788 4368 TermDD - ok12:14:22.0820 4368 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys12:14:22.0851 4368 tssecsrv - ok12:14:22.0851 4368 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys12:14:22.0866 4368 tunmp - ok12:14:22.0898 4368 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys12:14:22.0913 4368 tunnel - ok12:14:22.0929 4368 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys12:14:22.0929 4368 uagp35 - ok12:14:22.0976 4368 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys12:14:22.0991 4368 udfs - ok12:14:23.0007 4368 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys12:14:23.0022 4368 uliagpkx - ok12:14:23.0038 4368 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys12:14:23.0054 4368 uliahci - ok12:14:23.0069 4368 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys12:14:23.0069 4368 UlSata - ok12:14:23.0085 4368 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys12:14:23.0100 4368 ulsata2 - ok12:14:23.0116 4368 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys12:14:23.0132 4368 umbus - ok12:14:23.0178 4368 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys12:14:23.0194 4368 usbccgp - ok12:14:23.0210 4368 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys12:14:23.0256 4368 usbcir - ok12:14:23.0303 4368 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys12:14:23.0319 4368 usbehci - ok12:14:23.0350 4368 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys12:14:23.0381 4368 usbhub - ok12:14:23.0397 4368 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys12:14:23.0428 4368 usbohci - ok12:14:23.0459 4368 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys12:14:23.0490 4368 usbprint - ok12:14:23.0522 4368 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys12:14:23.0537 4368 usbscan - ok12:14:23.0553 4368 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS12:14:23.0584 4368 USBSTOR - ok12:14:23.0600 4368 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys12:14:23.0631 4368 usbuhci - ok12:14:23.0646 4368 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys12:14:23.0662 4368 vga - ok12:14:23.0678 4368 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys12:14:23.0709 4368 VgaSave - ok12:14:23.0724 4368 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys12:14:23.0724 4368 viaide - ok12:14:23.0756 4368 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys12:14:23.0771 4368 volmgr - ok12:14:23.0802 4368 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys12:14:23.0818 4368 volmgrx - ok12:14:23.0849 4368 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys12:14:23.0865 4368 volsnap - ok12:14:23.0880 4368 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys12:14:23.0880 4368 vsmraid - ok12:14:23.0912 4368 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys12:14:23.0958 4368 WacomPen - ok12:14:23.0990 4368 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys12:14:24.0005 4368 Wanarp - ok12:14:24.0021 4368 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys12:14:24.0036 4368 Wanarpv6 - ok12:14:24.0052 4368 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys12:14:24.0052 4368 Wd - ok12:14:24.0083 4368 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys12:14:24.0114 4368 Wdf01000 - ok12:14:24.0146 4368 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys12:14:24.0177 4368 WmiAcpi - ok12:14:24.0192 4368 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys12:14:24.0224 4368 ws2ifsl - ok12:14:24.0255 4368 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys12:14:24.0286 4368 WUDFRd - ok12:14:24.0333 4368 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR012:14:24.0442 4368 \Device\Harddisk0\DR0 - ok12:14:24.0458 4368 Boot (0x1200) (3a011f6f77f9f50769d15f3b9da1c9e0) \Device\Harddisk0\DR0\Partition012:14:24.0458 4368 \Device\Harddisk0\DR0\Partition0 - ok12:14:24.0458 4368 Boot (0x1200) (8262796f56d4093ecf65ee8196cf773e) \Device\Harddisk0\DR0\Partition112:14:24.0473 4368 \Device\Harddisk0\DR0\Partition1 - ok12:14:24.0473 4368 ============================================================12:14:24.0473 4368 Scan finished12:14:24.0473 4368 ============================================================12:14:24.0473 4192 Detected object count: 012:14:24.0473 4192 Actual detected object count: 012:14:38.0747 4648 Deinitialize success Link to post Share on other sites More sharing options...
LDTate Posted October 29, 2011 ID:489986 Share Posted October 29, 2011 Well nothing yet....Please do not attach the scan results from Combofx. Use copy/paste.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
TheBigLou Posted October 30, 2011 Author ID:490093 Share Posted October 30, 2011 Still has all of the problems listed in my last post. A couple of interesting things happened while running Combofix that I will list hoping that it will give you a clue.1. While Combofix was scrolling files when first run about 7 or 8 IE windows opened and all crashed with the DEP message that I listed in my last post. 2. When I first started running combofix I saw the message in the software window "Failed to get data frin 'Enable LUA'"3. After the Reboot, while Combofix was preparing the log a Pop up warning window poped up and stated "PVE.EXE" has stopped working...."ComboFix 11-10-29.05 - Michelle 10/29/2011 19:03:48.1.4 - x64Running from: c:\users\Michelle\Desktop\ComboFix.exe..((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))..2011-10-29 23:36 . 2011-10-29 23:41 -------- d-----w- c:\users\Michelle\AppData\Local\temp2011-10-29 23:36 . 2011-10-29 23:36 -------- d-----w- c:\users\Lou\AppData\Local\temp2011-10-29 23:36 . 2011-10-29 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp2011-10-26 23:21 . 2011-10-26 23:21 -------- d-----w- c:\program files (x86)\Common Files\Java...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-28 01:37 . 2011-05-18 17:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-03 09:06 . 2010-05-05 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll2011-08-31 21:00 . 2011-07-17 01:29 25416 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [x]R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [x]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001Core.job- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001UA.job- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 2206280].------- Supplementary Scan -------.uDefault_Search_URL = hxxp://www.google.com/ieuLocal Page = c:\windows\system32\blank.htmuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Google Sidewiki...TCP: DhcpNameServer = 192.168.1.1 68.237.161.12CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exeWebBrowser-{A10EE5E6-56FA-4E89-91E9-D84263448359} - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exeAddRemove-CoffeeCup Shopping Cart Creator 3.1.0 - c:\program files (x86)\CoffeeCup Software\CoffeeCup ShoppingCart\uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\windows\SysWOW64\brsvc01a.exec:\windows\SysWOW64\brss01a.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe.**************************************************************************.Completion time: 2011-10-29 20:02:04 - machine was rebootedComboFix-quarantined-files.txt 2011-10-30 00:01ComboFix2.txt 2011-07-30 01:15.Pre-Run: 323,016,417,280 bytes freePost-Run: 322,851,753,984 bytes free.- - End Of File - - 44E593AB4736283C8F3B32E183DC0BB9 Link to post Share on other sites More sharing options...
LDTate Posted October 30, 2011 ID:490169 Share Posted October 30, 2011 SPYBOT TEATIMERLaunch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.On the left hand side, click on Tools, then click on the Resident Icon in the list.Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.Click on the "System Startup" icon in the ListUncheck the "TeaTimer" box and "OK" any prompts.If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.Exit Spybot S&D when done.(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]Next:http://www.eset.eu/online-scannerGo here to run an online scannner from ESET.Click the green ESET Online Scanner button.Read the End User License Agreement and check the box: YES, I accept the Terms of Use.Click on the Start button next to it.You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.A new window will appear asking "Do you want to install this software?"".Answer Yes to download and install the ActiveX controls that allows the scan to run.Click Start.Check Remove found threats and Scan potentially unwanted applications.Click Scan to begin. If offered the option to get information or buy software. Just close the window. Wait for the scan to finishUse notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
TheBigLou Posted October 31, 2011 Author ID:490289 Share Posted October 31, 2011 I had errors trying to change the settings of teatimer, so I uninstalled it....might have been corrupted. Going to resinstall it fresh now.As far as EST scanner goes. No erros found....Very small log belowIt ran and completed fine.ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK Link to post Share on other sites More sharing options...
LDTate Posted October 31, 2011 ID:490390 Share Posted October 31, 2011 Can you tell me how it's running now? Link to post Share on other sites More sharing options...
TheBigLou Posted October 31, 2011 Author ID:490739 Share Posted October 31, 2011 No difference. All errors stated in my origional post are still causing problems. Link to post Share on other sites More sharing options...
LDTate Posted October 31, 2011 ID:490740 Share Posted October 31, 2011 Copy/paste the text in the Codebox below into notepad:Here's how to do that:Click Start > Run type Notepad click OK.This will open an empty notepad file: Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. KillAll::DDS::uLocal Page = c:\windows\system32\blank.htmuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8FireFox::FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseSave this file to your desktop, Save this as "CFScript" Here's how to do that:1.Click File;2.Click Save As... Change the directory to your desktop;3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript5.Click Save ...Drag CFScript.txt into ComboFix.exeThen post the results log using Copy / PasteAlso please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
TheBigLou Posted November 2, 2011 Author ID:491136 Share Posted November 2, 2011 The process ran exactly like it did when I ran it earlier, except it asked me if I wanted to downlaod a newer version of combofix, which I did.I will have the problems mentioned above. To reiterate1. When I run IE out of the Program Files directory it can run, otherwise if I run it or Firefox out of the Program Files(x86 directory it shuts down immediately due to DEP2. Searches bring me to websites other than the ones I am trying to get to when searching via Google.--------------------------------------------------------------------------------------ComboFix 11-11-01.04 - Michelle 11/01/2011 20:41:22.1.4 - x64Running from: c:\users\Michelle\Desktop\ComboFix.exeCommand switches used :: c:\users\Michelle\Desktop\cfscript.txt..((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))..2011-11-02 01:14 . 2011-11-02 02:16 -------- d-----w- c:\users\Michelle\AppData\Local\temp2011-11-02 01:14 . 2011-11-02 01:14 -------- d-----w- c:\users\Public\AppData\Local\temp2011-11-02 01:14 . 2011-11-02 01:14 -------- d-----w- c:\users\Lou\AppData\Local\temp2011-11-02 01:14 . 2011-11-02 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp2011-10-30 16:03 . 2011-10-30 16:03 -------- d-----w- c:\program files (x86)\ESET2011-10-30 12:41 . 2011-10-30 12:41 -------- d-----w- c:\users\Michelle\AppData\Local\Adobe2011-10-26 23:21 . 2011-10-26 23:21 -------- d-----w- c:\program files (x86)\Common Files\Java...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-28 01:37 . 2011-05-18 17:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-03 09:06 . 2010-05-05 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll2011-08-31 21:00 . 2011-07-17 01:29 25416 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 136176]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [x]R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [x]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53].2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 17:53].2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001Core.job- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06].2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198504533-3792674152-2682895940-1001UA.job- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-11 03:06]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 2206280].------- Supplementary Scan -------.uDefault_Search_URL = hxxp://www.google.com/ieuLocal Page = c:\windows\system32\blank.htmuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Google Sidewiki...TCP: DhcpNameServer = 192.168.1.1 68.237.161.12CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2s8x1npz.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100926030317430&tb_oid=25-05-2011&tb_mrud=25-05-2011&query=FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.- - - - ORPHANS REMOVED - - - -.WebBrowser-{A10EE5E6-56FA-4E89-91E9-D84263448359} - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\windows\SysWOW64\brsvc01a.exec:\windows\SysWOW64\brss01a.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe.**************************************************************************.Completion time: 2011-11-01 22:34:22 - machine was rebootedComboFix-quarantined-files.txt 2011-11-02 02:34ComboFix2.txt 2011-10-30 00:02ComboFix3.txt 2011-07-30 01:15.Pre-Run: 319,931,240,448 bytes freePost-Run: 321,545,506,816 bytes free.- - End Of File - - E5E6C9D2A17654ADEFCD9C1CCB0DE040 Link to post Share on other sites More sharing options...
LDTate Posted November 2, 2011 ID:491203 Share Posted November 2, 2011 I'm not seeing anything bad.See if this info helps.http://windows.microsoft.com/en-US/windows-vista/Data-Execution-Prevention-frequently-asked-questions Link to post Share on other sites More sharing options...
TheBigLou Posted November 2, 2011 Author ID:491213 Share Posted November 2, 2011 Something is causing the Google search results to bring me to pages other than the ones I clicked on. I have other computers on the network that don't have the same issue, so I ruled out a router type redirect.When Combofix ran, there were about 8 IE windows that seemed to close down..not sure if they were IE services that was terminated or if that is a normal part of combofix.There was a program called PEV.EXE that was terminated also when I ran combofix.I can disable DEP, but don't feel comfortable until the google redirect issue is solved. Not sure where to go from here. Link to post Share on other sites More sharing options...
LDTate Posted November 2, 2011 ID:491227 Share Posted November 2, 2011 When Combofix ran, there were about 8 IE windows that seemed to close down..not sure if they were IE services that was terminated or if that is a normal part of combofix.That's normalThere was a program called PEV.EXE that was terminated also when I ran combofix.That's a combofix file.Try this:You can open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.•Type iexplore –extoff in the Run box on the Start menu •Click “Internet Explorer (No Add-ons)” under All Programs -> Accessories -> System Tools •Right-clicking the IE icon on the Start Menu (if IE is your default browser) and selecting “Browse Without Add-Ons” Link to post Share on other sites More sharing options...
TheBigLou Posted November 4, 2011 Author ID:491697 Share Posted November 4, 2011 I tried running IE with no add ones and it still crashes because of DEP. The one in the Program Files(x86) directory is the one with the problems. My copy of IE in the Program Files drive seems to be doing OK, but is not the default.After the beow virus were found I am seeing some improvement in the google search. Waiting on more data, but I don't think its clean yet.Avira Virus scanner just came back with some new results. I don't know if virus was new to the system or a new update allowed them to be detected. Let me know if this provides a clue.Virus or unwanted program 'HTML/Crypted.Gen [virus]'detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO1AGE01\mwlAdFrame[1].htm.Action performed: Deny accessVirus or unwanted program 'HTML/Crypted.Gen [virus]'detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BV961MPP\mwlAdFrame[1].htm.Action performed: Deny accessVirus or unwanted program 'HTML/Crypted.Gen [virus]'detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R06YB433\mwlAdFrame[1].htm.Action performed: Deny accessVirus or unwanted program 'HTML/Crypted.Gen [virus]'detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO8TPJVV\mwlAdFrame[1].htm.Action performed: Deny accessVirus or unwanted program 'HTML/Crypted.Gen [virus]'detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9X48AA53\mwlAdFrame[1].htm.Action performed: Deny accessVirus or unwanted program 'HTML/Crypted.Gen [virus]'detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO1AGE01\mwlAdFrame[1].htm.Action performed: Deny accessVirus or unwanted program 'HTML/Crypted.Gen [virus]'detected in file 'C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1URTQ8FZ\mwlAdFrame[1].htm.Action performed: Deny access Link to post Share on other sites More sharing options...
LDTate Posted November 4, 2011 ID:491706 Share Posted November 4, 2011 If you run ATF Cleaner while logged in as Michelle, that should remove those. Link to post Share on other sites More sharing options...
TheBigLou Posted November 4, 2011 Author ID:491831 Share Posted November 4, 2011 Ran ATFCleaner.exe. Google redirect has not been cured. If was working prior, but now it goes to websites unrelated to my search. Link to post Share on other sites More sharing options...
LDTate Posted November 5, 2011 ID:491836 Share Posted November 5, 2011 http://www.eset.eu/online-scannerGo here to run an online scannner from ESET.Click the green ESET Online Scanner button.Read the End User License Agreement and check the box: YES, I accept the Terms of Use.Click on the Start button next to it.You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.A new window will appear asking "Do you want to install this software?"".Answer Yes to download and install the ActiveX controls that allows the scan to run.Click Start.Check Remove found threats and Scan potentially unwanted applications.Click Scan to begin. If offered the option to get information or buy software. Just close the window. Wait for the scan to finishUse notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
LDTate Posted November 9, 2011 ID:493090 Share Posted November 9, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts