Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Window Security Center Malware [Solved]

Started by Tacotome , Jan 09 2012 10:06 PM

  • This topic is locked This topic is locked

#1
Tacotome
Posted 09 January 2012 - 10:06 PM

Tacotome

    New Member

  • Member
  • Pip
  • 7 posts
Last night my computer became infected with malware that appears to have replaced the Windows Security System. It would say that I have no firewall or antivirus and listed several dozen viruses that my computer was infected with. I found the malware exe in the system32 file and deleted it. Ran AVG which found a lot of tracking cookies but nothing else. Restarted my computer. Now I can not run anything without 'run as administrator'. I tried disabling UA but it still doesn't allow me to run anything without doing 'run as administrator'. I noticed that even though I am listed as Admin on my computer it only allows me standard use and wont let me change it. Also I can not run anything Windows Security Center related. When I try it gives me "C:\Windows\System32\rundll32.exe Application not found". Rundll32 still appears in system32 and according to AVG does not seem to have any issues. Sfc/scannow showed a ton of pending name changes but nothing appears to be corrupted.

OTL logfile created on: 1/9/2012 9:41:04 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kenneth\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 55.31% Memory free
6.19 Gb Paging File | 4.91 Gb Available in Paging File | 79.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.75 Gb Total Space | 54.49 Gb Free Space | 39.85% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.95 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 12.30 Gb Total Space | 1.85 Gb Free Space | 15.00% Space Free | Partition Type: NTFS

Computer Name: KITTY-PC | User Name: Kenneth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 21:40:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kenneth\Downloads\OTL.exe
PRC - [2012/01/03 20:12:56 | 000,180,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.93\GoogleCrashHandler.exe
PRC - [2012/01/02 15:58:43 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/12 09:28:39 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/11/30 18:22:53 | 000,135,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/03 05:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 05:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/03 05:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/05/03 15:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/09/20 13:12:02 | 000,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2007/09/20 13:02:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/02 15:58:43 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/16 10:26:10 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/12 09:28:39 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/30 18:22:53 | 000,135,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/03 05:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/03 15:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 17:13:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 13:02:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007/08/31 13:15:06 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [On_Demand | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 05:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008/07/07 11:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 15:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 10:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/17 17:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/06 14:53:00 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV - [2007/08/28 17:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/28 09:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 07:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111125
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: [email protected]:0.72.17
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
FF - prefs.js..keyword.URL: "http://isearch.avg.c...8:23&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/07 18:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/07 18:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/22 15:50:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/25 03:06:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/12 09:28:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 15:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 15:58:47 | 000,000,000 | ---D | M]

[2011/08/03 10:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\Mozilla\Extensions
[2012/01/09 01:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\oivol912.default\extensions
[2011/08/03 14:21:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\oivol912.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/25 03:06:18 | 000,001,945 | ---- | M] () -- C:\Users\Kenneth\AppData\Roaming\Mozilla\Firefox\Profiles\oivol912.default\searchplugins\bing-zugo.xml
[2011/09/26 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/22 15:50:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/12/12 09:28:48 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.18
[2011/11/25 03:06:48 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\PROGRAMDATA\CODECCHECK\FIREFOX
[2011/12/12 09:28:36 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files\bflixtoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://www.cat.lms....raUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smart...oad/cscmv5X.cab (CMV5 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A841B7C-688C-4E1B-AFA9-FD006AA3DD54}: DhcpNameServer = 10.0.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C291AC11-BCE1-440B-B420-58CA47498310}: DhcpNameServer = 204.117.214.10 199.2.252.10
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/27 01:38:30 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = G2] -- "C:\Users\Kenneth\AppData\Local\mfa.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImageMixer CD Label Maker
[2011/12/18 22:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMixer CD Label Maker
[2011/12/18 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\Documents\Acoustica
[2011/12/18 22:31:07 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\AppData\Roaming\Acoustica
[2011/12/18 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMixer CD Label Maker
[2011/12/12 09:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/12 09:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/12 09:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search

========== Files - Modified Within 30 Days ==========

[2012/01/09 21:49:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{66B6EB03-7599-4C56-B518-9BEAA590752F}.job
[2012/01/09 21:37:02 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/09 21:37:02 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/09 21:31:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/09 21:31:00 | 000,002,349 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
[2012/01/09 21:30:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 21:30:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 21:30:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 21:30:03 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 21:28:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/09 21:27:01 | 000,000,099 | ---- | M] () -- C:\Users\Kenneth\Desktop\fix.reg
[2012/01/09 21:25:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/09 21:25:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/01/09 21:20:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/09 21:08:21 | 142,677,368 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/09 20:58:59 | 000,398,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/09 10:09:29 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-401983364-1307999963-345973042-1000UA.job
[2012/01/08 23:31:31 | 000,002,487 | ---- | M] () -- C:\Users\Kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/08 23:31:31 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/08 23:07:00 | 000,010,866 | -HS- | M] () -- C:\Users\Kenneth\AppData\Local\i350pcy443261757r7482nsq48p2i
[2012/01/08 23:07:00 | 000,010,866 | -HS- | M] () -- C:\ProgramData\i350pcy443261757r7482nsq48p2i
[2012/01/07 00:56:10 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/01/06 04:06:36 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-401983364-1307999963-345973042-1000Core.job
[2011/12/23 18:38:01 | 000,514,184 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/22 15:51:07 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/12/18 23:39:51 | 000,064,792 | ---- | M] () -- C:\Users\Kenneth\Documents\Ashley's Album.lbl
[2011/12/18 22:31:40 | 000,000,832 | ---- | M] () -- C:\Users\Kenneth\Desktop\ImageMixer CD Label Maker.lnk

========== Files Created - No Company Name ==========

[2012/01/09 21:27:01 | 000,000,099 | ---- | C] () -- C:\Users\Kenneth\Desktop\fix.reg
[2012/01/09 21:25:47 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/09 21:25:47 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/01/09 01:03:47 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/08 23:31:31 | 000,002,487 | ---- | C] () -- C:\Users\Kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/08 22:30:44 | 000,010,866 | -HS- | C] () -- C:\Users\Kenneth\AppData\Local\i350pcy443261757r7482nsq48p2i
[2012/01/08 22:30:44 | 000,010,866 | -HS- | C] () -- C:\ProgramData\i350pcy443261757r7482nsq48p2i
[2011/12/18 23:39:51 | 000,064,792 | ---- | C] () -- C:\Users\Kenneth\Documents\Ashley's Album.lbl
[2011/12/18 22:31:40 | 000,000,832 | ---- | C] () -- C:\Users\Kenneth\Desktop\ImageMixer CD Label Maker.lnk
[2011/12/18 22:31:39 | 000,299,552 | ---- | C] () -- C:\Windows\wmsysprx.prx
[2011/12/17 16:47:52 | 000,080,896 | ---- | C] () -- C:\Users\Kenneth\Desktop\06087298.dot
[2011/08/29 09:33:05 | 000,000,680 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\d3d9caps.dat
[2011/08/03 15:02:22 | 000,012,288 | ---- | C] () -- C:\Users\Kenneth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 18:51:55 | 000,041,983 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/18 18:51:46 | 000,041,983 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/21 17:56:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/21 17:56:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/13 09:57:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/21 19:33:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/02 19:47:14 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/01/02 19:47:14 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/01/02 19:46:45 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/02 19:37:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/11/27 01:53:35 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/05 14:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,398,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/12/18 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Acoustica
[2011/08/03 10:35:46 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\AVG10
[2011/12/13 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\BitTorrent
[2011/08/03 10:34:18 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\DigitalPersona
[2011/11/23 02:12:31 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Enxim
[2011/08/03 15:25:07 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\fosoft
[2011/08/03 10:35:54 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\HotSync
[2011/09/28 09:49:23 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\muvee Technologies
[2011/09/07 01:01:53 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\SystemRequirementsLab
[2011/09/06 22:19:04 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Tific
[2011/10/14 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Uxfyitp
[2011/10/14 15:24:04 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Yso
[2011/11/23 02:08:48 | 000,000,000 | ---D | M] -- C:\Users\Kenneth\AppData\Roaming\Zaopon
[2012/01/09 21:28:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/09 21:49:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{66B6EB03-7599-4C56-B518-9BEAA590752F}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 10 January 2012 - 01:25 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Tacotome and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O37 - HKCU\...exe [@ = G2] -- "C:\Users\Kenneth\AppData\Local\mfa.exe" -a "%1" %*
    [2012/01/08 23:07:00 | 000,010,866 | -HS- | M] () -- C:\Users\Kenneth\AppData\Local\i350pcy443261757r7482nsq48p2i
    [2012/01/08 23:07:00 | 000,010,866 | -HS- | M] () -- C:\ProgramData\i350pcy443261757r7482nsq48p2i


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
Tacotome
Posted 11 January 2012 - 09:05 PM

Tacotome

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you maliprog for helping me.

Here is the OTL fix log:

========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\G2\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Kenneth\AppData\Local\i350pcy443261757r7482nsq48p2i moved successfully.
C:\ProgramData\i350pcy443261757r7482nsq48p2i moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kenneth\Downloads\cmd.bat deleted successfully.
C:\Users\Kenneth\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01112012_205133
  • 0

#4
Tacotome
Posted 11 January 2012 - 09:25 PM

Tacotome

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
And here is the Malwarebytes log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Kenneth :: KITTY-PC [administrator]

1/11/2012 9:10:35 PM
mbam-log-2012-01-11 (21-10-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254765
Time elapsed: 12 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Kenneth\AppData\Local\mfa.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\$RECYCLE.BIN\S-1-5-21-401983364-1307999963-345973042-1003\$RMKKFW2.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Kenneth\AppData\Local\Temp\Addons\225D41F7\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
C:\Users\Kenneth\Downloads\Codec-C (42).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Kitty\Local Settings\Temporary Internet Files\pse_300_enu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kenneth\Downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0

#5
maliprog
Posted 12 January 2012 - 12:05 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tacotome,

We still need to do some scans but how is your system now? Problems?

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 2


Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 3


Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBRlog
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#6
Tacotome
Posted 12 January 2012 - 08:48 PM

Tacotome

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Much better than before, thank you. No serious problems, but it does seem markedly slower than before but that could just be me.


20:41:37.0556 5352 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
20:41:38.0118 5352 ============================================================
20:41:38.0118 5352 Current date / time: 2012/01/12 20:41:38.0118
20:41:38.0118 5352 SystemInfo:
20:41:38.0118 5352
20:41:38.0118 5352 OS Version: 6.0.6002 ServicePack: 2.0
20:41:38.0118 5352 Product type: Workstation
20:41:38.0118 5352 ComputerName: KITTY-PC
20:41:38.0119 5352 UserName: Kenneth
20:41:38.0119 5352 Windows directory: C:\Windows
20:41:38.0119 5352 System windows directory: C:\Windows
20:41:38.0119 5352 Processor architecture: Intel x86
20:41:38.0119 5352 Number of processors: 2
20:41:38.0119 5352 Page size: 0x1000
20:41:38.0119 5352 Boot type: Normal boot
20:41:38.0119 5352 ============================================================
20:41:42.0102 5352 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
20:41:42.0127 5352 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
20:41:42.0942 5352 Initialize success
20:41:49.0347 3376 ============================================================
20:41:49.0347 3376 Scan started
20:41:49.0347 3376 Mode: Manual;
20:41:49.0347 3376 ============================================================
20:41:53.0727 3376 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:41:53.0749 3376 ACPI - ok
20:41:54.0377 3376 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:41:54.0397 3376 adp94xx - ok
20:41:55.0112 3376 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:41:55.0150 3376 adpahci - ok
20:41:55.0417 3376 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:41:55.0436 3376 adpu160m - ok
20:41:55.0559 3376 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:41:55.0587 3376 adpu320 - ok
20:41:56.0065 3376 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:41:56.0131 3376 AFD - ok
20:41:56.0579 3376 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:41:56.0629 3376 agp440 - ok
20:41:56.0905 3376 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:41:56.0941 3376 aic78xx - ok
20:41:57.0307 3376 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:41:57.0519 3376 aliide - ok
20:41:57.0825 3376 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:41:57.0991 3376 amdagp - ok
20:41:58.0384 3376 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:41:58.0410 3376 amdide - ok
20:41:58.0700 3376 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:41:58.0705 3376 AmdK7 - ok
20:41:58.0744 3376 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:41:58.0752 3376 AmdK8 - ok
20:41:58.0971 3376 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:41:58.0997 3376 arc - ok
20:41:59.0259 3376 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:41:59.0264 3376 arcsas - ok
20:41:59.0528 3376 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:41:59.0583 3376 AsyncMac - ok
20:41:59.0760 3376 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:41:59.0783 3376 atapi - ok
20:42:00.0140 3376 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
20:42:00.0165 3376 ATSWPDRV - ok
20:42:00.0909 3376 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:42:00.0967 3376 AVGIDSDriver - ok
20:42:01.0239 3376 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:42:01.0243 3376 AVGIDSEH - ok
20:42:01.0339 3376 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:42:01.0363 3376 AVGIDSFilter - ok
20:42:01.0627 3376 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:42:01.0631 3376 AVGIDSShim - ok
20:42:01.0954 3376 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
20:42:01.0963 3376 Avgldx86 - ok
20:42:02.0042 3376 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
20:42:02.0047 3376 Avgmfx86 - ok
20:42:03.0090 3376 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
20:42:03.0148 3376 Avgrkx86 - ok
20:42:03.0510 3376 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
20:42:03.0559 3376 Avgtdix - ok
20:42:04.0060 3376 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:42:04.0124 3376 BCM43XV - ok
20:42:04.0502 3376 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:42:04.0525 3376 Beep - ok
20:42:04.0627 3376 blbdrive - ok
20:42:05.0104 3376 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:42:05.0149 3376 bowser - ok
20:42:05.0572 3376 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:42:05.0593 3376 BrFiltLo - ok
20:42:06.0229 3376 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:42:06.0233 3376 BrFiltUp - ok
20:42:06.0932 3376 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:42:06.0984 3376 Brserid - ok
20:42:07.0256 3376 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:42:07.0320 3376 BrSerWdm - ok
20:42:07.0496 3376 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:42:07.0501 3376 BrUsbMdm - ok
20:42:07.0613 3376 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:42:07.0617 3376 BrUsbSer - ok
20:42:07.0973 3376 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
20:42:07.0979 3376 BthEnum - ok
20:42:08.0186 3376 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:42:08.0192 3376 BTHMODEM - ok
20:42:08.0346 3376 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:42:08.0368 3376 BthPan - ok
20:42:08.0844 3376 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
20:42:08.0924 3376 BTHPORT - ok
20:42:09.0315 3376 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
20:42:09.0338 3376 BTHUSB - ok
20:42:09.0521 3376 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
20:42:09.0527 3376 btwaudio - ok
20:42:09.0625 3376 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
20:42:09.0659 3376 btwavdt - ok
20:42:10.0498 3376 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
20:42:10.0503 3376 btwrchid - ok
20:42:10.0656 3376 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:42:10.0676 3376 cdfs - ok
20:42:10.0844 3376 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:42:10.0851 3376 cdrom - ok
20:42:11.0037 3376 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:42:11.0056 3376 circlass - ok
20:42:11.0125 3376 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:42:11.0137 3376 CLFS - ok
20:42:11.0328 3376 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:11.0346 3376 CmBatt - ok
20:42:11.0435 3376 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:42:11.0440 3376 cmdide - ok
20:42:11.0920 3376 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:42:11.0928 3376 Compbatt - ok
20:42:12.0024 3376 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:42:12.0047 3376 crcdisk - ok
20:42:12.0436 3376 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:42:12.0460 3376 Crusoe - ok
20:42:12.0680 3376 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:42:12.0684 3376 DfsC - ok
20:42:12.0899 3376 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:42:12.0916 3376 disk - ok
20:42:13.0176 3376 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:42:13.0183 3376 drmkaud - ok
20:42:13.0479 3376 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
20:42:13.0500 3376 DSI_SiUSBXp_3_1 - ok
20:42:13.0588 3376 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:42:13.0610 3376 DXGKrnl - ok
20:42:13.0901 3376 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
20:42:13.0908 3376 E100B - ok
20:42:14.0231 3376 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:42:14.0237 3376 E1G60 - ok
20:42:14.0507 3376 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:42:14.0533 3376 Ecache - ok
20:42:14.0757 3376 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:42:14.0796 3376 elxstor - ok
20:42:15.0019 3376 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:42:15.0028 3376 exfat - ok
20:42:15.0137 3376 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:42:15.0161 3376 fastfat - ok
20:42:15.0427 3376 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:42:15.0439 3376 fdc - ok
20:42:15.0584 3376 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:42:15.0590 3376 FileInfo - ok
20:42:15.0717 3376 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:42:15.0721 3376 Filetrace - ok
20:42:15.0884 3376 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:15.0890 3376 flpydisk - ok
20:42:16.0054 3376 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:42:16.0062 3376 FltMgr - ok
20:42:16.0386 3376 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:42:16.0393 3376 Fs_Rec - ok
20:42:16.0498 3376 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:42:16.0503 3376 gagp30kx - ok
20:42:16.0581 3376 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:42:16.0595 3376 GEARAspiWDM - ok
20:42:16.0887 3376 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:42:16.0897 3376 HdAudAddService - ok
20:42:17.0018 3376 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:17.0058 3376 HDAudBus - ok
20:42:17.0295 3376 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:42:17.0323 3376 HidBth - ok
20:42:17.0555 3376 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:42:17.0571 3376 HidIr - ok
20:42:18.0118 3376 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:42:18.0123 3376 HidUsb - ok
20:42:18.0450 3376 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:42:18.0479 3376 HpCISSs - ok
20:42:19.0301 3376 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:42:19.0326 3376 HpqKbFiltr - ok
20:42:19.0625 3376 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
20:42:19.0645 3376 HpqRemHid - ok
20:42:19.0859 3376 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:42:19.0869 3376 HSFHWAZL - ok
20:42:20.0197 3376 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:42:20.0227 3376 HSF_DPV - ok
20:42:20.0423 3376 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:42:20.0438 3376 HTTP - ok
20:42:20.0548 3376 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:42:20.0572 3376 i2omp - ok
20:42:20.0714 3376 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:42:20.0720 3376 i8042prt - ok
20:42:20.0896 3376 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:42:20.0936 3376 ialm - ok
20:42:21.0167 3376 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
20:42:21.0173 3376 iaStor - ok
20:42:21.0263 3376 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:42:21.0274 3376 iaStorV - ok
20:42:21.0537 3376 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:42:21.0542 3376 iirsp - ok
20:42:22.0052 3376 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
20:42:22.0166 3376 IntcAzAudAddService - ok
20:42:22.0329 3376 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:42:22.0351 3376 intelide - ok
20:42:22.0410 3376 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:42:22.0415 3376 intelppm - ok
20:42:22.0681 3376 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:22.0686 3376 IpFilterDriver - ok
20:42:22.0737 3376 IpInIp - ok
20:42:22.0792 3376 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:42:22.0797 3376 IPMIDRV - ok
20:42:22.0974 3376 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:42:22.0981 3376 IPNAT - ok
20:42:23.0074 3376 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:42:23.0078 3376 IRENUM - ok
20:42:23.0193 3376 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:42:23.0212 3376 isapnp - ok
20:42:23.0327 3376 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:42:23.0338 3376 iScsiPrt - ok
20:42:23.0673 3376 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:42:23.0678 3376 iteatapi - ok
20:42:24.0104 3376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:42:24.0109 3376 iteraid - ok
20:42:24.0225 3376 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:24.0233 3376 kbdclass - ok
20:42:24.0423 3376 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:24.0431 3376 kbdhid - ok
20:42:24.0644 3376 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:42:24.0732 3376 KSecDD - ok
20:42:25.0141 3376 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:42:25.0145 3376 lltdio - ok
20:42:25.0324 3376 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:42:25.0335 3376 LSI_FC - ok
20:42:25.0810 3376 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:42:25.0902 3376 LSI_SAS - ok
20:42:26.0158 3376 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:42:26.0163 3376 LSI_SCSI - ok
20:42:26.0281 3376 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:42:26.0288 3376 luafv - ok
20:42:26.0385 3376 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:42:26.0390 3376 megasas - ok
20:42:26.0549 3376 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:42:26.0556 3376 Modem - ok
20:42:26.0659 3376 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:42:26.0663 3376 monitor - ok
20:42:26.0708 3376 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:42:26.0716 3376 mouclass - ok
20:42:26.0868 3376 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:42:26.0872 3376 mouhid - ok
20:42:26.0968 3376 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:42:26.0973 3376 MountMgr - ok
20:42:27.0033 3376 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:42:27.0039 3376 mpio - ok
20:42:27.0213 3376 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:42:27.0218 3376 mpsdrv - ok
20:42:27.0340 3376 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:42:27.0344 3376 Mraid35x - ok
20:42:27.0580 3376 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:42:27.0589 3376 MRxDAV - ok
20:42:27.0671 3376 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:27.0678 3376 mrxsmb - ok
20:42:27.0842 3376 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:27.0868 3376 mrxsmb10 - ok
20:42:28.0067 3376 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:28.0073 3376 mrxsmb20 - ok
20:42:28.0203 3376 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:42:28.0207 3376 msahci - ok
20:42:28.0634 3376 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:42:28.0654 3376 msdsm - ok
20:42:29.0081 3376 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:42:29.0086 3376 Msfs - ok
20:42:29.0301 3376 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:42:29.0310 3376 msisadrv - ok
20:42:30.0003 3376 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:42:30.0007 3376 MSKSSRV - ok
20:42:30.0168 3376 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:30.0172 3376 MSPCLOCK - ok
20:42:30.0292 3376 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:42:30.0316 3376 MSPQM - ok
20:42:30.0385 3376 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:42:30.0394 3376 MsRPC - ok
20:42:30.0754 3376 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:30.0758 3376 mssmbios - ok
20:42:30.0833 3376 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:42:30.0837 3376 MSTEE - ok
20:42:30.0950 3376 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:42:30.0957 3376 Mup - ok
20:42:31.0037 3376 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:42:31.0045 3376 NativeWifiP - ok
20:42:31.0310 3376 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:42:31.0392 3376 NDIS - ok
20:42:31.0602 3376 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:31.0621 3376 NdisTapi - ok
20:42:31.0695 3376 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:31.0699 3376 Ndisuio - ok
20:42:32.0000 3376 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:32.0027 3376 NdisWan - ok
20:42:32.0113 3376 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:42:32.0128 3376 NDProxy - ok
20:42:32.0411 3376 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:42:32.0459 3376 NetBIOS - ok
20:42:32.0590 3376 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:42:32.0599 3376 netbt - ok
20:42:33.0005 3376 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:42:33.0106 3376 NETw4v32 - ok
20:42:33.0295 3376 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:42:33.0300 3376 nfrd960 - ok
20:42:33.0404 3376 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:42:33.0409 3376 Npfs - ok
20:42:33.0655 3376 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:42:33.0659 3376 nsiproxy - ok
20:42:33.0904 3376 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:42:33.0972 3376 Ntfs - ok
20:42:34.0095 3376 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:42:34.0100 3376 ntrigdigi - ok
20:42:34.0190 3376 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:42:34.0215 3376 Null - ok
20:42:36.0003 3376 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:42:36.0873 3376 nvlddmkm - ok
20:42:37.0011 3376 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:42:37.0025 3376 nvraid - ok
20:42:37.0105 3376 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:42:37.0110 3376 nvstor - ok
20:42:37.0175 3376 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:42:37.0184 3376 nv_agp - ok
20:42:37.0339 3376 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
20:42:37.0351 3376 NWADI - ok
20:42:37.0386 3376 NwlnkFlt - ok
20:42:37.0405 3376 NwlnkFwd - ok
20:42:37.0480 3376 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
20:42:37.0488 3376 NWUSBCDFIL - ok
20:42:37.0572 3376 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbmdm.sys
20:42:37.0581 3376 NWUSBModem - ok
20:42:37.0748 3376 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser.sys
20:42:37.0761 3376 NWUSBPort - ok
20:42:37.0884 3376 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser2.sys
20:42:37.0899 3376 NWUSBPort2 - ok
20:42:38.0082 3376 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:42:38.0099 3376 ohci1394 - ok
20:42:38.0274 3376 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:42:38.0280 3376 Parport - ok
20:42:38.0420 3376 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:42:38.0429 3376 partmgr - ok
20:42:38.0562 3376 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:42:38.0569 3376 Parvdm - ok
20:42:38.0639 3376 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:42:38.0656 3376 pci - ok
20:42:38.0737 3376 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
20:42:38.0746 3376 pciide - ok
20:42:38.0854 3376 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:42:38.0867 3376 pcmcia - ok
20:42:38.0972 3376 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:42:38.0998 3376 PEAUTH - ok
20:42:39.0198 3376 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:42:39.0206 3376 PptpMiniport - ok
20:42:39.0291 3376 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:42:39.0300 3376 Processor - ok
20:42:39.0376 3376 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:42:39.0380 3376 PSched - ok
20:42:39.0527 3376 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:42:39.0570 3376 ql2300 - ok
20:42:39.0712 3376 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:42:39.0718 3376 ql40xx - ok
20:42:39.0846 3376 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:42:39.0849 3376 QWAVEdrv - ok
20:42:39.0956 3376 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:42:39.0962 3376 RasAcd - ok
20:42:40.0159 3376 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:42:40.0167 3376 Rasl2tp - ok
20:42:40.0263 3376 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:42:40.0268 3376 RasPppoe - ok
20:42:40.0318 3376 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:42:40.0332 3376 RasSstp - ok
20:42:40.0484 3376 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:42:40.0555 3376 rdbss - ok
20:42:40.0607 3376 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:42:40.0612 3376 RDPCDD - ok
20:42:40.0693 3376 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:42:41.0196 3376 rdpdr - ok
20:42:41.0432 3376 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:42:41.0505 3376 RDPENCDD - ok
20:42:41.0651 3376 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:42:41.0771 3376 RDPWD - ok
20:42:41.0851 3376 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
20:42:41.0861 3376 RFCOMM - ok
20:42:42.0043 3376 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:42:42.0051 3376 rimmptsk - ok
20:42:42.0114 3376 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:42:42.0120 3376 rimsptsk - ok
20:42:42.0146 3376 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:42:42.0153 3376 rismxdp - ok
20:42:42.0225 3376 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:42:42.0233 3376 rspndr - ok
20:42:42.0356 3376 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:42:42.0365 3376 RTL8169 - ok
20:42:42.0464 3376 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:42:42.0474 3376 sbp2port - ok
20:42:42.0586 3376 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:42:42.0593 3376 sdbus - ok
20:42:42.0679 3376 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:42:42.0696 3376 secdrv - ok
20:42:42.0798 3376 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:42:42.0802 3376 Serenum - ok
20:42:42.0852 3376 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:42:42.0863 3376 Serial - ok
20:42:42.0928 3376 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:42:42.0932 3376 sermouse - ok
20:42:43.0064 3376 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:42:43.0120 3376 sffdisk - ok
20:42:43.0242 3376 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:42:43.0254 3376 sffp_mmc - ok
20:42:43.0332 3376 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:42:43.0359 3376 sffp_sd - ok
20:42:43.0412 3376 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:42:43.0416 3376 sfloppy - ok
20:42:43.0515 3376 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:42:43.0537 3376 sisagp - ok
20:42:43.0649 3376 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:42:43.0656 3376 SiSRaid2 - ok
20:42:43.0713 3376 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:42:43.0720 3376 SiSRaid4 - ok
20:42:43.0789 3376 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:42:43.0796 3376 Smb - ok
20:42:43.0955 3376 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys
20:42:44.0005 3376 smserial - ok
20:42:44.0169 3376 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:42:44.0180 3376 spldr - ok
20:42:44.0258 3376 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:42:44.0285 3376 srv - ok
20:42:44.0352 3376 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:42:44.0367 3376 srv2 - ok
20:42:44.0502 3376 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:42:44.0531 3376 srvnet - ok
20:42:44.0629 3376 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
20:42:44.0660 3376 StillCam - ok
20:42:44.0837 3376 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:42:44.0842 3376 swenum - ok
20:42:44.0931 3376 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:42:44.0936 3376 Symc8xx - ok
20:42:44.0979 3376 SymIM - ok
20:42:45.0001 3376 SymIMMP - ok
20:42:45.0042 3376 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:42:45.0047 3376 Sym_hi - ok
20:42:45.0189 3376 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:42:45.0195 3376 Sym_u3 - ok
20:42:45.0253 3376 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
20:42:45.0262 3376 SynTP - ok
20:42:45.0379 3376 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:42:45.0450 3376 Tcpip - ok
20:42:45.0646 3376 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:42:45.0660 3376 Tcpip6 - ok
20:42:45.0765 3376 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:42:45.0772 3376 tcpipreg - ok
20:42:45.0834 3376 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:42:45.0838 3376 TDPIPE - ok
20:42:45.0915 3376 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:42:45.0919 3376 TDTCP - ok
20:42:45.0972 3376 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:42:45.0978 3376 tdx - ok
20:42:46.0100 3376 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:42:46.0108 3376 TermDD - ok
20:42:46.0198 3376 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:42:46.0204 3376 tssecsrv - ok
20:42:46.0285 3376 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:42:46.0290 3376 tunmp - ok
20:42:46.0424 3376 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:42:46.0428 3376 tunnel - ok
20:42:46.0538 3376 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:42:46.0544 3376 uagp35 - ok
20:42:46.0612 3376 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:42:46.0627 3376 udfs - ok
20:42:46.0809 3376 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:42:46.0829 3376 uliagpkx - ok
20:42:46.0907 3376 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:42:46.0916 3376 uliahci - ok
20:42:47.0025 3376 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:42:47.0034 3376 UlSata - ok
20:42:47.0136 3376 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:42:47.0143 3376 ulsata2 - ok
20:42:47.0234 3376 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:42:47.0240 3376 umbus - ok
20:42:47.0316 3376 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:42:47.0325 3376 USBAAPL - ok
20:42:47.0454 3376 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:42:47.0461 3376 usbaudio - ok
20:42:47.0572 3376 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:42:47.0579 3376 usbccgp - ok
20:42:47.0664 3376 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:42:47.0670 3376 usbcir - ok
20:42:47.0774 3376 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:42:47.0779 3376 usbehci - ok
20:42:47.0896 3376 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:42:47.0908 3376 usbhub - ok
20:42:48.0015 3376 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:42:48.0024 3376 usbohci - ok
20:42:48.0123 3376 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:42:48.0127 3376 usbprint - ok
20:42:48.0246 3376 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:42:48.0315 3376 usbscan - ok
20:42:48.0422 3376 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:42:48.0429 3376 USBSTOR - ok
20:42:48.0526 3376 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:42:48.0531 3376 usbuhci - ok
20:42:48.0620 3376 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:42:48.0668 3376 usbvideo - ok
20:42:48.0776 3376 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:42:48.0781 3376 vga - ok
20:42:48.0903 3376 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:42:48.0911 3376 VgaSave - ok
20:42:49.0044 3376 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:42:49.0065 3376 viaagp - ok
20:42:49.0147 3376 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:42:49.0152 3376 ViaC7 - ok
20:42:49.0195 3376 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:42:49.0200 3376 viaide - ok
20:42:49.0325 3376 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:42:49.0332 3376 volmgr - ok
20:42:49.0413 3376 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:42:49.0425 3376 volmgrx - ok
20:42:49.0521 3376 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:42:49.0559 3376 volsnap - ok
20:42:49.0684 3376 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:42:49.0690 3376 vsmraid - ok
20:42:49.0849 3376 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:42:49.0853 3376 WacomPen - ok
20:42:49.0984 3376 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:42:49.0992 3376 Wanarp - ok
20:42:50.0000 3376 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:42:50.0003 3376 Wanarpv6 - ok
20:42:50.0155 3376 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:42:50.0159 3376 Wd - ok
20:42:50.0288 3376 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:42:50.0305 3376 Wdf01000 - ok
20:42:50.0467 3376 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:42:50.0490 3376 winachsf - ok
20:42:50.0671 3376 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:42:50.0675 3376 WmiAcpi - ok
20:42:50.0771 3376 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:42:50.0777 3376 WpdUsb - ok
20:42:50.0858 3376 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:42:50.0863 3376 ws2ifsl - ok
20:42:51.0014 3376 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:42:51.0020 3376 WUDFRd - ok
20:42:51.0144 3376 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
20:42:51.0182 3376 \Device\Harddisk0\DR0 - ok
20:42:53.0785 3376 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:42:53.0790 3376 \Device\Harddisk1\DR1 - ok
20:42:53.0833 3376 Boot (0x1200) (a307753c4f4c7cc61637a3c487040820) \Device\Harddisk0\DR0\Partition0
20:42:53.0834 3376 \Device\Harddisk0\DR0\Partition0 - ok
20:42:53.0896 3376 Boot (0x1200) (6dc1a24b2b9be170c92218ae87fef4d1) \Device\Harddisk0\DR0\Partition1
20:42:53.0898 3376 \Device\Harddisk0\DR0\Partition1 - ok
20:42:53.0908 3376 Boot (0x1200) (6e58f8a0d380023497aeb26cb161213a) \Device\Harddisk1\DR1\Partition0
20:42:53.0909 3376 \Device\Harddisk1\DR1\Partition0 - ok
20:42:53.0913 3376 ============================================================
20:42:53.0913 3376 Scan finished
20:42:53.0913 3376 ============================================================
20:42:53.0940 4676 Detected object count: 0
20:42:53.0940 4676 Actual detected object count: 0
  • 0

#7
Tacotome
Posted 12 January 2012 - 09:11 PM

Tacotome

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Windows crashed the first time I tried to run this.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 21:00:35
-----------------------------
21:00:35.797 OS Version: Windows 6.0.6002 Service Pack 2
21:00:35.797 Number of processors: 2 586 0xF0B
21:00:35.799 ComputerName: KITTY-PC UserName: Kenneth
21:00:42.160 Initialize success
21:01:15.027 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:01:15.032 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
21:01:15.038 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
21:01:15.043 Disk 1 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
21:01:15.063 Disk 0 MBR read successfully
21:01:15.069 Disk 0 MBR scan
21:01:15.075 Disk 0 unknown MBR code
21:01:15.082 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140027 MB offset 63
21:01:15.136 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12597 MB offset 286776315
21:01:15.168 Disk 0 scanning sectors +312576705
21:01:15.382 Disk 0 scanning C:\Windows\system32\drivers
21:01:39.149 Service scanning
21:01:41.057 Modules scanning
21:02:19.895 Disk 0 trace - called modules:
21:02:19.955 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:02:19.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86079358]
21:02:19.977 3 CLASSPNP.SYS[8a9a78b3] -> nt!IofCallDriver -> [0x85ab6268]
21:02:19.988 5 acpi.sys[826936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85556028]
21:02:20.000 Scan finished successfully
21:03:05.608 Disk 0 MBR has been saved successfully to "C:\Users\Kenneth\Desktop\MBR.dat"
21:03:05.622 The log file has been saved successfully to "C:\Users\Kenneth\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   601bytes   70 downloads

  • 0

#8
maliprog
Posted 13 January 2012 - 12:00 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tacotome,

Logs looking good. Please post VRT log after the scan.
  • 0

#9
Tacotome
Posted 13 January 2012 - 12:14 AM

Tacotome

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I am running the last scan but it has been 3 hours and is only at 5% so it might take a day or so for me to post it.
  • 0

#10
maliprog
Posted 13 January 2012 - 12:17 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This is standard antivirus scan so it could take a while because it scans all files on system.
  • 0

#11
Tacotome
Posted 16 January 2012 - 04:04 PM

Tacotome

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the final log:

Status: Deleted (events: 6)
1/12/2012 10:19:23 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Kenneth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\474b614f-449e5578 High
1/12/2012 10:19:25 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Kenneth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4f20b760-58b94d69 High
1/12/2012 10:19:25 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Kenneth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4f20b760-71236ef1 High
1/12/2012 10:19:40 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Kenneth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7789d188-152dbeb4 High
1/12/2012 10:19:42 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Kenneth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7789d188-5f6f7bd1 High
1/13/2012 12:23:24 AM Deleted virus HEUR:Trojan.Script.Generic C:\Documents and Settings\Kitty\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0001cc High
  • 0

#12
maliprog
Posted 17 January 2012 - 12:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tacotome,

How is your system now? Any problems?
  • 0

#13
maliprog
Posted 19 January 2012 - 12:20 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tacotome,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#14
maliprog
Posted 23 January 2012 - 12:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP