Jump to content

Infected Need Help!

DianeD

By DianeD
in Resolved Malware Removal Logs

 Share

Recommended Posts

DianeD

DianeD

Posted
Posted

Hi All,

I seem to have acquired a virus which initially affected my desktop, and hid most of the user files on my PC. My AV software found/removed some infected files and now I have control of the desktop. However I still have a browser redirect problems and issues with random audio playing.. I scanned (quick and full) with Malwarebytes but it came up clean..

Below is the DDS.txt and Attach.txt as requested in the forum instructions.

Thanks for the help, I'm desperate!!!!

DDS.txt

=============================================================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by DAVIS at 8:17:18 on 2011-11-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1885 [GMT -4:00]

.

AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}

SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

C:\Windows\SysWOW64\cfgmig32.exe

C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\CA\CA Internet Security Suite\casc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Upromise\dca-ua.exe

C:\Program Files (x86)\Upromise\UpromiseTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbookexe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe

C:\Program Files (x86)\internet explorer\iexplore.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Upromise\dca-bho.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\DAVIS\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe

uRun: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

mRunOnce: [GrpConv] grpconv -o

StartupFolder: C:\Users\DAVIS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\DAVIS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: C:\Windows\system32\VetRedir.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromediacom/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C2BD42D5-C1BF-4DD0-AF26-4A170FB0920F} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Notify: PFW - UmxWnp.Dll

AppInit_DLLs: UmxSbxExw.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: CA Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll

BHO-X64: DCA - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO-X64: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

BHO-X64: ToolHelper - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB-X64: CA Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

mRunOnce-x64: [GrpConv] grpconv -o

AppInit_DLLs-X64: UmxSbxExw.dll

.

============= SERVICES / DRIVERS ===============

.

R0 KmxAMRT;KmxAMRT;C:\Windows\system32\DRIVERS\KmxAMRT.sys --> C:\Windows\system32\DRIVERS\KmxAMRT.sys [?]

R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys --> C:\Windows\system32\DRIVERS\kmxfw.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys --> C:\Windows\system32\DRIVERS\kmxagent.sys [?]

R1 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys --> C:\Windows\system32\DRIVERS\kmxcfg.sys [?]

R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys --> C:\Windows\system32\DRIVERS\KmxFile.sys [?]

R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys --> C:\Windows\system32\DRIVERS\KmxFilter.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2011-10-30 291656]

R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2011-10-30 312656]

R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-10-30 286032]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys --> C:\Windows\system32\DRIVERS\KmxCF.sys [?]

R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys --> C:\Windows\system32\DRIVERS\KmxSbx.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-30 366152]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-11 660800]

R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNSexe [2010-6-8 2320920]

R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2011-10-30 263504]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-25 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-25 136176]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\4E6.tmp --> C:\Windows\system32\4E6.tmp [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2011-11-02 02:42:41 6144 ------w- C:\Windows\System32\4E6.tmp

2011-11-02 02:42:10 6144 ------w- C:\Windows\System32\8D46.tmp

2011-11-01 00:59:08 6144 ------w- C:\Windows\System32\B940.tmp

2011-10-31 23:53:49 6144 ------w- C:\Windows\System32\96D5.tmp

2011-10-31 23:53:08 6144 ------w- C:\Windows\System32\F8A3.tmp

2011-10-31 02:18:26 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys

2011-10-31 00:43:24 6144 ------w- C:\Windows\System32\2B57.tmp

2011-10-31 00:41:52 6144 ------w- C:\Windows\System32\C6D9.tmp

2011-10-31 00:41:26 -------- d-----w- C:\Program Files (x86)\Sophos

2011-10-30 20:53:26 -------- d-----w- C:\Users\DAVIS\AppData\Roaming\Malwarebytes

2011-10-30 20:52:55 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-30 20:52:49 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-30 20:52:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-30 19:03:05 99024 ----a-w- C:\Windows\System32\drivers\KmxFilter.sys

2011-10-30 19:03:04 143824 ----a-w- C:\Windows\System32\drivers\KmxFw.sys

2011-10-30 19:03:03 202320 ----a-w- C:\Windows\System32\drivers\KmxCF.sys

2011-10-30 18:41:45 263504 ----a-w- C:\Windows\SysWow64\cfgmig32.exe

2011-10-30 18:41:45 1422672 ----a-w- C:\Windows\SysWow64\cfgmig32.dll

2011-10-30 18:41:45 1422672 ----a-w- C:\Windows\System32\cfgmig32.dll

2011-10-30 18:41:35 95568 ----a-w- C:\Windows\SysWow64\Vetredir.dll

2011-10-30 18:41:35 257872 ----a-w- C:\Windows\System32\isafprod64.dll

2011-10-30 18:41:35 206160 ----a-w- C:\Windows\SysWow64\Isafprod.dll

2011-10-30 18:41:35 141136 ----a-w- C:\Windows\System32\Isafeif64.dll

2011-10-30 18:41:35 128336 ----a-w- C:\Windows\SysWow64\Isafeif.dll

2011-10-30 18:41:35 103760 ----a-w- C:\Windows\System32\Vetredir64.dll

2011-10-30 18:41:00 -------- d-----w- C:\Program Files (x86)\CA

2011-10-30 18:40:29 3207184 ----a-w- C:\Windows\System32\mdmcls32.exe

2011-10-30 18:40:28 4108304 ----a-w- C:\Windows\SysWow64\win32cpr.dll

2011-10-30 18:40:28 2760720 ----a-w- C:\Windows\SysWow64\svcprs32.exe

2011-10-30 18:40:28 2524176 ----a-w- C:\Windows\System32\winsflt.dll

2011-10-30 18:40:28 1744912 ----a-w- C:\Windows\SysWow64\winsflt.dll

2011-10-30 18:40:27 98320 ----a-w- C:\Windows\SysWow64\winsfinst.exe

2011-10-30 18:40:27 3207184 ----a-w- C:\Windows\SysWow64\mdmcls32.exe

2011-10-30 18:40:27 2990096 ----a-w- C:\Windows\SysWow64\winsflte.dll

2011-10-30 18:40:27 289296 ----a-w- C:\Windows\System32\winsfinst.exe

2011-10-30 18:40:26 7440 ----a-w- C:\Windows\SysWow64\sporder.dll

2011-10-30 18:40:26 -------- d-----w- C:\Windows\rnapxs

2011-10-30 18:40:16 -------- d-----w- C:\Program Files\ISSThirdParty

2011-10-30 18:39:17 -------- d-----w- C:\Program Files\CA

2011-10-30 18:38:10 -------- d-----w- C:\ProgramData\CA

2011-10-30 18:31:35 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8AB455D-00D4-40F0-82EB-FAA9310E9FC8}\mpengine.dll

2011-10-30 17:44:24 -------- d-----we C:\Windows\system64

2011-10-22 23:07:50 -------- d--h--w- C:\Users\DAVIS\AppData\Roaming\HandBrake

2011-10-22 23:07:50 -------- d-----w- C:\Users\DAVIS\AppData\Local\HandBrake

2011-10-22 23:07:44 -------- d-----w- C:\Program Files (x86)\Handbrake

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-10-16 19:55:43 -------- d--h--w- C:\Users\DAVIS\AppData\Local\PhotoChannel

2011-10-16 18:28:28 -------- d--h--w- C:\Users\DAVIS\AppData\Local\LEGO Software

2011-10-16 18:14:08 -------- d--h--w- C:\Users\DAVIS\AppData\Local\Chromium

2011-10-16 18:13:53 -------- d-----w- C:\Program Files (x86)\LEGO Software

2011-10-16 16:25:43 -------- d--h--w- C:\ProgramData\xml_param

2011-10-16 15:59:05 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2011-10-16 15:59:05 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2011-10-16 15:59:05 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

2011-10-16 15:59:04 -------- d--h--w- C:\Program Files (x86)\Aimersoft

2011-10-16 15:58:13 -------- d-----w- C:\Users\DAVIS\AppData\Roaming\GetRightToGo

2011-10-12 22:07:52 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

.

==================== Find3M ====================

.

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec

2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

.

============= FINISH: 8:27:32.38 ===============

Attach.txt

============================================================================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by DAVIS at 8:17:18 on 2011-11-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1885 [GMT -4:00]

.

AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}

SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

C:\Windows\SysWOW64\cfgmig32.exe

C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\CA\CA Internet Security Suite\casc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Upromise\dca-ua.exe

C:\Program Files (x86)\Upromise\UpromiseTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbookexe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe

C:\Program Files (x86)\internet explorer\iexplore.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Upromise\dca-bho.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\DAVIS\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe

uRun: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

mRunOnce: [GrpConv] grpconv -o

StartupFolder: C:\Users\DAVIS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\DAVIS\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: C:\Windows\system32\VetRedir.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromediacom/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C2BD42D5-C1BF-4DD0-AF26-4A170FB0920F} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Notify: PFW - UmxWnp.Dll

AppInit_DLLs: UmxSbxExw.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: CA Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll

BHO-X64: DCA - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO-X64: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

BHO-X64: ToolHelper - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB-X64: CA Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\toolbar\caIEToolbar.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [bYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

mRunOnce-x64: [GrpConv] grpconv -o

AppInit_DLLs-X64: UmxSbxExw.dll

.

============= SERVICES / DRIVERS ===============

.

R0 KmxAMRT;KmxAMRT;C:\Windows\system32\DRIVERS\KmxAMRT.sys --> C:\Windows\system32\DRIVERS\KmxAMRT.sys [?]

R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys --> C:\Windows\system32\DRIVERS\kmxfw.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys --> C:\Windows\system32\DRIVERS\kmxagent.sys [?]

R1 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys --> C:\Windows\system32\DRIVERS\kmxcfg.sys [?]

R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys --> C:\Windows\system32\DRIVERS\KmxFile.sys [?]

R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys --> C:\Windows\system32\DRIVERS\KmxFilter.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2011-10-30 291656]

R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2011-10-30 312656]

R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-10-30 286032]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys --> C:\Windows\system32\DRIVERS\KmxCF.sys [?]

R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys --> C:\Windows\system32\DRIVERS\KmxSbx.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-30 366152]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-11 660800]

R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNSexe [2010-6-8 2320920]

R2 WinSvchostManagerSrv;WinSvchostManagerSrv;C:\Windows\SysWOW64\cfgmig32.exe [2011-10-30 263504]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-25 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-25 136176]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\4E6.tmp --> C:\Windows\system32\4E6.tmp [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2011-11-02 02:42:41 6144 ------w- C:\Windows\System32\4E6.tmp

2011-11-02 02:42:10 6144 ------w- C:\Windows\System32\8D46.tmp

2011-11-01 00:59:08 6144 ------w- C:\Windows\System32\B940.tmp

2011-10-31 23:53:49 6144 ------w- C:\Windows\System32\96D5.tmp

2011-10-31 23:53:08 6144 ------w- C:\Windows\System32\F8A3.tmp

2011-10-31 02:18:26 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys

2011-10-31 00:43:24 6144 ------w- C:\Windows\System32\2B57.tmp

2011-10-31 00:41:52 6144 ------w- C:\Windows\System32\C6D9.tmp

2011-10-31 00:41:26 -------- d-----w- C:\Program Files (x86)\Sophos

2011-10-30 20:53:26 -------- d-----w- C:\Users\DAVIS\AppData\Roaming\Malwarebytes

2011-10-30 20:52:55 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-30 20:52:49 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-30 20:52:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-30 19:03:05 99024 ----a-w- C:\Windows\System32\drivers\KmxFilter.sys

2011-10-30 19:03:04 143824 ----a-w- C:\Windows\System32\drivers\KmxFw.sys

2011-10-30 19:03:03 202320 ----a-w- C:\Windows\System32\drivers\KmxCF.sys

2011-10-30 18:41:45 263504 ----a-w- C:\Windows\SysWow64\cfgmig32.exe

2011-10-30 18:41:45 1422672 ----a-w- C:\Windows\SysWow64\cfgmig32.dll

2011-10-30 18:41:45 1422672 ----a-w- C:\Windows\System32\cfgmig32.dll

2011-10-30 18:41:35 95568 ----a-w- C:\Windows\SysWow64\Vetredir.dll

2011-10-30 18:41:35 257872 ----a-w- C:\Windows\System32\isafprod64.dll

2011-10-30 18:41:35 206160 ----a-w- C:\Windows\SysWow64\Isafprod.dll

2011-10-30 18:41:35 141136 ----a-w- C:\Windows\System32\Isafeif64.dll

2011-10-30 18:41:35 128336 ----a-w- C:\Windows\SysWow64\Isafeif.dll

2011-10-30 18:41:35 103760 ----a-w- C:\Windows\System32\Vetredir64.dll

2011-10-30 18:41:00 -------- d-----w- C:\Program Files (x86)\CA

2011-10-30 18:40:29 3207184 ----a-w- C:\Windows\System32\mdmcls32.exe

2011-10-30 18:40:28 4108304 ----a-w- C:\Windows\SysWow64\win32cpr.dll

2011-10-30 18:40:28 2760720 ----a-w- C:\Windows\SysWow64\svcprs32.exe

2011-10-30 18:40:28 2524176 ----a-w- C:\Windows\System32\winsflt.dll

2011-10-30 18:40:28 1744912 ----a-w- C:\Windows\SysWow64\winsflt.dll

2011-10-30 18:40:27 98320 ----a-w- C:\Windows\SysWow64\winsfinst.exe

2011-10-30 18:40:27 3207184 ----a-w- C:\Windows\SysWow64\mdmcls32.exe

2011-10-30 18:40:27 2990096 ----a-w- C:\Windows\SysWow64\winsflte.dll

2011-10-30 18:40:27 289296 ----a-w- C:\Windows\System32\winsfinst.exe

2011-10-30 18:40:26 7440 ----a-w- C:\Windows\SysWow64\sporder.dll

2011-10-30 18:40:26 -------- d-----w- C:\Windows\rnapxs

2011-10-30 18:40:16 -------- d-----w- C:\Program Files\ISSThirdParty

2011-10-30 18:39:17 -------- d-----w- C:\Program Files\CA

2011-10-30 18:38:10 -------- d-----w- C:\ProgramData\CA

2011-10-30 18:31:35 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A8AB455D-00D4-40F0-82EB-FAA9310E9FC8}\mpengine.dll

2011-10-30 17:44:24 -------- d-----we C:\Windows\system64

2011-10-22 23:07:50 -------- d--h--w- C:\Users\DAVIS\AppData\Roaming\HandBrake

2011-10-22 23:07:50 -------- d-----w- C:\Users\DAVIS\AppData\Local\HandBrake

2011-10-22 23:07:44 -------- d-----w- C:\Program Files (x86)\Handbrake

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-10-17 22:33:54 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-10-16 19:55:43 -------- d--h--w- C:\Users\DAVIS\AppData\Local\PhotoChannel

2011-10-16 18:28:28 -------- d--h--w- C:\Users\DAVIS\AppData\Local\LEGO Software

2011-10-16 18:14:08 -------- d--h--w- C:\Users\DAVIS\AppData\Local\Chromium

2011-10-16 18:13:53 -------- d-----w- C:\Program Files (x86)\LEGO Software

2011-10-16 16:25:43 -------- d--h--w- C:\ProgramData\xml_param

2011-10-16 15:59:05 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2011-10-16 15:59:05 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2011-10-16 15:59:05 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

2011-10-16 15:59:04 -------- d--h--w- C:\Program Files (x86)\Aimersoft

2011-10-16 15:58:13 -------- d-----w- C:\Users\DAVIS\AppData\Roaming\GetRightToGo

2011-10-12 22:07:52 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

.

==================== Find3M ====================

.

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec

2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

.

============= FINISH: 8:27:32.38 ===============

Attach.txt

DDS.txt

Link to post
Share on other sites
  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Kenny94

Kenny94

Posted
Posted

Hi DianeD and Welcome to Malwarebytes!

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

  • Please download and run UnHide.exe by Grinler.
  • Double-click unhide.exe to run the program.
  • After running it, your files should reappear. Please let us know the result.

Next

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Hi Kenny,

Thanks for the quick reply. The unhide utility worked great. Below are the results of the TDSSKiller scan.. didn't find anything though. I look forward to your next response.

-Diane.

17:52:18.0422 5336 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51

17:52:18.0625 5336 ============================================================

17:52:18.0625 5336 Current date / time: 2011/11/08 17:52:18.0625

17:52:18.0625 5336 SystemInfo:

17:52:18.0625 5336

17:52:18.0625 5336 OS Version: 6.1.7600 ServicePack: 0.0

17:52:18.0625 5336 Product type: Workstation

17:52:18.0625 5336 ComputerName: DAVIS-PC

17:52:18.0625 5336 UserName: DAVIS

17:52:18.0625 5336 Windows directory: C:\Windows

17:52:18.0625 5336 System windows directory: C:\Windows

17:52:18.0625 5336 Running under WOW64

17:52:18.0625 5336 Processor architecture: Intel x64

17:52:18.0625 5336 Number of processors: 4

17:52:18.0625 5336 Page size: 0x1000

17:52:18.0625 5336 Boot type: Normal boot

17:52:18.0625 5336 ============================================================

17:52:19.0624 5336 Initialize success

17:52:22.0354 5400 ============================================================

17:52:22.0354 5400 Scan started

17:52:22.0354 5400 Mode: Manual;

17:52:22.0354 5400 ============================================================

17:52:23.0290 5400 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

17:52:23.0290 5400 1394ohci - ok

17:52:23.0336 5400 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

17:52:23.0336 5400 ACPI - ok

17:52:23.0352 5400 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:52:23.0352 5400 AcpiPmi - ok

17:52:23.0430 5400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:52:23.0430 5400 adp94xx - ok

17:52:23.0446 5400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:52:23.0461 5400 adpahci - ok

17:52:23.0477 5400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:52:23.0477 5400 adpu320 - ok

17:52:23.0524 5400 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

17:52:23.0539 5400 AFD - ok

17:52:23.0539 5400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:52:23.0539 5400 agp440 - ok

17:52:23.0570 5400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:52:23.0570 5400 aliide - ok

17:52:23.0586 5400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:52:23.0586 5400 amdide - ok

17:52:23.0617 5400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:52:23.0617 5400 AmdK8 - ok

17:52:23.0648 5400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:52:23.0648 5400 AmdPPM - ok

17:52:23.0711 5400 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

17:52:23.0711 5400 amdsata - ok

17:52:23.0726 5400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:52:23.0726 5400 amdsbs - ok

17:52:23.0742 5400 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

17:52:23.0742 5400 amdxata - ok

17:52:23.0789 5400 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:52:23.0804 5400 AppID - ok

17:52:23.0836 5400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:52:23.0836 5400 arc - ok

17:52:23.0836 5400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:52:23.0851 5400 arcsas - ok

17:52:23.0867 5400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:52:23.0882 5400 AsyncMac - ok

17:52:23.0898 5400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:52:23.0898 5400 atapi - ok

17:52:24.0023 5400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:52:24.0038 5400 b06bdrv - ok

17:52:24.0148 5400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:52:24.0148 5400 b57nd60a - ok

17:52:24.0257 5400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:52:24.0272 5400 Beep - ok

17:52:24.0319 5400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:52:24.0319 5400 blbdrive - ok

17:52:24.0382 5400 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:52:24.0382 5400 bowser - ok

17:52:24.0397 5400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:52:24.0413 5400 BrFiltLo - ok

17:52:24.0428 5400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:52:24.0428 5400 BrFiltUp - ok

17:52:24.0475 5400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:52:24.0491 5400 Brserid - ok

17:52:24.0506 5400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:52:24.0506 5400 BrSerWdm - ok

17:52:24.0553 5400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:52:24.0553 5400 BrUsbMdm - ok

17:52:24.0569 5400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:52:24.0569 5400 BrUsbSer - ok

17:52:24.0584 5400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:52:24.0584 5400 BTHMODEM - ok

17:52:24.0725 5400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:52:24.0725 5400 cdfs - ok

17:52:24.0756 5400 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:52:24.0756 5400 cdrom - ok

17:52:24.0803 5400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:52:24.0818 5400 circlass - ok

17:52:24.0896 5400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:52:24.0928 5400 CLFS - ok

17:52:24.0990 5400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:52:24.0990 5400 CmBatt - ok

17:52:25.0006 5400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:52:25.0021 5400 cmdide - ok

17:52:25.0177 5400 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

17:52:25.0177 5400 CNG - ok

17:52:25.0411 5400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:52:25.0411 5400 Compbatt - ok

17:52:25.0505 5400 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:52:25.0520 5400 CompositeBus - ok

17:52:25.0614 5400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:52:25.0614 5400 crcdisk - ok

17:52:25.0676 5400 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys

17:52:25.0676 5400 dc3d - ok

17:52:25.0723 5400 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

17:52:25.0739 5400 DfsC - ok

17:52:25.0770 5400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:52:25.0770 5400 discache - ok

17:52:25.0801 5400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:52:25.0801 5400 Disk - ok

17:52:25.0879 5400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:52:25.0879 5400 drmkaud - ok

17:52:25.0926 5400 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

17:52:25.0942 5400 DXGKrnl - ok

17:52:26.0160 5400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:52:26.0176 5400 ebdrv - ok

17:52:26.0347 5400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:52:26.0347 5400 elxstor - ok

17:52:26.0534 5400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:52:26.0550 5400 ErrDev - ok

17:52:26.0690 5400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:52:26.0706 5400 exfat - ok

17:52:26.0768 5400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:52:26.0768 5400 fastfat - ok

17:52:26.0784 5400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:52:26.0784 5400 fdc - ok

17:52:26.0831 5400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:52:26.0831 5400 FileInfo - ok

17:52:26.0862 5400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:52:26.0878 5400 Filetrace - ok

17:52:26.0893 5400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:52:26.0893 5400 flpydisk - ok

17:52:26.0924 5400 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:52:26.0924 5400 FltMgr - ok

17:52:26.0956 5400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:52:26.0956 5400 FsDepends - ok

17:52:27.0096 5400 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:52:27.0112 5400 Fs_Rec - ok

17:52:27.0221 5400 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:52:27.0221 5400 fvevol - ok

17:52:27.0408 5400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:52:27.0408 5400 gagp30kx - ok

17:52:27.0424 5400 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:52:27.0439 5400 GEARAspiWDM - ok

17:52:27.0470 5400 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys

17:52:27.0470 5400 grmnusb - ok

17:52:27.0658 5400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:52:27.0658 5400 hcw85cir - ok

17:52:27.0767 5400 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

17:52:27.0767 5400 HdAudAddService - ok

17:52:27.0798 5400 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:52:27.0798 5400 HDAudBus - ok

17:52:27.0814 5400 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:52:27.0829 5400 HECIx64 - ok

17:52:27.0829 5400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:52:27.0845 5400 HidBatt - ok

17:52:27.0860 5400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:52:27.0860 5400 HidBth - ok

17:52:27.0938 5400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:52:27.0938 5400 HidIr - ok

17:52:28.0157 5400 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:52:28.0157 5400 HidUsb - ok

17:52:28.0266 5400 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:52:28.0266 5400 HpSAMD - ok

17:52:28.0594 5400 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:52:28.0609 5400 HTTP - ok

17:52:28.0687 5400 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:52:28.0687 5400 hwpolicy - ok

17:52:28.0796 5400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:52:28.0812 5400 i8042prt - ok

17:52:29.0046 5400 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

17:52:29.0046 5400 iaStorV - ok

17:52:29.0514 5400 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:52:29.0561 5400 igfx - ok

17:52:29.0654 5400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:52:29.0654 5400 iirsp - ok

17:52:29.0717 5400 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys

17:52:29.0732 5400 IntcAzAudAddService - ok

17:52:29.0764 5400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:52:29.0764 5400 intelide - ok

17:52:29.0826 5400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:52:29.0842 5400 intelppm - ok

17:52:29.0857 5400 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:52:29.0857 5400 IpFilterDriver - ok

17:52:29.0888 5400 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:52:29.0888 5400 IPMIDRV - ok

17:52:29.0904 5400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:52:29.0920 5400 IPNAT - ok

17:52:29.0951 5400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:52:29.0951 5400 IRENUM - ok

17:52:29.0982 5400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:52:29.0982 5400 isapnp - ok

17:52:29.0998 5400 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:52:30.0013 5400 iScsiPrt - ok

17:52:30.0044 5400 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys

17:52:30.0044 5400 k57nd60a - ok

17:52:30.0091 5400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:52:30.0107 5400 kbdclass - ok

17:52:30.0138 5400 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:52:30.0138 5400 kbdhid - ok

17:52:30.0232 5400 KmxAgent (7594e8799fa212576c93bfdf54583452) C:\Windows\system32\DRIVERS\kmxagent.sys

17:52:30.0232 5400 KmxAgent - ok

17:52:30.0388 5400 KmxAMRT (e5bb08fcf05ef7333be3b5b35295c4c0) C:\Windows\system32\DRIVERS\KmxAMRT.sys

17:52:30.0403 5400 KmxAMRT - ok

17:52:30.0481 5400 KmxCF (54721e47b8350770332128fcffc7a460) C:\Windows\system32\DRIVERS\KmxCF.sys

17:52:30.0497 5400 KmxCF - ok

17:52:30.0544 5400 KmxCfg (174a70fd5367388f6f378cbc6dd723ee) C:\Windows\system32\DRIVERS\kmxcfg.sys

17:52:30.0544 5400 KmxCfg - ok

17:52:30.0559 5400 KmxFile (dc77781ab8cf3043da60187a1511fef6) C:\Windows\system32\DRIVERS\KmxFile.sys

17:52:30.0559 5400 KmxFile - ok

17:52:30.0590 5400 KmxFilter (87da5afc8950ec34d0cddf3438370727) C:\Windows\system32\DRIVERS\KmxFilter.sys

17:52:30.0590 5400 KmxFilter - ok

17:52:30.0653 5400 KmxFw (15260d1b5bb6ba8e5079e758fce88207) C:\Windows\system32\DRIVERS\kmxfw.sys

17:52:30.0668 5400 KmxFw - ok

17:52:30.0700 5400 KmxSbx (9ea56ddeeb080727ff448a0c6e37de08) C:\Windows\system32\DRIVERS\KmxSbx.sys

17:52:30.0700 5400 KmxSbx - ok

17:52:30.0731 5400 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

17:52:30.0746 5400 KSecDD - ok

17:52:30.0778 5400 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

17:52:30.0778 5400 KSecPkg - ok

17:52:30.0809 5400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:52:30.0809 5400 ksthunk - ok

17:52:30.0840 5400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:52:30.0840 5400 lltdio - ok

17:52:30.0918 5400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:52:30.0934 5400 LSI_FC - ok

17:52:30.0980 5400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:52:30.0980 5400 LSI_SAS - ok

17:52:31.0012 5400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:52:31.0027 5400 LSI_SAS2 - ok

17:52:31.0043 5400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:52:31.0058 5400 LSI_SCSI - ok

17:52:31.0121 5400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:52:31.0136 5400 luafv - ok

17:52:31.0308 5400 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

17:52:31.0308 5400 MBAMProtector - ok

17:52:31.0417 5400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:52:31.0433 5400 megasas - ok

17:52:31.0464 5400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:52:31.0464 5400 MegaSR - ok

17:52:31.0511 5400 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\4E6.tmp

17:52:31.0511 5400 MEMSWEEP2 - ok

17:52:31.0558 5400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:52:31.0573 5400 Modem - ok

17:52:31.0604 5400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:52:31.0604 5400 monitor - ok

17:52:31.0620 5400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:52:31.0620 5400 mouclass - ok

17:52:31.0823 5400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:52:31.0823 5400 mouhid - ok

17:52:31.0916 5400 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:52:31.0916 5400 mountmgr - ok

17:52:31.0979 5400 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:52:31.0979 5400 mpio - ok

17:52:31.0994 5400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:52:32.0010 5400 mpsdrv - ok

17:52:32.0026 5400 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:52:32.0026 5400 MRxDAV - ok

17:52:32.0057 5400 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:52:32.0072 5400 mrxsmb - ok

17:52:32.0104 5400 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:52:32.0119 5400 mrxsmb10 - ok

17:52:32.0150 5400 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:52:32.0166 5400 mrxsmb20 - ok

17:52:32.0228 5400 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

17:52:32.0228 5400 msahci - ok

17:52:32.0260 5400 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:52:32.0275 5400 msdsm - ok

17:52:32.0322 5400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:52:32.0322 5400 Msfs - ok

17:52:32.0338 5400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:52:32.0353 5400 mshidkmdf - ok

17:52:32.0384 5400 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys

17:52:32.0384 5400 MSHUSBVideo - ok

17:52:32.0431 5400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:52:32.0447 5400 msisadrv - ok

17:52:32.0494 5400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:52:32.0494 5400 MSKSSRV - ok

17:52:32.0525 5400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:52:32.0525 5400 MSPCLOCK - ok

17:52:32.0540 5400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:52:32.0540 5400 MSPQM - ok

17:52:32.0556 5400 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:52:32.0556 5400 MsRPC - ok

17:52:32.0587 5400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:52:32.0587 5400 mssmbios - ok

17:52:32.0618 5400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:52:32.0618 5400 MSTEE - ok

17:52:32.0650 5400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:52:32.0665 5400 MTConfig - ok

17:52:32.0681 5400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:52:32.0696 5400 Mup - ok

17:52:32.0743 5400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:52:32.0743 5400 NativeWifiP - ok

17:52:32.0774 5400 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:52:32.0790 5400 NDIS - ok

17:52:32.0806 5400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:52:32.0806 5400 NdisCap - ok

17:52:32.0837 5400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:52:32.0837 5400 NdisTapi - ok

17:52:32.0899 5400 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:52:32.0899 5400 Ndisuio - ok

17:52:32.0915 5400 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:52:32.0930 5400 NdisWan - ok

17:52:32.0946 5400 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:52:32.0946 5400 NDProxy - ok

17:52:33.0008 5400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:52:33.0024 5400 NetBIOS - ok

17:52:33.0055 5400 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:52:33.0055 5400 NetBT - ok

17:52:33.0118 5400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:52:33.0133 5400 nfrd960 - ok

17:52:33.0180 5400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:52:33.0196 5400 Npfs - ok

17:52:33.0211 5400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:52:33.0227 5400 nsiproxy - ok

17:52:33.0274 5400 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

17:52:33.0305 5400 Ntfs - ok

17:52:33.0336 5400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:52:33.0352 5400 Null - ok

17:52:33.0398 5400 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

17:52:33.0414 5400 nvraid - ok

17:52:33.0430 5400 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

17:52:33.0445 5400 nvstor - ok

17:52:33.0461 5400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:52:33.0476 5400 nv_agp - ok

17:52:33.0508 5400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:52:33.0523 5400 ohci1394 - ok

17:52:33.0570 5400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:52:33.0586 5400 Parport - ok

17:52:33.0632 5400 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

17:52:33.0648 5400 partmgr - ok

17:52:33.0710 5400 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:52:33.0726 5400 pci - ok

17:52:33.0742 5400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:52:33.0757 5400 pciide - ok

17:52:33.0835 5400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:52:33.0835 5400 pcmcia - ok

17:52:33.0882 5400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:52:33.0882 5400 pcw - ok

17:52:33.0944 5400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:52:33.0960 5400 PEAUTH - ok

17:52:34.0069 5400 pmxdrv (34bfc6ed31b4e8be940c884b8ac7d9df) C:\Windows\system32\drivers\pmxdrv.sys

17:52:34.0085 5400 pmxdrv - ok

17:52:34.0132 5400 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys

17:52:34.0147 5400 Point64 - ok

17:52:34.0210 5400 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:52:34.0225 5400 PptpMiniport - ok

17:52:34.0256 5400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:52:34.0256 5400 Processor - ok

17:52:34.0303 5400 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:52:34.0303 5400 Psched - ok

17:52:34.0366 5400 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:52:34.0381 5400 PxHlpa64 - ok

17:52:34.0444 5400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:52:34.0475 5400 ql2300 - ok

17:52:34.0490 5400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:52:34.0490 5400 ql40xx - ok

17:52:34.0553 5400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:52:34.0553 5400 QWAVEdrv - ok

17:52:34.0568 5400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:52:34.0568 5400 RasAcd - ok

17:52:34.0631 5400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:52:34.0631 5400 RasAgileVpn - ok

17:52:34.0646 5400 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:52:34.0662 5400 Rasl2tp - ok

17:52:34.0693 5400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:52:34.0693 5400 RasPppoe - ok

17:52:34.0740 5400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:52:34.0740 5400 RasSstp - ok

17:52:34.0865 5400 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:52:34.0880 5400 rdbss - ok

17:52:35.0005 5400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:52:35.0021 5400 rdpbus - ok

17:52:35.0068 5400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:52:35.0068 5400 RDPCDD - ok

17:52:35.0114 5400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:52:35.0114 5400 RDPENCDD - ok

17:52:35.0146 5400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:52:35.0161 5400 RDPREFMP - ok

17:52:35.0177 5400 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

17:52:35.0192 5400 RDPWD - ok

17:52:35.0208 5400 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:52:35.0239 5400 rdyboost - ok

17:52:35.0270 5400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:52:35.0270 5400 rspndr - ok

17:52:35.0302 5400 SAVRKBootTasks - ok

17:52:35.0333 5400 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:52:35.0348 5400 sbp2port - ok

17:52:35.0364 5400 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:52:35.0380 5400 scfilter - ok

17:52:35.0426 5400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:52:35.0442 5400 secdrv - ok

17:52:35.0489 5400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:52:35.0504 5400 Serenum - ok

17:52:35.0536 5400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:52:35.0536 5400 Serial - ok

17:52:35.0629 5400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:52:35.0645 5400 sermouse - ok

17:52:35.0660 5400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:52:35.0676 5400 sffdisk - ok

17:52:35.0692 5400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:52:35.0692 5400 sffp_mmc - ok

17:52:35.0723 5400 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:52:35.0738 5400 sffp_sd - ok

17:52:35.0785 5400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:52:35.0785 5400 sfloppy - ok

17:52:36.0035 5400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:52:36.0066 5400 SiSRaid2 - ok

17:52:36.0082 5400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:52:36.0097 5400 SiSRaid4 - ok

17:52:36.0175 5400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:52:36.0191 5400 Smb - ok

17:52:36.0222 5400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:52:36.0238 5400 spldr - ok

17:52:36.0316 5400 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

17:52:36.0331 5400 srv - ok

17:52:36.0362 5400 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

17:52:36.0378 5400 srv2 - ok

17:52:36.0440 5400 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

17:52:36.0456 5400 srvnet - ok

17:52:36.0503 5400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:52:36.0503 5400 stexstor - ok

17:52:36.0534 5400 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

17:52:36.0534 5400 StillCam - ok

17:52:36.0596 5400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:52:36.0612 5400 swenum - ok

17:52:36.0721 5400 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys

17:52:36.0752 5400 Tcpip - ok

17:52:37.0096 5400 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys

17:52:37.0111 5400 TCPIP6 - ok

17:52:37.0189 5400 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:52:37.0189 5400 tcpipreg - ok

17:52:37.0220 5400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:52:37.0236 5400 TDPIPE - ok

17:52:37.0252 5400 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:52:37.0252 5400 TDTCP - ok

17:52:37.0283 5400 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:52:37.0298 5400 tdx - ok

17:52:37.0298 5400 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:52:37.0314 5400 TermDD - ok

17:52:37.0376 5400 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:52:37.0392 5400 tssecsrv - ok

17:52:37.0423 5400 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:52:37.0423 5400 tunnel - ok

17:52:37.0470 5400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:52:37.0486 5400 uagp35 - ok

17:52:37.0548 5400 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

17:52:37.0548 5400 udfs - ok

17:52:37.0626 5400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:52:37.0626 5400 uliagpkx - ok

17:52:37.0688 5400 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:52:37.0704 5400 umbus - ok

17:52:37.0735 5400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:52:37.0735 5400 UmPass - ok

17:52:37.0798 5400 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

17:52:37.0813 5400 USBAAPL64 - ok

17:52:38.0203 5400 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

17:52:38.0203 5400 usbaudio - ok

17:52:38.0344 5400 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

17:52:38.0359 5400 usbccgp - ok

17:52:38.0500 5400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:52:38.0515 5400 usbcir - ok

17:52:38.0593 5400 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

17:52:38.0609 5400 usbehci - ok

17:52:38.0734 5400 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

17:52:38.0749 5400 usbhub - ok

17:52:38.0858 5400 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

17:52:38.0874 5400 usbohci - ok

17:52:39.0108 5400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:52:39.0124 5400 usbprint - ok

17:52:39.0311 5400 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

17:52:39.0326 5400 USBSTOR - ok

17:52:39.0420 5400 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

17:52:39.0436 5400 usbuhci - ok

17:52:39.0545 5400 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

17:52:39.0545 5400 usbvideo - ok

17:52:39.0763 5400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:52:39.0779 5400 vdrvroot - ok

17:52:39.0935 5400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:52:39.0935 5400 vga - ok

17:52:40.0122 5400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:52:40.0138 5400 VgaSave - ok

17:52:40.0294 5400 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:52:40.0294 5400 vhdmp - ok

17:52:40.0387 5400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:52:40.0403 5400 viaide - ok

17:52:40.0481 5400 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:52:40.0481 5400 volmgr - ok

17:52:40.0606 5400 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:52:40.0606 5400 volmgrx - ok

17:52:40.0715 5400 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:52:40.0730 5400 volsnap - ok

17:52:40.0996 5400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:52:41.0011 5400 vsmraid - ok

17:52:41.0261 5400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

17:52:41.0276 5400 vwifibus - ok

17:52:41.0354 5400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:52:41.0386 5400 WacomPen - ok

17:52:41.0542 5400 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:52:41.0573 5400 WANARP - ok

17:52:41.0635 5400 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:52:41.0651 5400 Wanarpv6 - ok

17:52:41.0729 5400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:52:41.0744 5400 Wd - ok

17:52:41.0791 5400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:52:41.0807 5400 Wdf01000 - ok

17:52:41.0869 5400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:52:41.0885 5400 WfpLwf - ok

17:52:41.0932 5400 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

17:52:41.0932 5400 WimFltr - ok

17:52:41.0947 5400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:52:41.0963 5400 WIMMount - ok

17:52:42.0088 5400 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

17:52:42.0119 5400 WinUsb - ok

17:52:42.0228 5400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:52:42.0259 5400 WmiAcpi - ok

17:52:42.0337 5400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:52:42.0353 5400 ws2ifsl - ok

17:52:42.0384 5400 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

17:52:42.0400 5400 WSDPrintDevice - ok

17:52:42.0431 5400 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

17:52:42.0446 5400 WudfPf - ok

17:52:42.0478 5400 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:52:42.0493 5400 WUDFRd - ok

17:52:42.0509 5400 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

17:52:42.0509 5400 \Device\Harddisk0\DR0 - ok

17:52:42.0524 5400 Boot (0x1200) (faf20eb1cf2d88d2dc19c8218c78212e) \Device\Harddisk0\DR0\Partition0

17:52:42.0524 5400 \Device\Harddisk0\DR0\Partition0 - ok

17:52:42.0540 5400 Boot (0x1200) (c00602f3b4e7d3d865e0f4cdab12210c) \Device\Harddisk0\DR0\Partition1

17:52:42.0540 5400 \Device\Harddisk0\DR0\Partition1 - ok

17:52:42.0540 5400 ============================================================

17:52:42.0540 5400 Scan finished

17:52:42.0540 5400 ============================================================

17:52:42.0540 5388 Detected object count: 0

17:52:42.0556 5388 Actual detected object count: 0

Link to post
Share on other sites
Kenny94

Kenny94

Posted
Posted

Hi again Diane,

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply.
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Hi Kenny,

Followed your instruction in the last post. Combofix seemed to run well, but very slowly.

Thanks again..

Diane

Below are is the Combofix results:

ComboFix 11-11-08.02 - DAVIS 11/08/2011 20:36:27.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1763 [GMT -5:00]

Running from: c:\users\DAVIS\Desktop\ComboFix.exe

AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}

FW: CA Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}

SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\DAVIS\AppData\Local\ie_runner_app.exe

c:\users\DAVIS\Documents\~WRL0003.tmp

c:\users\DAVIS\Documents\~WRL0757.tmp

c:\users\DAVIS\g2mdlhlpx.exe

c:\users\DAVIS\GoToAssistDownloadHelper.exe

c:\windows\system32\jucheck.exe

c:\windows\system32\jusched.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

.

.

2011-11-09 03:12 . 2011-11-09 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-05 14:11 . 2011-11-05 14:11 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-02 02:42 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\4E6.tmp

2011-11-02 02:42 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\8D46.tmp

2011-11-01 00:59 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\B940.tmp

2011-10-31 23:53 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\96D5.tmp

2011-10-31 23:53 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\F8A3.tmp

2011-10-31 02:18 . 2011-05-12 18:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys

2011-10-31 00:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\2B57.tmp

2011-10-31 00:41 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\C6D9.tmp

2011-10-31 00:41 . 2011-10-31 00:41 -------- d-----w- c:\program files (x86)\Sophos

2011-10-30 20:53 . 2011-10-30 20:53 -------- d-----w- c:\users\DAVIS\AppData\Roaming\Malwarebytes

2011-10-30 20:52 . 2011-10-30 20:52 -------- d-----w- c:\programdata\Malwarebytes

2011-10-30 20:52 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-30 20:52 . 2011-10-30 20:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-30 19:03 . 2011-10-30 19:02 99024 ----a-w- c:\windows\system32\drivers\KmxFilter.sys

2011-10-30 19:03 . 2011-10-30 19:02 143824 ----a-w- c:\windows\system32\drivers\KmxFw.sys

2011-10-30 19:03 . 2011-10-30 19:02 202320 ----a-w- c:\windows\system32\drivers\KmxCF.sys

2011-10-30 18:41 . 2011-07-02 05:30 1422672 ----a-w- c:\windows\SysWow64\cfgmig32.dll

2011-10-30 18:41 . 2011-07-02 05:30 1422672 ----a-w- c:\windows\system32\cfgmig32.dll

2011-10-30 18:41 . 2011-07-02 05:30 263504 ----a-w- c:\windows\SysWow64\cfgmig32.exe

2011-10-30 18:41 . 2011-05-30 08:12 257872 ----a-w- c:\windows\system32\isafprod64.dll

2011-10-30 18:41 . 2011-05-30 08:12 206160 ----a-w- c:\windows\SysWow64\Isafprod.dll

2011-10-30 18:41 . 2011-05-30 08:12 95568 ----a-w- c:\windows\SysWow64\Vetredir.dll

2011-10-30 18:41 . 2011-05-30 08:12 103760 ----a-w- c:\windows\system32\Vetredir64.dll

2011-10-30 18:41 . 2011-05-30 08:12 141136 ----a-w- c:\windows\system32\Isafeif64.dll

2011-10-30 18:41 . 2011-05-30 08:12 128336 ----a-w- c:\windows\SysWow64\Isafeif.dll

2011-10-30 18:41 . 2011-10-30 18:41 -------- d-----w- c:\program files (x86)\CA

2011-10-30 18:40 . 2011-06-29 18:20 3207184 ----a-w- c:\windows\system32\mdmcls32.exe

2011-10-30 18:40 . 2011-10-30 18:40 2524176 ----a-w- c:\windows\system32\winsflt.dll

2011-10-30 18:40 . 2011-10-30 18:40 1744912 ----a-w- c:\windows\SysWow64\winsflt.dll

2011-10-30 18:40 . 2011-06-29 18:27 2760720 ----a-w- c:\windows\SysWow64\svcprs32.exe

2011-10-30 18:40 . 2011-06-29 18:22 4108304 ----a-w- c:\windows\SysWow64\win32cpr.dll

2011-10-30 18:40 . 2011-06-29 18:23 289296 ----a-w- c:\windows\system32\winsfinst.exe

2011-10-30 18:40 . 2011-06-29 18:23 98320 ----a-w- c:\windows\SysWow64\winsfinst.exe

2011-10-30 18:40 . 2011-06-29 18:20 3207184 ----a-w- c:\windows\SysWow64\mdmcls32.exe

2011-10-30 18:40 . 2011-06-29 17:53 2990096 ----a-w- c:\windows\SysWow64\winsflte.dll

2011-10-30 18:40 . 2011-10-30 18:40 -------- d-----w- c:\windows\rnapxs

2011-10-30 18:40 . 2002-01-01 18:02 7440 ----a-w- c:\windows\SysWow64\sporder.dll

2011-10-30 18:40 . 2011-10-30 18:40 -------- d-----w- c:\program files\ISSThirdParty

2011-10-30 18:39 . 2011-10-30 18:41 -------- d-----w- c:\program files\CA

2011-10-30 18:38 . 2011-10-30 19:47 -------- d-----w- c:\programdata\CA

2011-10-30 18:31 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8AB455D-00D4-40F0-82EB-FAA9310E9FC8}\mpengine.dll

2011-10-30 17:44 . 2011-10-30 17:44 -------- d-----we c:\windows\system64

2011-10-22 23:07 . 2011-10-30 18:25 -------- d-----w- c:\users\DAVIS\AppData\Local\HandBrake

2011-10-22 23:07 . 2011-10-23 01:13 -------- d-----w- c:\users\DAVIS\AppData\Roaming\HandBrake

2011-10-22 23:07 . 2011-10-30 18:25 -------- d-----w- c:\program files (x86)\Handbrake

2011-10-21 11:48 . 2011-10-21 11:48 -------- d-----w- c:\windows\Sun

2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-10-17 22:33 . 2011-10-17 22:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-10-17 22:33 . 2011-10-30 18:25 -------- d-----w- c:\program files (x86)\QuickTime

2011-10-16 19:55 . 2011-10-16 19:55 -------- d-----w- c:\users\DAVIS\AppData\Local\PhotoChannel

2011-10-16 18:28 . 2011-10-16 18:28 -------- d-----w- c:\users\DAVIS\AppData\Local\LEGO Software

2011-10-16 18:14 . 2011-10-16 18:14 -------- d-----w- c:\users\DAVIS\AppData\Local\Chromium

2011-10-16 18:13 . 2011-10-30 18:12 -------- d-----w- c:\program files (x86)\LEGO Software

2011-10-16 16:25 . 2011-10-16 16:27 -------- d-----w- c:\programdata\xml_param

2011-10-16 15:59 . 2010-11-19 22:04 892928 ----a-w- c:\windows\SysWow64\iconv.dll

2011-10-16 15:59 . 2010-11-19 22:04 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax

2011-10-16 15:59 . 2010-11-19 22:04 496640 ----a-w- c:\windows\SysWow64\xvid.ax

2011-10-16 15:59 . 2011-10-16 16:35 -------- d-----w- c:\program files (x86)\Aimersoft

2011-10-16 15:58 . 2011-10-30 18:26 -------- d-----w- c:\users\DAVIS\AppData\Roaming\GetRightToGo

2011-10-15 15:46 . 2011-10-30 18:25 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-10-12 22:07 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Upromise Update"="c:\program files (x86)\Upromise\dca-ua.exe" [2011-08-04 267584]

"Upromise Tray"="c:\program files (x86)\Upromise\UpromiseTray.exe" [2011-09-02 279896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2011-06-14 392280]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]

.

c:\users\DAVIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

2011-02-24 18:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 136176]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4E6.tmp [x]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x]

S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x]

S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x]

S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [x]

S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-10-30 291656]

S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-07-02 286032]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [x]

S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]

S2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S2 WinSvchostManagerSrv;WinSvchostManagerSrv;c:\windows\SysWOW64\cfgmig32.exe [2011-07-02 263504]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 25006874

*NewlyCreated* - 94707594

*Deregistered* - 25006874

*Deregistered* - 94707594

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 14:23]

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-25 14:23]

.

2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1758657375-272815811-3335950887-1001Core.job

- c:\users\DAVIS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 15:23]

.

2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1758657375-272815811-3335950887-1001UA.job

- c:\users\DAVIS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 15:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-01-07 2307448]

"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-07-02 2658128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-01-22 18240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\VetRedir.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\4E6.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-08 22:35:03

ComboFix-quarantined-files.txt 2011-11-09 03:34

.

Pre-Run: 219,276,775,424 bytes free

Post-Run: 220,418,772,992 bytes free

.

- - End Of File - - CDE1A632FEECECB409FA844006C00DE9

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Kenny,

Additional info. I went to re-enable my anti-virus software (CA Security Suite) and receive an error "Illegal operation attempted on a registry key that has been marked for deletion"...Get the same for many items in my start list and program list.

I am not turning off the PC, but will disconnect from the network until I hear back from you.

Thanks,

Diane

Link to post
Share on other sites
Kenny94

Kenny94

Posted
Posted
I went to re-enable my anti-virus software (CA Security Suite) and receive an error "Illegal operation attempted on a registry key that has been marked for deletion"...

You need to restart your PC. Then check for search redirections? Also, are you on a router with this PC?

Link to post
Share on other sites
Kenny94

Kenny94

Posted
Posted

Router Reset

  • Please read this: Malware Silently Alters Wireless Router Settings
    Your Router seems to be infected as well Diane. Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
    1. Very important: First disconnect your computers from the Internet.
    2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).
    3. Flush the DNS cache:
    • Click the Start logo in the bottom left corner of the screen
    • Click on Run
    • In the command window copy/paste the following:
      ipconfig /flushdns


    • Then hit enter.
    • Exit the command window.

    Reconnect your PC. Then do the following:

    Next

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on: EOLS1.gif
    • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology

    [*]Now click on: EOLS3.gif

    [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

    [*]When completed the Online Scan will begin automatically.

    [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

    [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

    [*]Now click on: EOLS4.gif

    [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    [*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Hi Kenny,

I will continue with your latest instructions.. just fyi, I have several devices using the router, only one desktop seems to be infected. Not sure it that helps you or not, but figured I pass it along. Will post newest results shortly.

Thanks again.

D-

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Hi.

-Reset the router as instructed. No change.

The ESET scan results follow:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=39baafd916711e4e88295f60d2ffc8d4

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-11-09 07:37:27

# local_time=2011-11-09 02:37:27 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 0 72402121 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=229320

# found=3

# cleaned=0

# scan_time=8775

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I

C:\Users\DAVIS\Desktop\SoftonicDownloader_for_kaspersky-tdsskiller.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Thanks,

Diane

Link to post
Share on other sites
Kenny94

Kenny94

Posted
Posted

The files found by ESET scan are nothing to worry about. They are legit as they are false positive.

I like to run another rootkit scan. As your PC is still experiencing the redirects at this point.

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan-1.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log.

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Here is the aswMBR scan.. It warned of rootkit infection right way, and did not appear to finish completely. Let me know if I need to rescan, etc..

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-09 15:42:50

-----------------------------

15:42:50.969 OS Version: Windows x64 6.1.7600

15:42:50.969 Number of processors: 4 586 0x2502

15:42:50.969 ComputerName: DAVIS-PC UserName: DAVIS

15:42:52.934 Initialize success

15:44:02.261 AVAST engine defs: 11110901

15:44:14.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

15:44:14.725 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3

15:44:16.753 Disk 0 MBR read successfully

15:44:16.753 Disk 0 MBR scan

15:44:17.003 Disk 0 TDL4@MBR code has been found

15:44:17.003 Disk 0 MBR hidden

15:44:17.003 Disk 0 MBR [TDL4] **ROOTKIT**

15:44:17.018 Service scanning

15:44:20.528 Modules scanning

15:44:20.528 Disk 0 trace - called modules:

15:44:20.544 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004e0c334]<<

15:44:20.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004df5060]

15:44:20.560 3 CLASSPNP.SYS[fffff8800193343f] -> nt!IofCallDriver -> [0xfffffa8003ad8e40]

15:44:21.074 5 ACPI.sys[fffff88000f6a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048fa060]

15:44:21.074 \Driver\atapi[0xfffffa80048f1e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004e0c334

15:44:22.775 AVAST engine scan C:\Windows

15:44:25.427 AVAST engine scan C:\Windows\system32

15:46:14.787 AVAST engine scan C:\Windows\system32\drivers

15:46:28.688 AVAST engine scan C:\Users\DAVIS

15:49:39.806 Disk 0 MBR has been saved successfully to "C:\Users\DAVIS\Desktop\MBR.dat"

15:49:39.821 The log file has been saved successfully to "C:\Users\DAVIS\Desktop\aswMBR.txt"

Link to post
Share on other sites
Kenny94

Kenny94

Posted
Posted

Your PC is showing there's a TDL4 rootkit variant. We need to do a two step approach for removal.

Re-run aswMBR.exe

  • Click [scan]
  • On completion of the scan
  • Click the [Fix] for TDL4 (MBRoot):

aswMBR3.png

Once you are done with that, please do the following:

Remove the TDSSKiller icon off of your desktop and download it again.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

In your next reply, please include these log(s):

1.aswMBR log

2.TDSSKiller log

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Log from fresh download of TDSSkiller.

Thanks!

17:14:52.0941 3036 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51

17:14:53.0159 3036 ============================================================

17:14:53.0159 3036 Current date / time: 2011/11/09 17:14:53.0159

17:14:53.0159 3036 SystemInfo:

17:14:53.0159 3036

17:14:53.0159 3036 OS Version: 6.1.7600 ServicePack: 0.0

17:14:53.0159 3036 Product type: Workstation

17:14:53.0159 3036 ComputerName: DAVIS-PC

17:14:53.0175 3036 UserName: DAVIS

17:14:53.0175 3036 Windows directory: C:\Windows

17:14:53.0175 3036 System windows directory: C:\Windows

17:14:53.0175 3036 Running under WOW64

17:14:53.0175 3036 Processor architecture: Intel x64

17:14:53.0175 3036 Number of processors: 4

17:14:53.0175 3036 Page size: 0x1000

17:14:53.0175 3036 Boot type: Normal boot

17:14:53.0175 3036 ============================================================

17:14:54.0454 3036 Initialize success

17:14:56.0638 1852 ============================================================

17:14:56.0638 1852 Scan started

17:14:56.0638 1852 Mode: Manual;

17:14:56.0638 1852 ============================================================

17:14:58.0167 1852 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

17:14:58.0167 1852 1394ohci - ok

17:14:58.0213 1852 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

17:14:58.0213 1852 ACPI - ok

17:14:58.0229 1852 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:14:58.0245 1852 AcpiPmi - ok

17:14:58.0307 1852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:14:58.0323 1852 adp94xx - ok

17:14:58.0338 1852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:14:58.0354 1852 adpahci - ok

17:14:58.0369 1852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:14:58.0385 1852 adpu320 - ok

17:14:58.0463 1852 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

17:14:58.0479 1852 AFD - ok

17:14:58.0494 1852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:14:58.0494 1852 agp440 - ok

17:14:58.0525 1852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:14:58.0525 1852 aliide - ok

17:14:58.0557 1852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:14:58.0557 1852 amdide - ok

17:14:58.0588 1852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:14:58.0588 1852 AmdK8 - ok

17:14:58.0603 1852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:14:58.0603 1852 AmdPPM - ok

17:14:58.0619 1852 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

17:14:58.0650 1852 amdsata - ok

17:14:58.0666 1852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:14:58.0681 1852 amdsbs - ok

17:14:58.0697 1852 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

17:14:58.0697 1852 amdxata - ok

17:14:58.0744 1852 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:14:58.0775 1852 AppID - ok

17:14:58.0806 1852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:14:58.0822 1852 arc - ok

17:14:58.0853 1852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:14:58.0869 1852 arcsas - ok

17:14:58.0900 1852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:14:58.0915 1852 AsyncMac - ok

17:14:58.0947 1852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:14:58.0962 1852 atapi - ok

17:14:59.0009 1852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:14:59.0009 1852 b06bdrv - ok

17:14:59.0071 1852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:14:59.0071 1852 b57nd60a - ok

17:14:59.0087 1852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:14:59.0103 1852 Beep - ok

17:14:59.0149 1852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:14:59.0149 1852 blbdrive - ok

17:14:59.0212 1852 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:14:59.0212 1852 bowser - ok

17:14:59.0259 1852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:14:59.0274 1852 BrFiltLo - ok

17:14:59.0290 1852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:14:59.0290 1852 BrFiltUp - ok

17:14:59.0305 1852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:14:59.0305 1852 Brserid - ok

17:14:59.0321 1852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:14:59.0337 1852 BrSerWdm - ok

17:14:59.0337 1852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:14:59.0352 1852 BrUsbMdm - ok

17:14:59.0368 1852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:14:59.0368 1852 BrUsbSer - ok

17:14:59.0383 1852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:14:59.0399 1852 BTHMODEM - ok

17:14:59.0571 1852 catchme - ok

17:14:59.0649 1852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:14:59.0664 1852 cdfs - ok

17:14:59.0695 1852 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:14:59.0695 1852 cdrom - ok

17:14:59.0758 1852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:14:59.0758 1852 circlass - ok

17:14:59.0851 1852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:14:59.0867 1852 CLFS - ok

17:14:59.0898 1852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:14:59.0914 1852 CmBatt - ok

17:14:59.0945 1852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:14:59.0945 1852 cmdide - ok

17:14:59.0992 1852 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

17:14:59.0992 1852 CNG - ok

17:15:00.0023 1852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:15:00.0023 1852 Compbatt - ok

17:15:00.0039 1852 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:15:00.0039 1852 CompositeBus - ok

17:15:00.0070 1852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:15:00.0070 1852 crcdisk - ok

17:15:00.0101 1852 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys

17:15:00.0117 1852 dc3d - ok

17:15:00.0195 1852 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

17:15:00.0210 1852 DfsC - ok

17:15:00.0241 1852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:15:00.0241 1852 discache - ok

17:15:00.0273 1852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:15:00.0273 1852 Disk - ok

17:15:00.0335 1852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:15:00.0351 1852 drmkaud - ok

17:15:00.0397 1852 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

17:15:00.0429 1852 DXGKrnl - ok

17:15:00.0522 1852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:15:00.0585 1852 ebdrv - ok

17:15:00.0663 1852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:15:00.0694 1852 elxstor - ok

17:15:00.0709 1852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:15:00.0709 1852 ErrDev - ok

17:15:00.0772 1852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:15:00.0787 1852 exfat - ok

17:15:00.0803 1852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:15:00.0819 1852 fastfat - ok

17:15:00.0865 1852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:15:00.0881 1852 fdc - ok

17:15:00.0912 1852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:15:00.0928 1852 FileInfo - ok

17:15:00.0943 1852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:15:00.0943 1852 Filetrace - ok

17:15:00.0959 1852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:15:00.0975 1852 flpydisk - ok

17:15:00.0990 1852 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:15:01.0006 1852 FltMgr - ok

17:15:01.0021 1852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:15:01.0037 1852 FsDepends - ok

17:15:01.0068 1852 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:15:01.0068 1852 Fs_Rec - ok

17:15:01.0115 1852 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:15:01.0115 1852 fvevol - ok

17:15:01.0162 1852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:15:01.0162 1852 gagp30kx - ok

17:15:01.0193 1852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:15:01.0209 1852 GEARAspiWDM - ok

17:15:01.0240 1852 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys

17:15:01.0255 1852 grmnusb - ok

17:15:01.0380 1852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:15:01.0396 1852 hcw85cir - ok

17:15:01.0427 1852 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

17:15:01.0427 1852 HdAudAddService - ok

17:15:01.0474 1852 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:15:01.0474 1852 HDAudBus - ok

17:15:01.0489 1852 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:15:01.0521 1852 HECIx64 - ok

17:15:01.0552 1852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:15:01.0552 1852 HidBatt - ok

17:15:01.0567 1852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:15:01.0583 1852 HidBth - ok

17:15:01.0614 1852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:15:01.0630 1852 HidIr - ok

17:15:01.0677 1852 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:15:01.0677 1852 HidUsb - ok

17:15:01.0708 1852 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:15:01.0708 1852 HpSAMD - ok

17:15:01.0739 1852 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:15:01.0755 1852 HTTP - ok

17:15:01.0770 1852 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:15:01.0770 1852 hwpolicy - ok

17:15:01.0786 1852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:15:01.0801 1852 i8042prt - ok

17:15:01.0817 1852 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

17:15:01.0833 1852 iaStorV - ok

17:15:02.0035 1852 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:15:02.0223 1852 igfx - ok

17:15:02.0254 1852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:15:02.0269 1852 iirsp - ok

17:15:02.0363 1852 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys

17:15:02.0410 1852 IntcAzAudAddService - ok

17:15:02.0425 1852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:15:02.0441 1852 intelide - ok

17:15:02.0472 1852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:15:02.0488 1852 intelppm - ok

17:15:02.0503 1852 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:15:02.0519 1852 IpFilterDriver - ok

17:15:02.0535 1852 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:15:02.0550 1852 IPMIDRV - ok

17:15:02.0566 1852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:15:02.0566 1852 IPNAT - ok

17:15:02.0613 1852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:15:02.0613 1852 IRENUM - ok

17:15:02.0644 1852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:15:02.0644 1852 isapnp - ok

17:15:02.0659 1852 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:15:02.0675 1852 iScsiPrt - ok

17:15:02.0691 1852 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys

17:15:02.0706 1852 k57nd60a - ok

17:15:02.0737 1852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:15:02.0737 1852 kbdclass - ok

17:15:02.0769 1852 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:15:02.0769 1852 kbdhid - ok

17:15:02.0831 1852 KmxAgent (7594e8799fa212576c93bfdf54583452) C:\Windows\system32\DRIVERS\kmxagent.sys

17:15:02.0831 1852 KmxAgent - ok

17:15:02.0862 1852 KmxAMRT (e5bb08fcf05ef7333be3b5b35295c4c0) C:\Windows\system32\DRIVERS\KmxAMRT.sys

17:15:02.0878 1852 KmxAMRT - ok

17:15:02.0925 1852 KmxCF (54721e47b8350770332128fcffc7a460) C:\Windows\system32\DRIVERS\KmxCF.sys

17:15:02.0956 1852 KmxCF - ok

17:15:03.0003 1852 KmxCfg (174a70fd5367388f6f378cbc6dd723ee) C:\Windows\system32\DRIVERS\kmxcfg.sys

17:15:03.0018 1852 KmxCfg - ok

17:15:03.0065 1852 KmxFile (dc77781ab8cf3043da60187a1511fef6) C:\Windows\system32\DRIVERS\KmxFile.sys

17:15:03.0081 1852 KmxFile - ok

17:15:03.0127 1852 KmxFilter (87da5afc8950ec34d0cddf3438370727) C:\Windows\system32\DRIVERS\KmxFilter.sys

17:15:03.0127 1852 KmxFilter - ok

17:15:03.0143 1852 KmxFw (15260d1b5bb6ba8e5079e758fce88207) C:\Windows\system32\DRIVERS\kmxfw.sys

17:15:03.0159 1852 KmxFw - ok

17:15:03.0174 1852 KmxSbx (9ea56ddeeb080727ff448a0c6e37de08) C:\Windows\system32\DRIVERS\KmxSbx.sys

17:15:03.0221 1852 KmxSbx - ok

17:15:03.0283 1852 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

17:15:03.0283 1852 KSecDD - ok

17:15:03.0330 1852 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

17:15:03.0346 1852 KSecPkg - ok

17:15:03.0361 1852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:15:03.0377 1852 ksthunk - ok

17:15:03.0408 1852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:15:03.0424 1852 lltdio - ok

17:15:03.0517 1852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:15:03.0549 1852 LSI_FC - ok

17:15:03.0580 1852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:15:03.0595 1852 LSI_SAS - ok

17:15:03.0595 1852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:15:03.0611 1852 LSI_SAS2 - ok

17:15:03.0642 1852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:15:03.0673 1852 LSI_SCSI - ok

17:15:03.0720 1852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:15:03.0736 1852 luafv - ok

17:15:03.0783 1852 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

17:15:03.0798 1852 MBAMProtector - ok

17:15:03.0861 1852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:15:03.0876 1852 megasas - ok

17:15:03.0907 1852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:15:03.0923 1852 MegaSR - ok

17:15:03.0954 1852 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\4E6.tmp

17:15:03.0970 1852 MEMSWEEP2 - ok

17:15:04.0001 1852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:15:04.0032 1852 Modem - ok

17:15:04.0048 1852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:15:04.0063 1852 monitor - ok

17:15:04.0079 1852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:15:04.0095 1852 mouclass - ok

17:15:04.0110 1852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:15:04.0126 1852 mouhid - ok

17:15:04.0173 1852 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:15:04.0173 1852 mountmgr - ok

17:15:04.0219 1852 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:15:04.0235 1852 mpio - ok

17:15:04.0251 1852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:15:04.0251 1852 mpsdrv - ok

17:15:04.0266 1852 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:15:04.0282 1852 MRxDAV - ok

17:15:04.0313 1852 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:15:04.0329 1852 mrxsmb - ok

17:15:04.0375 1852 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:15:04.0391 1852 mrxsmb10 - ok

17:15:04.0438 1852 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:15:04.0453 1852 mrxsmb20 - ok

17:15:04.0485 1852 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

17:15:04.0516 1852 msahci - ok

17:15:04.0547 1852 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:15:04.0563 1852 msdsm - ok

17:15:04.0609 1852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:15:04.0609 1852 Msfs - ok

17:15:04.0625 1852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:15:04.0641 1852 mshidkmdf - ok

17:15:04.0656 1852 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys

17:15:04.0672 1852 MSHUSBVideo - ok

17:15:04.0719 1852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:15:04.0719 1852 msisadrv - ok

17:15:04.0750 1852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:15:04.0750 1852 MSKSSRV - ok

17:15:04.0765 1852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:15:04.0781 1852 MSPCLOCK - ok

17:15:04.0781 1852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:15:04.0797 1852 MSPQM - ok

17:15:04.0812 1852 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:15:04.0828 1852 MsRPC - ok

17:15:04.0843 1852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:15:04.0843 1852 mssmbios - ok

17:15:04.0859 1852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:15:04.0875 1852 MSTEE - ok

17:15:04.0906 1852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:15:04.0937 1852 MTConfig - ok

17:15:04.0953 1852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:15:04.0968 1852 Mup - ok

17:15:04.0999 1852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:15:05.0031 1852 NativeWifiP - ok

17:15:05.0062 1852 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:15:05.0093 1852 NDIS - ok

17:15:05.0109 1852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:15:05.0124 1852 NdisCap - ok

17:15:05.0155 1852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:15:05.0171 1852 NdisTapi - ok

17:15:05.0171 1852 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:15:05.0187 1852 Ndisuio - ok

17:15:05.0218 1852 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:15:05.0218 1852 NdisWan - ok

17:15:05.0233 1852 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:15:05.0249 1852 NDProxy - ok

17:15:05.0280 1852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:15:05.0296 1852 NetBIOS - ok

17:15:05.0311 1852 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:15:05.0311 1852 NetBT - ok

17:15:05.0358 1852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:15:05.0389 1852 nfrd960 - ok

17:15:05.0405 1852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:15:05.0421 1852 Npfs - ok

17:15:05.0436 1852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:15:05.0452 1852 nsiproxy - ok

17:15:05.0514 1852 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

17:15:05.0561 1852 Ntfs - ok

17:15:05.0592 1852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:15:05.0608 1852 Null - ok

17:15:05.0686 1852 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

17:15:05.0701 1852 nvraid - ok

17:15:05.0842 1852 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

17:15:05.0873 1852 nvstor - ok

17:15:05.0920 1852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:15:05.0935 1852 nv_agp - ok

17:15:05.0951 1852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:15:05.0967 1852 ohci1394 - ok

17:15:06.0013 1852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:15:06.0029 1852 Parport - ok

17:15:06.0060 1852 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

17:15:06.0091 1852 partmgr - ok

17:15:06.0138 1852 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:15:06.0154 1852 pci - ok

17:15:06.0169 1852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:15:06.0185 1852 pciide - ok

17:15:06.0201 1852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:15:06.0216 1852 pcmcia - ok

17:15:06.0232 1852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:15:06.0232 1852 pcw - ok

17:15:06.0263 1852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:15:06.0279 1852 PEAUTH - ok

17:15:06.0325 1852 pmxdrv (34bfc6ed31b4e8be940c884b8ac7d9df) C:\Windows\system32\drivers\pmxdrv.sys

17:15:06.0341 1852 pmxdrv - ok

17:15:06.0403 1852 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys

17:15:06.0435 1852 Point64 - ok

17:15:06.0450 1852 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:15:06.0466 1852 PptpMiniport - ok

17:15:06.0481 1852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:15:06.0497 1852 Processor - ok

17:15:06.0528 1852 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:15:06.0544 1852 Psched - ok

17:15:06.0575 1852 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:15:06.0575 1852 PxHlpa64 - ok

17:15:06.0606 1852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:15:06.0653 1852 ql2300 - ok

17:15:06.0669 1852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:15:06.0684 1852 ql40xx - ok

17:15:06.0700 1852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:15:06.0700 1852 QWAVEdrv - ok

17:15:06.0715 1852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:15:06.0731 1852 RasAcd - ok

17:15:06.0778 1852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:15:06.0778 1852 RasAgileVpn - ok

17:15:06.0793 1852 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:15:06.0809 1852 Rasl2tp - ok

17:15:06.0840 1852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:15:06.0856 1852 RasPppoe - ok

17:15:06.0887 1852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:15:06.0887 1852 RasSstp - ok

17:15:06.0903 1852 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:15:06.0918 1852 rdbss - ok

17:15:06.0949 1852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:15:06.0965 1852 rdpbus - ok

17:15:06.0981 1852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:15:06.0996 1852 RDPCDD - ok

17:15:07.0012 1852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:15:07.0012 1852 RDPENCDD - ok

17:15:07.0059 1852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:15:07.0059 1852 RDPREFMP - ok

17:15:07.0074 1852 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

17:15:07.0090 1852 RDPWD - ok

17:15:07.0137 1852 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:15:07.0152 1852 rdyboost - ok

17:15:07.0168 1852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:15:07.0183 1852 rspndr - ok

17:15:07.0199 1852 SAVRKBootTasks - ok

17:15:07.0230 1852 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:15:07.0261 1852 sbp2port - ok

17:15:07.0277 1852 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:15:07.0293 1852 scfilter - ok

17:15:07.0324 1852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:15:07.0339 1852 secdrv - ok

17:15:07.0371 1852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:15:07.0371 1852 Serenum - ok

17:15:07.0402 1852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:15:07.0417 1852 Serial - ok

17:15:07.0433 1852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:15:07.0433 1852 sermouse - ok

17:15:07.0464 1852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:15:07.0480 1852 sffdisk - ok

17:15:07.0511 1852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:15:07.0527 1852 sffp_mmc - ok

17:15:07.0542 1852 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:15:07.0558 1852 sffp_sd - ok

17:15:07.0558 1852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:15:07.0573 1852 sfloppy - ok

17:15:07.0605 1852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:15:07.0620 1852 SiSRaid2 - ok

17:15:07.0636 1852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:15:07.0651 1852 SiSRaid4 - ok

17:15:07.0667 1852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:15:07.0683 1852 Smb - ok

17:15:07.0714 1852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:15:07.0714 1852 spldr - ok

17:15:07.0776 1852 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

17:15:07.0792 1852 srv - ok

17:15:07.0807 1852 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

17:15:07.0839 1852 srv2 - ok

17:15:07.0870 1852 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

17:15:07.0870 1852 srvnet - ok

17:15:07.0917 1852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:15:07.0932 1852 stexstor - ok

17:15:07.0948 1852 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

17:15:07.0963 1852 StillCam - ok

17:15:08.0010 1852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:15:08.0026 1852 swenum - ok

17:15:08.0073 1852 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

17:15:08.0119 1852 Tcpip - ok

17:15:08.0166 1852 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

17:15:08.0182 1852 TCPIP6 - ok

17:15:08.0229 1852 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:15:08.0244 1852 tcpipreg - ok

17:15:08.0260 1852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:15:08.0275 1852 TDPIPE - ok

17:15:08.0275 1852 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:15:08.0291 1852 TDTCP - ok

17:15:08.0307 1852 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:15:08.0322 1852 tdx - ok

17:15:08.0338 1852 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:15:08.0353 1852 TermDD - ok

17:15:08.0369 1852 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:15:08.0385 1852 tssecsrv - ok

17:15:08.0416 1852 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:15:08.0431 1852 tunnel - ok

17:15:08.0478 1852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:15:08.0494 1852 uagp35 - ok

17:15:08.0541 1852 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

17:15:08.0572 1852 udfs - ok

17:15:08.0587 1852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:15:08.0587 1852 uliagpkx - ok

17:15:08.0634 1852 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:15:08.0650 1852 umbus - ok

17:15:08.0665 1852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:15:08.0665 1852 UmPass - ok

17:15:08.0697 1852 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

17:15:08.0712 1852 USBAAPL64 - ok

17:15:08.0759 1852 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

17:15:08.0790 1852 usbaudio - ok

17:15:08.0837 1852 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

17:15:08.0853 1852 usbccgp - ok

17:15:08.0868 1852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:15:08.0884 1852 usbcir - ok

17:15:08.0899 1852 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

17:15:08.0915 1852 usbehci - ok

17:15:08.0946 1852 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

17:15:08.0946 1852 usbhub - ok

17:15:08.0962 1852 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

17:15:08.0977 1852 usbohci - ok

17:15:08.0993 1852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:15:09.0009 1852 usbprint - ok

17:15:09.0040 1852 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

17:15:09.0071 1852 USBSTOR - ok

17:15:09.0087 1852 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

17:15:09.0102 1852 usbuhci - ok

17:15:09.0149 1852 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

17:15:09.0165 1852 usbvideo - ok

17:15:09.0211 1852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:15:09.0227 1852 vdrvroot - ok

17:15:09.0274 1852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:15:09.0289 1852 vga - ok

17:15:09.0305 1852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:15:09.0321 1852 VgaSave - ok

17:15:09.0352 1852 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:15:09.0367 1852 vhdmp - ok

17:15:09.0383 1852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:15:09.0399 1852 viaide - ok

17:15:09.0414 1852 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:15:09.0430 1852 volmgr - ok

17:15:09.0445 1852 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:15:09.0461 1852 volmgrx - ok

17:15:09.0461 1852 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:15:09.0477 1852 volsnap - ok

17:15:09.0492 1852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:15:09.0523 1852 vsmraid - ok

17:15:09.0555 1852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

17:15:09.0586 1852 vwifibus - ok

17:15:09.0601 1852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:15:09.0617 1852 WacomPen - ok

17:15:09.0648 1852 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:15:09.0664 1852 WANARP - ok

17:15:09.0664 1852 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:15:09.0664 1852 Wanarpv6 - ok

17:15:09.0711 1852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:15:09.0726 1852 Wd - ok

17:15:09.0742 1852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:15:09.0757 1852 Wdf01000 - ok

17:15:09.0789 1852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:15:09.0804 1852 WfpLwf - ok

17:15:09.0867 1852 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

17:15:09.0913 1852 WimFltr - ok

17:15:09.0929 1852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:15:09.0945 1852 WIMMount - ok

17:15:10.0007 1852 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

17:15:10.0023 1852 WinUsb - ok

17:15:10.0054 1852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:15:10.0054 1852 WmiAcpi - ok

17:15:10.0116 1852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:15:10.0132 1852 ws2ifsl - ok

17:15:10.0163 1852 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

17:15:10.0179 1852 WSDPrintDevice - ok

17:15:10.0210 1852 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

17:15:10.0241 1852 WudfPf - ok

17:15:10.0272 1852 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:15:10.0288 1852 WUDFRd - ok

17:15:10.0303 1852 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

17:15:10.0303 1852 \Device\Harddisk0\DR0 - ok

17:15:10.0319 1852 Boot (0x1200) (faf20eb1cf2d88d2dc19c8218c78212e) \Device\Harddisk0\DR0\Partition0

17:15:10.0319 1852 \Device\Harddisk0\DR0\Partition0 - ok

17:15:10.0319 1852 Boot (0x1200) (c00602f3b4e7d3d865e0f4cdab12210c) \Device\Harddisk0\DR0\Partition1

17:15:10.0319 1852 \Device\Harddisk0\DR0\Partition1 - ok

17:15:10.0319 1852 ============================================================

17:15:10.0319 1852 Scan finished

17:15:10.0319 1852 ============================================================

17:15:10.0335 6388 Detected object count: 0

17:15:10.0335 6388 Actual detected object count: 0

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Good Morning.. aswMBR scan log follows:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-10 09:14:24

-----------------------------

09:14:24.487 OS Version: Windows x64 6.1.7600

09:14:24.487 Number of processors: 4 586 0x2502

09:14:24.487 ComputerName: DAVIS-PC UserName: DAVIS

09:14:25.891 Initialize success

09:14:31.304 AVAST engine defs: 11110901

09:14:33.083 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

09:14:33.098 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3

09:14:35.126 Disk 0 MBR read successfully

09:14:35.126 Disk 0 MBR scan

09:14:35.142 Disk 0 MBR:Alureon-I [Rtk]

09:14:35.142 Disk 0 TDL4@MBR code has been found

09:14:35.142 Disk 0 MBR hidden

09:14:35.157 Disk 0 MBR [TDL4] **ROOTKIT**

09:14:35.157 Service scanning

09:14:37.404 Modules scanning

09:14:37.404 Disk 0 trace - called modules:

09:14:37.419 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004e0c334]<<

09:14:37.419 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004df5060]

09:14:37.419 3 CLASSPNP.SYS[fffff880018a843f] -> nt!IofCallDriver -> [0xfffffa8003ad8d10]

09:14:37.435 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048eb060]

09:14:37.435 \Driver\atapi[0xfffffa80048e2c60] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004e0c334

09:14:45.703 AVAST engine scan C:\Windows

09:14:51.740 AVAST engine scan C:\Windows\system32

09:16:25.532 AVAST engine scan C:\Windows\system32\drivers

09:16:34.252 AVAST engine scan C:\Users\DAVIS

09:23:48.323 File: C:\Users\DAVIS\AppData\Local\Temp\0.535124183243221exe **INFECTED** Win32:Small-HTVT [Trj]

09:34:54.913 AVAST engine scan C:\ProgramData

09:37:12.131 Scan finished successfully

09:47:48.347 Disk 0 MBR has been saved successfully to "C:\Users\DAVIS\Desktop\MBR.dat"

09:47:48.347 The log file has been saved successfully to "C:\Users\DAVIS\Desktop\aswMBR.txt"

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Hi Kenny,

I am out of town until saturday and will complete your instructions then. Just to clarify, I have rn several quick scans using aswMBR however I have not seen the 'fix' button active" only the fixMBR button. Is this the fix I should attempt? If not should I be doing another type of scan?

Thanks,

Diane

Link to post
Share on other sites
Kenny94

Kenny94

Posted
Posted

Yes, we need to fix the Master Boot Record using aswMBR when you get back.

  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click FixMBR to remove the infection as illustrated below

aswMBR_FixMBR.jpg

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review

Link to post
Share on other sites
DianeD

DianeD

Posted
  • Author
Posted

Hi Kenny.

Attached is the latest aswMBR log. Peformed the FixMBR with no problems.

Thanks,

Diane

----------------------------------------------------------------------------------

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-12 16:19:47

-----------------------------

16:19:47.300 OS Version: Windows x64 6.1.7600

16:19:47.300 Number of processors: 4 586 0x2502

16:19:47.300 ComputerName: DAVIS-PC UserName: DAVIS

16:19:48.906 Initialize success

16:19:57.611 AVAST engine defs: 11110901

16:20:04.350 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:20:04.350 Disk 0 Vendor: ST3320418AS CC45 Size: 305245MB BusType: 3

16:20:06.659 Disk 0 MBR read successfully

16:20:06.659 Disk 0 MBR scan

16:20:06.675 Disk 0 MBR:Alureon-I [Rtk]

16:20:06.675 Disk 0 TDL4@MBR code has been found

16:20:06.675 Disk 0 MBR hidden

16:20:06.675 Disk 0 MBR [TDL4] **ROOTKIT**

16:20:06.690 Service scanning

16:20:08.110 Modules scanning

16:20:08.110 Disk 0 trace - called modules:

16:20:08.141 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004e0c334]<<

16:20:08.141 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004df5060]

16:20:08.141 3 CLASSPNP.SYS[fffff880018a843f] -> nt!IofCallDriver -> [0xfffffa8003ad8d10]

16:20:08.141 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048eb060]

16:20:08.157 \Driver\atapi[0xfffffa80048e2c60] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004e0c334

16:20:11.402 AVAST engine scan C:\Windows

16:20:45.804 AVAST engine scan C:\Windows\system32

16:23:53.145 AVAST engine scan C:\Windows\system32\drivers

16:24:05.095 AVAST engine scan C:\Users\DAVIS

16:29:25.926 File: C:\Users\DAVIS\AppData\Local\Temp\0.535124183243221exe **INFECTED** Win32:Small-HTVT [Trj]

16:40:04.121 AVAST engine scan C:\ProgramData

16:42:19.626 Scan finished successfully

16:42:59.500 Disk 0 MBR has been saved successfully to "C:\Users\DAVIS\Desktop\MBR.dat"

16:42:59.500 The log file has been saved successfully to "C:\Users\DAVIS\Desktop\aswMBR.txt"

16:43:12.464 Disk 0 MBR read successfully

16:43:12.464 Disk 0 MBR:Alureon-I [Rtk]

16:43:12.464 Disk 0 TDL4@MBR code has been found

16:43:12.464 Disk 0 fixing MBR ...

16:43:22.619 Verifying

16:43:34.694 Disk 0 Windows 601 MBR fixed successfully

16:44:00.169 Disk 0 MBR has been saved successfully to "C:\Users\DAVIS\Desktop\MBR.dat"

16:44:00.185 The log file has been saved successfully to "C:\Users\DAVIS\Desktop\aswMBR.txt"

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.