Jump to content


Photo

An issue with hijackthis


  • This topic is locked This topic is locked
29 replies to this topic

#1 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 18 October 2011 - 02:26 PM

I'm not quite sure where to put this because I don't think I have a virus anymore but I think this forum will do. I was getting a few new random tabs on firefox to spam sites. it only happened about 3 times in maybe a 20-30 minute span. I think it had to do with the site I had visited at the time. It has since then stopped and hasn't happened since Sunday night. I've ran scans with avg, superanti spyware, malwarebytes, spybot s&d which found nothing. Ad Aware came across a trojan and removed that but now I'm not sure if its safe to move any files to my external hard drive because I really do not want to infect that with a virus.

When I went to run a scan with HiJackThis it said my system denied access to a host file. I'm not sure what that meant and went on with the scan anyways. I'm not quite sure what to do about it. Could a virus cause is? I'm not sure if I'm infected or not still. I'm sorry if I posted this in the wrong forum. I wasn't sure if this belonged here or in malware removal forum.

This is my HiJackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:21 PM, on 10/18/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\B\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9242 bytes

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 October 2011 - 02:36 PM

Hello marsspeaks.

That is normal when you run HijackThis on a 64-bit system. It doesn't really understand those.

Your log looks clean, but I suggest you read the Forum FAQ and post the other requested logs. We need the information in order to help you.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 18 October 2011 - 06:13 PM

Hello marsspeaks.

That is normal when you run HijackThis on a 64-bit system. It doesn't really understand those.

Your log looks clean, but I suggest you read the Forum FAQ and post the other requested logs. We need the information in order to help you.


Oh okay, Thank you! So you think it's safe enough to transfer documents and photos to my external hard drive?

I should have read the faq first, my apologizes!

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7976

Windows 6.0.6000
Internet Explorer 7.0.6000.16473

10/18/2011 4:42:15 PM
mbam-log-2011-10-18 (16-42-15).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 286295
Time elapsed: 1 hour(s), 24 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16473
Run by B at 17:04:50 on 2011-10-18
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3319.1421 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\jusched.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0D791063-56BF-44AB-82B5-A7599930A6AF} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\b\appdata\roaming\mozilla\firefox\profiles\exmqxbh0.default\
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-17 64512]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-16 366152]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-17 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2011-10-1 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-16 22216]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2011-10-1 870400]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-10-18 149272]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-1 136176]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2011-10-1 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-1 136176]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-8-3 212280]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-8-3 1174664]
.
=============== Created Last 30 ================
.
2011-10-18 22:16:42 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-18 20:00:17 149272 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-10-18 04:46:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-18 00:01:44 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-17 23:48:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-17 23:48:47 -------- d-----w- c:\program files\Lavasoft
2011-10-17 20:50:54 -------- d-----w- c:\users\b\appdata\roaming\SUPERAntiSpyware.com
2011-10-17 20:50:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-17 20:50:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-17 20:03:09 -------- d--h--w- C:\$AVG
2011-10-17 13:27:11 -------- d-----w- c:\users\b\appdata\roaming\AVG2012
2011-10-17 13:26:47 -------- d--h--w- c:\programdata\Common Files
2011-10-17 13:21:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-17 13:21:42 -------- d-----w- c:\programdata\AVG2012
2011-10-17 13:19:35 -------- d-----w- c:\program files\AVG
2011-10-17 13:05:59 -------- d-----w- c:\programdata\MFAData
2011-10-17 08:11:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-17 08:11:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-17 04:39:53 -------- d-----w- c:\users\b\appdata\roaming\Malwarebytes
2011-10-17 04:38:57 -------- d-----w- c:\programdata\Malwarebytes
2011-10-17 04:38:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 04:38:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 08:47:14 -------- d-----w- c:\users\b\appdata\local\Adobe
2011-10-02 09:22:19 -------- d-----w- c:\program files\Conduit
2011-10-02 09:22:15 -------- d-----w- c:\users\b\appdata\local\Conduit
2011-10-02 09:22:14 -------- d-----w- c:\program files\uTorrentBar
2011-10-02 09:21:16 -------- d-----w- c:\program files\uTorrent
2011-10-02 09:20:44 -------- d-----w- c:\users\b\appdata\roaming\uTorrent
2011-10-02 09:20:44 -------- d-----w- c:\users\b\appdata\local\uTorrent
2011-10-02 09:09:42 -------- d-----w- c:\program files\VideoLAN
2011-10-01 19:19:54 -------- d-----w- c:\users\b\appdata\roaming\VDownloader
2011-10-01 19:19:53 -------- d-----w- c:\users\b\appdata\local\VDownloader
2011-10-01 18:25:55 -------- d-----w- c:\users\b\appdata\local\Google
2011-10-01 18:23:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 13:30:29 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-10-01 13:30:28 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-10-01 13:30:28 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-10-01 13:30:28 11264 ----a-w- c:\windows\system32\icardres.dll
2011-10-01 13:30:25 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-10-01 13:30:23 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-10-01 13:30:23 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-01 13:30:23 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-01 13:16:58 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-10-01 13:16:58 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-01 13:16:56 83968 ----a-w- c:\windows\system32\mscories.dll
2011-10-01 13:16:56 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-10-01 13:16:56 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-10-01 12:54:09 -------- d-----w- c:\program files\WinPcap
2011-10-01 12:54:06 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe
2011-10-01 12:54:00 -------- d-----w- c:\program files\VDownloader
2011-10-01 12:30:13 21504 ----a-w- c:\windows\system32\drivers\DNIMP50.sys
2011-10-01 12:30:13 20480 ----a-w- c:\windows\system32\drivers\DNISP50.sys
2011-10-01 12:30:11 870400 ----a-w- c:\windows\system32\drivers\WPN111v.sys
2011-10-01 12:30:11 -------- d-----w- c:\program files\NETGEAR
2011-10-01 12:24:29 -------- d-----w- c:\users\b\appdata\local\Hewlett-Packard
2011-10-01 11:10:03 -------- d-----w- c:\users\b\appdata\local\Mozilla
2011-10-01 10:51:23 -------- d-----w- c:\program files\common files\DivX Shared
2011-10-01 10:51:22 -------- d-----w- c:\program files\DivX
2011-10-01 06:47:23 -------- d-----w- c:\users\b\appdata\local\VirtualStore
2011-10-01 06:29:18 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2011-10-04 09:55:49 87608 ----a-w- c:\users\b\appdata\roaming\inst.exe
2011-10-04 09:55:49 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-10-04 09:55:49 47360 ----a-w- c:\users\b\appdata\roaming\pcouffin.sys
2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 17:06:01.92 ===============

Security Check:
Results of screen317's Security Check version 0.99.24
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2012
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ SE Runtime Environment 6 Update 1
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Thanks in advance and I hope this is enough for you to help me as I really want to know if my computer is safe enough to use my external hard drive.

Edited by cnm, 28 February 2012 - 04:51 PM.
Removed attach.txt at user request.


#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 October 2011 - 07:46 PM

You have some updates to do. Old versions have well-known vulnerabilities, so you could easily get infected.

Get Service Pack 1 for your Windows Vista. How to obtain the latest Windows Vista service pack

Get Internet Explorer 9
Update Adobe Flash Player
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Your PC appears to be clean and safe except for one piece of adware, probably a leftover.
Delete this file: c:\users\b\appdata\roaming\inst.exe

Just to be on the safe side:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan (or allow special installer).
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
There may not be a log if it finds nothing.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 20 October 2011 - 12:21 PM

I'm currently working on getting the updates I need for my computer so please do not close this thread, thanks!

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 20 October 2011 - 12:26 PM

No worries. Take your time..
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 21 October 2011 - 08:56 AM

When I was going to update IE I went to check which bit version of windows I had and it says I have 32 bit not a 64 bit system. So, how come I got an error with HiJackThis? Is it still just an error on their part? I'm currently running a scan with ESET but it's very slow. I've exited out and turned off any other malware or anti spyware programs but it seems slow still.

#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2011 - 09:37 AM

HijackThis has not been updated for several years and we no longer rely on it alone to uncover malware, which has become much more complex. Please read the Forum FAQ and post the other three logs requested. We will need the information in order to help you.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 21 October 2011 - 02:28 PM

I'm sorry, I just need to get this clear. Do all the logs requested? Malwarebytes, DDS, HijackThis, and Security Check? I just wanted to make sure I did them all that's why I'm asking beforehand!

#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2011 - 02:32 PM

I'm sorry, I just need to get this clear. Do all the logs requested? Malwarebytes, DDS, HijackThis, and Security Check? I just wanted to make sure I did them all that's why I'm asking beforehand!

No, I'm sorry - I meant to just explain why we needed them. You already posted them.
I'm currently analyzing your logs and will be back with you shortly.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2011 - 02:42 PM

Your logs look entirely clean.
Your default search page redirects you to http://compaq-desktop.aol.com/
Is that correct? I don't see any other redirection.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 21 October 2011 - 03:14 PM

For IE I think it is. I really don't use IE but since I have that brand of computer I would think that's right. That wasn't my issue though. It just was random tabs that came up out of nowhere to spam sites but I haven't had the problem since that night. There's no way of finding out if I have some sort of malware on my computer even if my logs look clean and my virus scans come up with nothing? It hasn't acted too strangely but I'm getting more errors with windows explorer lately but could that just be an conflict with another program? I'm sorry, I'm a bit paranoid. I'd hate to plug in my external hard drive to my computer with a virus.

#13 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2011 - 03:23 PM

There is no way to absolutely guarantee that there is no malware; new malware is created all the time and tools can't always keep up.

You can run some additional tools. TDSSKiller checks for rootkits and ComboFix can catch just about anything.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


After that:
Please download ComboFix.exe. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in another reply for further review, and let me know what problems remain.

Note that if there are any oddities after running ComboFix, rebooting again and running ComboFix again will usually clear them up.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#14 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 21 October 2011 - 05:17 PM

Here's my TDSSKiller Log. I'm having issues with the Combofix scanner because the AVG scanner turns on after 15 minutes and makes the scanner stop or cause an error. I'm going to try another one after this.

14:34:52.0182 5036 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
14:34:54.0184 5036 ============================================================
14:34:54.0184 5036 Current date / time: 2011/10/21 14:34:54.0184
14:34:54.0184 5036 SystemInfo:
14:34:54.0184 5036
14:34:54.0186 5036 OS Version: 6.0.6002 ServicePack: 2.0
14:34:54.0186 5036 Product type: Workstation
14:34:54.0186 5036 ComputerName: B-PC
14:34:54.0187 5036 UserName: B
14:34:54.0187 5036 Windows directory: C:\Windows
14:34:54.0187 5036 System windows directory: C:\Windows
14:34:54.0187 5036 Processor architecture: Intel x86
14:34:54.0187 5036 Number of processors: 1
14:34:54.0187 5036 Page size: 0x1000
14:34:54.0187 5036 Boot type: Normal boot
14:34:54.0187 5036 ============================================================
14:34:55.0773 5036 Initialize success
14:34:57.0441 5888 ============================================================
14:34:57.0441 5888 Scan started
14:34:57.0441 5888 Mode: Manual;
14:34:57.0441 5888 ============================================================
14:35:00.0077 5888 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:35:00.0143 5888 ACPI - ok
14:35:00.0339 5888 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:35:00.0359 5888 adp94xx - ok
14:35:00.0670 5888 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:35:00.0728 5888 adpahci - ok
14:35:00.0906 5888 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:35:00.0925 5888 adpu160m - ok
14:35:01.0109 5888 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:35:01.0125 5888 adpu320 - ok
14:35:01.0301 5888 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:35:01.0331 5888 AFD - ok
14:35:01.0494 5888 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:35:01.0510 5888 agp440 - ok
14:35:01.0651 5888 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:35:01.0667 5888 aic78xx - ok
14:35:01.0832 5888 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:35:01.0846 5888 aliide - ok
14:35:01.0990 5888 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:35:02.0005 5888 amdagp - ok
14:35:02.0138 5888 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:35:02.0151 5888 amdide - ok
14:35:02.0287 5888 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:35:02.0300 5888 AmdK7 - ok
14:35:02.0435 5888 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:35:02.0449 5888 AmdK8 - ok
14:35:02.0601 5888 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:35:02.0616 5888 arc - ok
14:35:02.0757 5888 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:35:02.0773 5888 arcsas - ok
14:35:02.0944 5888 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:35:02.0959 5888 AsyncMac - ok
14:35:03.0146 5888 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:35:03.0147 5888 atapi - ok
14:35:03.0374 5888 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
14:35:03.0389 5888 Avgfwfd - ok
14:35:03.0830 5888 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:35:03.0871 5888 AVGIDSDriver - ok
14:35:04.0100 5888 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:35:04.0127 5888 AVGIDSEH - ok
14:35:04.0402 5888 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:35:04.0418 5888 AVGIDSFilter - ok
14:35:04.0639 5888 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
14:35:04.0654 5888 AVGIDSShim - ok
14:35:04.0825 5888 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
14:35:04.0841 5888 Avgldx86 - ok
14:35:04.0984 5888 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
14:35:04.0999 5888 Avgmfx86 - ok
14:35:05.0235 5888 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
14:35:05.0250 5888 Avgrkx86 - ok
14:35:05.0501 5888 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
14:35:05.0519 5888 Avgtdix - ok
14:35:05.0688 5888 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:35:05.0697 5888 Beep - ok
14:35:05.0981 5888 blbdrive - ok
14:35:06.0142 5888 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:35:06.0155 5888 bowser - ok
14:35:06.0303 5888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:35:06.0315 5888 BrFiltLo - ok
14:35:06.0461 5888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:35:06.0470 5888 BrFiltUp - ok
14:35:06.0655 5888 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:35:06.0689 5888 Brserid - ok
14:35:06.0837 5888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:35:06.0851 5888 BrSerWdm - ok
14:35:07.0006 5888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:35:07.0019 5888 BrUsbMdm - ok
14:35:07.0180 5888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:35:07.0193 5888 BrUsbSer - ok
14:35:07.0330 5888 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:35:07.0344 5888 BTHMODEM - ok
14:35:07.0507 5888 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:35:07.0522 5888 cdfs - ok
14:35:07.0665 5888 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:35:07.0683 5888 cdrom - ok
14:35:07.0996 5888 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:35:08.0010 5888 circlass - ok
14:35:08.0175 5888 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:35:08.0267 5888 CLFS - ok
14:35:08.0507 5888 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:35:08.0520 5888 cmdide - ok
14:35:08.0666 5888 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:35:08.0681 5888 Compbatt - ok
14:35:09.0065 5888 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:35:09.0091 5888 crcdisk - ok
14:35:09.0434 5888 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:35:09.0446 5888 Crusoe - ok
14:35:09.0652 5888 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:35:09.0653 5888 DfsC - ok
14:35:09.0996 5888 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:35:10.0012 5888 disk - ok
14:35:10.0186 5888 DNIMp50 (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
14:35:10.0209 5888 DNIMp50 - ok
14:35:10.0349 5888 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
14:35:10.0364 5888 DNISp50 - ok
14:35:10.0631 5888 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:35:10.0656 5888 drmkaud - ok
14:35:10.0844 5888 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:35:10.0909 5888 DXGKrnl - ok
14:35:11.0075 5888 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:35:11.0090 5888 E1G60 - ok
14:35:11.0404 5888 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:35:11.0423 5888 Ecache - ok
14:35:11.0518 5888 eeCtrl (08035db1987412cced1d4201263776ed) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:35:11.0638 5888 eeCtrl - ok
14:35:12.0079 5888 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:35:12.0115 5888 elxstor - ok
14:35:12.0521 5888 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:35:12.0539 5888 exfat - ok
14:35:12.0686 5888 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:35:12.0703 5888 fastfat - ok
14:35:12.0856 5888 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:35:12.0872 5888 fdc - ok
14:35:13.0056 5888 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:35:13.0074 5888 FileInfo - ok
14:35:13.0216 5888 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:35:13.0231 5888 Filetrace - ok
14:35:13.0407 5888 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:35:13.0421 5888 flpydisk - ok
14:35:13.0571 5888 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:35:13.0789 5888 FltMgr - ok
14:35:13.0983 5888 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:35:13.0993 5888 Fs_Rec - ok
14:35:14.0140 5888 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:35:14.0158 5888 gagp30kx - ok
14:35:14.0329 5888 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:35:14.0357 5888 HdAudAddService - ok
14:35:14.0515 5888 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:35:14.0625 5888 HDAudBus - ok
14:35:14.0759 5888 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:35:14.0775 5888 HidBth - ok
14:35:14.0897 5888 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:35:14.0910 5888 HidIr - ok
14:35:15.0076 5888 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:35:15.0088 5888 HidUsb - ok
14:35:15.0251 5888 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:35:15.0280 5888 HpCISSs - ok
14:35:15.0472 5888 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
14:35:15.0522 5888 HSF_DP - ok
14:35:15.0724 5888 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:35:15.0769 5888 HSXHWBS2 - ok
14:35:15.0944 5888 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:35:16.0016 5888 HTTP - ok
14:35:16.0155 5888 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:35:16.0168 5888 i2omp - ok
14:35:16.0514 5888 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:35:16.0531 5888 i8042prt - ok
14:35:16.0792 5888 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:35:17.0388 5888 ialm - ok
14:35:17.0619 5888 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:35:17.0647 5888 iaStorV - ok
14:35:17.0806 5888 IDSvix86 (67070d3859bde8ef7dbc995ebd49227e) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys
14:35:17.0876 5888 IDSvix86 - ok
14:35:18.0216 5888 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:35:18.0240 5888 igfx - ok
14:35:18.0453 5888 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:35:18.0470 5888 iirsp - ok
14:35:18.0911 5888 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
14:35:19.0029 5888 IntcAzAudAddService - ok
14:35:19.0271 5888 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:35:19.0287 5888 intelide - ok
14:35:19.0515 5888 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:35:19.0530 5888 intelppm - ok
14:35:19.0757 5888 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:35:19.0786 5888 IpFilterDriver - ok
14:35:20.0312 5888 IpInIp - ok
14:35:20.0940 5888 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:35:21.0036 5888 IPMIDRV - ok
14:35:21.0684 5888 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:35:21.0703 5888 IPNAT - ok
14:35:22.0187 5888 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:35:22.0298 5888 IRENUM - ok
14:35:22.0941 5888 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:35:23.0104 5888 isapnp - ok
14:35:23.0881 5888 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:35:24.0107 5888 iScsiPrt - ok
14:35:24.0788 5888 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:35:24.0879 5888 iteatapi - ok
14:35:25.0457 5888 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:35:25.0496 5888 iteraid - ok
14:35:25.0638 5888 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:35:25.0655 5888 kbdclass - ok
14:35:25.0792 5888 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:35:25.0807 5888 kbdhid - ok
14:35:25.0984 5888 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:35:26.0083 5888 KSecDD - ok
14:35:26.0393 5888 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
14:35:26.0427 5888 Lbd - ok
14:35:26.0607 5888 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:35:26.0624 5888 lltdio - ok
14:35:26.0791 5888 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:35:26.0809 5888 LSI_FC - ok
14:35:26.0965 5888 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:35:26.0984 5888 LSI_SAS - ok
14:35:27.0169 5888 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:35:27.0188 5888 LSI_SCSI - ok
14:35:27.0332 5888 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:35:27.0351 5888 luafv - ok
14:35:27.0517 5888 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
14:35:27.0533 5888 MBAMProtector - ok
14:35:27.0698 5888 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:35:27.0710 5888 mdmxsdk - ok
14:35:27.0841 5888 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:35:27.0856 5888 megasas - ok
14:35:28.0047 5888 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:35:28.0063 5888 Modem - ok
14:35:28.0245 5888 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:35:28.0261 5888 monitor - ok
14:35:28.0411 5888 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:35:28.0430 5888 mouclass - ok
14:35:28.0604 5888 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:35:28.0617 5888 mouhid - ok
14:35:28.0768 5888 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:35:28.0787 5888 MountMgr - ok
14:35:29.0006 5888 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:35:29.0025 5888 mpio - ok
14:35:29.0211 5888 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:35:29.0229 5888 mpsdrv - ok
14:35:29.0379 5888 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:35:29.0395 5888 Mraid35x - ok
14:35:29.0590 5888 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:35:29.0609 5888 MRxDAV - ok
14:35:29.0763 5888 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:35:29.0784 5888 mrxsmb - ok
14:35:29.0955 5888 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:35:29.0974 5888 mrxsmb10 - ok
14:35:30.0141 5888 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:35:30.0158 5888 mrxsmb20 - ok
14:35:30.0295 5888 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:35:30.0312 5888 msahci - ok
14:35:30.0454 5888 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:35:30.0486 5888 msdsm - ok
14:35:30.0673 5888 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:35:30.0688 5888 Msfs - ok
14:35:30.0849 5888 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:35:30.0863 5888 msisadrv - ok
14:35:31.0044 5888 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:35:31.0057 5888 MSKSSRV - ok
14:35:31.0225 5888 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:35:31.0237 5888 MSPCLOCK - ok
14:35:31.0397 5888 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:35:31.0410 5888 MSPQM - ok
14:35:31.0583 5888 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:35:31.0598 5888 MsRPC - ok
14:35:31.0754 5888 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:35:31.0770 5888 mssmbios - ok
14:35:31.0946 5888 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:35:31.0958 5888 MSTEE - ok
14:35:32.0115 5888 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:35:32.0136 5888 Mup - ok
14:35:32.0332 5888 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:35:32.0351 5888 NativeWifiP - ok
14:35:32.0535 5888 NAVENG (7d4472a6d350f083acf7316216e14acd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070522.019\NAVENG.SYS
14:35:32.0552 5888 NAVENG - ok
14:35:32.0687 5888 NAVEX15 (72278e81ec294ba2dbfee646c0b17a8a) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070522.019\NAVEX15.SYS
14:35:32.0742 5888 NAVEX15 - ok
14:35:32.0960 5888 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:35:33.0016 5888 NDIS - ok
14:35:33.0195 5888 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:35:33.0211 5888 NdisTapi - ok
14:35:33.0468 5888 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:35:33.0487 5888 Ndisuio - ok
14:35:33.0662 5888 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:35:33.0681 5888 NdisWan - ok
14:35:33.0847 5888 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:35:33.0865 5888 NDProxy - ok
14:35:34.0066 5888 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:35:34.0084 5888 NetBIOS - ok
14:35:34.0257 5888 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:35:34.0276 5888 netbt - ok
14:35:34.0438 5888 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:35:34.0458 5888 nfrd960 - ok
14:35:34.0632 5888 npf (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
14:35:34.0651 5888 npf - ok
14:35:34.0806 5888 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:35:34.0821 5888 Npfs - ok
14:35:34.0998 5888 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:35:35.0014 5888 nsiproxy - ok
14:35:35.0212 5888 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:35:35.0286 5888 Ntfs - ok
14:35:35.0439 5888 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:35:35.0454 5888 ntrigdigi - ok
14:35:35.0598 5888 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:35:35.0606 5888 Null - ok
14:35:35.0760 5888 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:35:35.0779 5888 nvraid - ok
14:35:35.0932 5888 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:35:35.0948 5888 nvstor - ok
14:35:36.0119 5888 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:35:36.0138 5888 nv_agp - ok
14:35:36.0272 5888 NwlnkFlt - ok
14:35:36.0408 5888 NwlnkFwd - ok
14:35:36.0612 5888 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:35:36.0629 5888 ohci1394 - ok
14:35:36.0795 5888 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:35:36.0814 5888 Parport - ok
14:35:37.0000 5888 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:35:37.0019 5888 partmgr - ok
14:35:37.0175 5888 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:35:37.0190 5888 Parvdm - ok
14:35:37.0350 5888 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:35:37.0371 5888 pci - ok
14:35:37.0519 5888 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
14:35:37.0535 5888 pciide - ok
14:35:37.0709 5888 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:35:37.0740 5888 pcmcia - ok
14:35:38.0181 5888 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
14:35:38.0207 5888 pcouffin - ok
14:35:38.0405 5888 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:35:38.0476 5888 PEAUTH - ok
14:35:38.0718 5888 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:35:38.0735 5888 PptpMiniport - ok
14:35:38.0889 5888 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:35:38.0906 5888 Processor - ok
14:35:39.0111 5888 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:35:39.0113 5888 PSched - ok
14:35:39.0269 5888 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
14:35:39.0292 5888 PxHelp20 - ok
14:35:39.0532 5888 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:35:39.0687 5888 ql2300 - ok
14:35:39.0853 5888 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:35:39.0875 5888 ql40xx - ok
14:35:40.0056 5888 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:35:40.0057 5888 QWAVEdrv - ok
14:35:40.0212 5888 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:35:40.0228 5888 RasAcd - ok
14:35:40.0393 5888 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:35:40.0418 5888 Rasl2tp - ok
14:35:40.0644 5888 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:35:40.0661 5888 RasPppoe - ok
14:35:40.0871 5888 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:35:40.0890 5888 RasSstp - ok
14:35:41.0113 5888 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:35:41.0152 5888 rdbss - ok
14:35:41.0308 5888 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:35:41.0322 5888 RDPCDD - ok
14:35:41.0484 5888 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:35:41.0506 5888 rdpdr - ok
14:35:41.0718 5888 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:35:41.0728 5888 RDPENCDD - ok
14:35:41.0916 5888 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:35:41.0945 5888 RDPWD - ok
14:35:42.0153 5888 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:35:42.0180 5888 rspndr - ok
14:35:42.0353 5888 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:35:42.0377 5888 RTL8169 - ok
14:35:42.0972 5888 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:35:43.0216 5888 SASDIFSV - ok
14:35:43.0874 5888 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:35:43.0914 5888 SASKUTIL - ok
14:35:44.0144 5888 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:35:44.0174 5888 sbp2port - ok
14:35:44.0518 5888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:35:44.0530 5888 secdrv - ok
14:35:44.0696 5888 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:35:44.0712 5888 Serenum - ok
14:35:44.0859 5888 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:35:44.0878 5888 Serial - ok
14:35:45.0018 5888 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:35:45.0039 5888 sermouse - ok
14:35:45.0221 5888 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
14:35:45.0232 5888 sffdisk - ok
14:35:45.0372 5888 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
14:35:45.0389 5888 sffp_mmc - ok
14:35:45.0529 5888 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
14:35:45.0541 5888 sffp_sd - ok
14:35:45.0661 5888 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:35:45.0683 5888 sfloppy - ok
14:35:45.0845 5888 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:35:45.0863 5888 sisagp - ok
14:35:46.0007 5888 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:35:46.0027 5888 SiSRaid2 - ok
14:35:46.0179 5888 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:35:46.0197 5888 SiSRaid4 - ok
14:35:46.0601 5888 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:35:46.0620 5888 Smb - ok
14:35:46.0786 5888 SPBBCDrv (0fde4b4895d4691c4482ca67fa532be0) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:35:46.0826 5888 SPBBCDrv - ok
14:35:46.0979 5888 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:35:46.0991 5888 spldr - ok
14:35:47.0160 5888 SRTSP (ed5e9f3bf11d0bb770f652b22ec26465) C:\Windows\system32\Drivers\SRTSP.SYS
14:35:47.0182 5888 SRTSP - ok
14:35:47.0331 5888 SRTSPL (c70a2581e35e03c85f29aa1bc723659a) C:\Windows\system32\Drivers\SRTSPL.SYS
14:35:47.0356 5888 SRTSPL - ok
14:35:47.0548 5888 SRTSPX (05f2db228922e6b8a001ed83ee4d1153) C:\Windows\system32\Drivers\SRTSPX.SYS
14:35:47.0565 5888 SRTSPX - ok
14:35:47.0761 5888 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:35:47.0786 5888 srv - ok
14:35:47.0964 5888 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:35:47.0983 5888 srv2 - ok
14:35:48.0335 5888 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:35:48.0366 5888 srvnet - ok
14:35:48.0830 5888 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:35:48.0849 5888 swenum - ok
14:35:49.0049 5888 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:35:49.0069 5888 Symc8xx - ok
14:35:49.0297 5888 SymEvent (403bd24fa5c55fc648abdd039629a954) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:35:49.0350 5888 SymEvent - ok
14:35:49.0516 5888 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:35:49.0531 5888 Sym_hi - ok
14:35:49.0693 5888 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:35:49.0711 5888 Sym_u3 - ok
14:35:49.0933 5888 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
14:35:49.0994 5888 Tcpip - ok
14:35:50.0416 5888 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
14:35:50.0425 5888 Tcpip6 - ok
14:35:50.0605 5888 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:35:50.0618 5888 tcpipreg - ok
14:35:50.0768 5888 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:35:50.0783 5888 TDPIPE - ok
14:35:50.0941 5888 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:35:50.0960 5888 TDTCP - ok
14:35:51.0148 5888 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:35:51.0165 5888 tdx - ok
14:35:51.0354 5888 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:35:51.0367 5888 TermDD - ok
14:35:51.0632 5888 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:35:51.0648 5888 tssecsrv - ok
14:35:51.0807 5888 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:35:51.0821 5888 tunmp - ok
14:35:51.0990 5888 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:35:52.0005 5888 tunnel - ok
14:35:52.0157 5888 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:35:52.0178 5888 uagp35 - ok
14:35:52.0356 5888 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:35:52.0382 5888 udfs - ok
14:35:52.0605 5888 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:35:52.0621 5888 uliagpkx - ok
14:35:52.0779 5888 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:35:52.0802 5888 uliahci - ok
14:35:52.0945 5888 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:35:52.0962 5888 UlSata - ok
14:35:53.0155 5888 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:35:53.0175 5888 ulsata2 - ok
14:35:53.0453 5888 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:35:53.0465 5888 umbus - ok
14:35:53.0661 5888 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:35:53.0685 5888 usbccgp - ok
14:35:53.0856 5888 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:35:53.0872 5888 usbcir - ok
14:35:54.0030 5888 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:35:54.0051 5888 usbehci - ok
14:35:54.0206 5888 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:35:54.0226 5888 usbhub - ok
14:35:54.0386 5888 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:35:54.0402 5888 usbohci - ok
14:35:54.0570 5888 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:35:54.0582 5888 usbprint - ok
14:35:54.0727 5888 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:54.0746 5888 USBSTOR - ok
14:35:54.0889 5888 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:35:54.0903 5888 usbuhci - ok
14:35:55.0088 5888 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:35:55.0102 5888 vga - ok
14:35:55.0315 5888 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:35:55.0332 5888 VgaSave - ok
14:35:55.0489 5888 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:35:55.0506 5888 viaagp - ok
14:35:55.0651 5888 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:35:55.0668 5888 ViaC7 - ok
14:35:55.0820 5888 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:35:55.0833 5888 viaide - ok
14:35:55.0984 5888 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:35:56.0004 5888 volmgr - ok
14:35:56.0219 5888 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:35:56.0251 5888 volmgrx - ok
14:35:56.0403 5888 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:35:56.0431 5888 volsnap - ok
14:35:56.0591 5888 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:35:56.0612 5888 vsmraid - ok
14:35:56.0876 5888 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:35:56.0895 5888 WacomPen - ok
14:35:57.0106 5888 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:57.0123 5888 Wanarp - ok
14:35:57.0214 5888 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:57.0216 5888 Wanarpv6 - ok
14:35:57.0415 5888 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:35:57.0430 5888 Wd - ok
14:35:57.0595 5888 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:35:57.0652 5888 Wdf01000 - ok
14:35:57.0956 5888 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:35:58.0035 5888 winachsf - ok
14:35:58.0297 5888 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:35:58.0315 5888 WmiAcpi - ok
14:35:58.0586 5888 WPN111 (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\WPN111v.sys
14:35:58.0653 5888 WPN111 - ok
14:35:58.0818 5888 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:35:58.0832 5888 ws2ifsl - ok
14:35:59.0071 5888 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:35:59.0087 5888 WUDFRd - ok
14:35:59.0325 5888 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
14:35:59.0337 5888 XAudio - ok
14:35:59.0454 5888 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:35:59.0465 5888 \Device\Harddisk1\DR1 - ok
14:35:59.0498 5888 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
14:35:59.0533 5888 \Device\Harddisk0\DR0 - ok
14:35:59.0551 5888 Boot (0x1200) (cb69adc00ab9e0b4efdceea5ba795586) \Device\Harddisk1\DR1\Partition0
14:35:59.0553 5888 \Device\Harddisk1\DR1\Partition0 - ok
14:35:59.0571 5888 Boot (0x1200) (a815350610f7cdfabd26c6d948df2082) \Device\Harddisk0\DR0\Partition0
14:35:59.0572 5888 \Device\Harddisk0\DR0\Partition0 - ok
14:35:59.0664 5888 Boot (0x1200) (0968152f78acc83d7a830fe48cb68313) \Device\Harddisk0\DR0\Partition1
14:35:59.0665 5888 \Device\Harddisk0\DR0\Partition1 - ok
14:35:59.0670 5888 ============================================================
14:35:59.0670 5888 Scan finished
14:35:59.0670 5888 ============================================================
14:35:59.0701 4372 Detected object count: 0
14:35:59.0701 4372 Actual detected object count: 0
14:40:29.0591 4736 Deinitialize success

#15 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2011 - 05:31 PM

It looks as though you have three, maybe four, antiviruses running in resident (real time) mode.
Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
They can interfere with one another and actually decrease the level of protection. Select one to run in the background and use the others as on-demand manual scanners.

To facilitate running ComboFix: Please uninstall AVG. You can reinstall it later.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#16 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 21 October 2011 - 07:00 PM

Okay, I did as you said and uninstalled a few of those programs. Here is the ComboFix log.

ComboFix 11-10-21.06 - B 10/21/2011 17:36:43.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3319.2192 [GMT -7:00]
Running from: c:\users\B\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\B\AppData\Roaming\inst.exe
c:\users\B\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-22 00:48 . 2011-10-22 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 10:09 . 2011-10-21 10:09 -------- d-----w- c:\program files\ESET
2011-10-21 10:02 . 2011-10-21 10:02 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 10:00 . 2011-10-21 10:00 -------- d-----w- c:\program files\Java
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF31.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF20.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF1F.tmp
2011-10-21 09:47 . 2011-10-21 09:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-21 08:24 . 2011-10-21 08:24 -------- d-----w- c:\program files\Microsoft.NET
2011-10-21 08:05 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 07:18 . 2011-10-21 07:18 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-21 07:10 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-10-21 07:10 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-21 07:10 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-21 06:58 . 2011-10-21 06:58 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-21 06:56 . 2011-10-21 06:56 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-21 06:56 . 2011-10-21 06:56 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-21 06:56 . 2011-10-21 06:56 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-21 06:56 . 2011-10-21 06:56 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-21 06:56 . 2011-10-21 06:56 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-21 06:56 . 2011-10-21 06:56 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-21 06:56 . 2011-10-21 06:56 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-21 06:42 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-21 06:40 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-21 06:40 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-21 06:40 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-21 06:39 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-21 06:39 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-21 06:39 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-21 06:39 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-21 06:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-21 06:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-21 06:39 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-21 06:39 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-21 06:39 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-21 06:39 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-21 06:39 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-21 06:39 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-21 06:37 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-21 06:37 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-21 06:37 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-21 06:37 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-21 06:37 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-21 06:36 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-21 06:36 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-21 06:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-21 06:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-21 06:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-21 06:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-21 06:17 . 2011-10-21 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\{6CAEDAE7-64A9-4DF9-A8F6-4F46F71F16A5}
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\ca-ES
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\eu-ES
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\vi-VN
2011-10-21 04:50 . 2011-10-21 04:50 -------- d-----w- c:\windows\system32\EventProviders
2011-10-21 04:45 . 2009-04-11 06:27 1081856 ----a-w- c:\program files\Microsoft Games\Purble Place\PurblePlace.exe
2011-10-21 04:44 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll
2011-10-21 04:43 . 2009-04-11 06:32 223208 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-21 04:42 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2011-10-21 04:41 . 2009-04-11 06:28 42496 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll
2011-10-21 04:40 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-10-21 04:40 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-10-21 04:40 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-10-21 04:40 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-10-21 04:40 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-10-21 04:40 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-10-21 04:40 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-10-21 04:40 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-10-21 04:40 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-10-21 03:29 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-10-21 03:22 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-10-21 03:18 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-10-21 03:18 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-21 03:18 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-21 03:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-21 03:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-21 02:39 . 2011-10-21 02:39 -------- d-----w- C:\FCFB0163556615BD245C35281A
2011-10-21 02:30 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-21 02:30 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-21 02:30 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-21 02:30 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-21 02:30 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-21 02:28 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-10-21 02:27 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-10-21 02:27 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-10-21 02:27 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-21 02:27 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-21 02:27 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-21 02:25 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-21 02:25 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-10-21 02:25 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-21 02:25 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-10-21 02:25 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-21 02:25 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-10-21 02:25 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-10-21 02:25 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-21 02:25 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-21 02:25 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-10-21 01:44 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-21 01:44 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-21 01:42 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-21 01:42 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-21 01:40 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-10-21 01:03 . 2011-10-21 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\{9E06CBCE-AFF1-4F43-BFB6-88ACA7FB3FDC}
2011-10-21 00:46 . 2011-10-21 00:46 -------- d-----w- C:\PerfLogs
2011-10-21 00:13 . 2011-10-21 00:13 -------- d-----w- C:\27BD85E4744B83A63DCFC6C4D81AF53A
2011-10-20 23:56 . 2008-01-19 07:37 574976 ----a-w- c:\windows\system32\XPSSHHDR.dll
2011-10-20 23:55 . 2008-01-19 07:36 79360 ----a-w- c:\windows\system32\QUTIL.DLL
2011-10-20 23:54 . 2008-01-19 07:36 16384 ----a-w- c:\windows\system32\winusb.dll
2011-10-20 23:53 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2011-10-20 23:53 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-10-20 23:53 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-10-20 23:53 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-10-20 23:53 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2011-10-20 22:45 . 2011-10-21 10:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-20 22:25 . 2011-10-20 22:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-10-20 19:41 . 2011-10-20 19:41 -------- d-----w- C:\AF65CC7DFD6742B3B2FA790836C733C3
2011-10-20 19:30 . 2011-10-20 19:30 -------- d-----w- c:\windows\system32\x64
2011-10-20 19:28 . 2011-10-20 19:28 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-10-20 19:28 . 2011-10-20 19:28 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-10-20 19:28 . 2011-10-20 19:28 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-10-20 19:28 . 2011-10-20 19:28 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-10-20 19:28 . 2011-10-20 19:28 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-10-20 19:28 . 2011-10-20 19:28 471552 ----a-w- c:\windows\system32\secproc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 06:56 . 2011-10-21 06:56 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-10-21 00:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-21 00:16 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-20 22:23 . 2011-10-20 22:23 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-10-20 18:04 . 2011-10-20 18:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-09-29 06:53 . 2011-10-01 11:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-21 641400]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...592ca2f39c0d99" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2011-10-1 995328]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
S0 SASKUTIL;SASKUTIL; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-04 47360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\B\AppData\Roaming\Mozilla\Firefox\Profiles\exmqxbh0.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 17:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-21 17:54:27
ComboFix-quarantined-files.txt 2011-10-22 00:54
.
Pre-Run: 59,828,662,272 bytes free
Post-Run: 59,620,102,144 bytes free
.
- - End Of File - - 9457B29D7506D170445FFA140502A42B

#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2011 - 07:16 PM

That looks fine. I'd say your PC is clean.
But I do understand that you want to be as sure as possible. So you could do this:

Run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan (or allow special installer).
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic (there may not be any log if nothing was found).
  • Do not be alarmed if it finds the things ComboFix has quarantined in its Qoobox.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#18 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 23 October 2011 - 04:37 AM

Sorry, I wasn't able to use my computer for awhile as I was busy so I just now did a scan. Is it normal for it to scan for over almost 2 hours? Like the last time no log came up but I did as you said I went to log and all it had was this.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251


I guess it's safe to say that my computer is clean for now?

#19 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 23 October 2011 - 11:29 AM

I have a quick question, I'm sorry. I was looking in the Qoobox folder the program had created and then in the Quarantine folder it showed all the files or folders Combofix had deleted or removed. I thought they were deleted? Do I just leave those alone? I'm sorry if I'm asking too much I just thought it had removed that stuff.

Edited by marsspeaks, 23 October 2011 - 11:31 AM.


#20 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 23 October 2011 - 12:13 PM

It will be removed when we eventually uninstall ComboFix. In the meantime the files are kept in quarantine (they can't run) in case any need to be restored.

Please run ComboFix again and post its log so we can see if all is truly gone.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#21 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 23 October 2011 - 05:23 PM

So, I'm not quite sure what happened but one of drivers are infected or was infected. After I had gotten the log I tried to get on firefox to get on here it wouldn't come up but a pop up message came up saying "Illegal operation attempted on a registry key that has been marked for deletion" along with the path to the broswer. I tried this with IE and Chrome also and they both came up with the same message. I eventually had to run firefox under administrator.

ComboFix 11-10-23.02 - B 10/23/2011 17:46:30.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3319.2231 [GMT -7:00]
Running from: c:\users\B\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!WINDOWS!System32!drivers!atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-21 10:09 . 2011-10-21 10:09 -------- d-----w- c:\program files\ESET
2011-10-21 10:02 . 2011-10-21 10:02 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 10:00 . 2011-10-21 10:00 -------- d-----w- c:\program files\Java
2011-10-21 09:47 . 2011-10-21 09:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-21 08:24 . 2011-10-21 08:24 -------- d-----w- c:\program files\Microsoft.NET
2011-10-21 07:18 . 2011-10-21 07:18 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-21 07:07 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2011-10-21 07:07 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2011-10-21 07:07 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-10-21 07:07 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-10-21 07:07 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2011-10-21 07:07 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-10-21 07:07 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2011-10-21 06:58 . 2011-10-21 06:58 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-21 06:58 . 2011-10-21 06:58 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-10-21 06:58 . 2011-10-21 06:58 98816 ----a-w- c:\windows\system32\mfps.dll
2011-10-21 06:58 . 2011-10-21 06:58 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-10-21 06:58 . 2011-10-21 06:58 2873344 ----a-w- c:\windows\system32\mf.dll
2011-10-21 06:58 . 2011-10-21 06:58 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-10-21 06:58 . 2011-10-21 06:58 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-10-21 06:58 . 2011-10-21 06:58 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-10-21 06:58 . 2011-10-21 06:58 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-10-21 06:58 . 2011-10-21 06:58 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-21 06:58 . 2011-10-21 06:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-10-21 06:58 . 2011-10-21 06:58 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-10-21 06:56 . 2011-10-21 06:56 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-21 06:56 . 2011-10-21 06:56 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-21 06:56 . 2011-10-21 06:56 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-21 06:56 . 2011-10-21 06:56 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-21 06:42 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-21 06:40 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-21 06:40 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-21 06:40 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-21 06:39 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-21 06:39 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-21 06:39 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-21 06:39 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-21 06:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-21 06:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-21 06:39 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-21 06:39 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-21 06:39 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-21 06:39 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-21 06:37 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-21 06:37 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-21 06:37 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-21 06:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-21 06:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-21 06:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-21 06:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-21 06:17 . 2011-10-21 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\{6CAEDAE7-64A9-4DF9-A8F6-4F46F71F16A5}
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\ca-ES
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\eu-ES
2011-10-21 04:50 . 2011-10-21 04:50 -------- d-----w- c:\windows\system32\EventProviders
2011-10-21 04:46 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-10-21 04:46 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-10-21 04:46 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-10-21 04:46 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-10-21 04:46 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-10-21 04:46 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-10-21 04:46 . 2009-04-11 06:28 1305600 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2011-10-21 04:46 . 2009-02-18 18:39 779136 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-10-21 04:46 . 2009-04-11 04:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2011-10-21 04:46 . 2009-04-11 06:28 2241536 ----a-w- c:\windows\system32\msi.dll
2011-10-21 04:46 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2011-10-21 04:46 . 2009-04-11 06:27 2820608 ----a-w- c:\program files\Microsoft Games\Chess\Chess.exe
2011-10-21 04:44 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll
2011-10-21 04:43 . 2009-04-11 06:32 223208 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-21 04:42 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2011-10-21 04:41 . 2009-04-11 06:28 42496 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll
2011-10-21 04:40 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-10-21 04:40 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-10-21 04:40 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-10-21 04:40 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-10-21 04:40 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-10-21 04:40 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-10-21 04:40 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-10-21 03:21 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-10-21 03:18 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-10-21 03:18 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-21 03:18 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-21 03:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-21 02:39 . 2011-10-21 02:39 -------- d-----w- C:\FCFB0163556615BD245C35281A
2011-10-21 02:30 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-21 02:30 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-21 02:30 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-21 02:30 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-21 02:30 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-21 02:28 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-10-21 02:27 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-10-21 02:27 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-21 02:27 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-21 02:27 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-21 02:26 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-10-21 02:26 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-21 02:26 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-21 02:26 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-21 02:26 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-21 02:26 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-10-21 02:26 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-10-21 02:26 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-10-21 02:25 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-21 02:25 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-10-21 02:25 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-21 02:25 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-21 02:25 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-10-21 02:25 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-10-21 02:25 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-21 02:25 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-10-21 01:44 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-21 01:42 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-21 01:42 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-21 01:40 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-10-21 01:03 . 2011-10-21 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\{9E06CBCE-AFF1-4F43-BFB6-88ACA7FB3FDC}
2011-10-21 00:46 . 2011-10-21 00:46 -------- d-----w- C:\PerfLogs
2011-10-21 00:13 . 2011-10-21 00:13 -------- d-----w- C:\27BD85E4744B83A63DCFC6C4D81AF53A
2011-10-20 23:56 . 2008-01-19 07:34 344576 ----a-w- c:\windows\system32\msdtckrm.dll
2011-10-20 23:55 . 2008-01-19 07:36 79360 ----a-w- c:\windows\system32\QUTIL.DLL
2011-10-20 23:54 . 2008-01-19 07:34 32768 ----a-w- c:\windows\system32\dispex.dll
2011-10-20 23:53 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-10-20 23:53 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-10-20 23:53 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2011-10-20 22:45 . 2011-10-21 10:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF31.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF20.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF1F.tmp
2011-10-21 07:00 . 2011-10-21 07:00 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-10-21 07:00 . 2011-10-21 07:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-21 07:00 . 2011-10-21 07:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-21 07:00 . 2011-10-21 07:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-21 07:00 . 2011-10-21 07:00 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-21 07:00 . 2011-10-21 07:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-21 06:58 . 2011-10-21 06:58 586240 ----a-w- c:\windows\system32\stobject.dll
2011-10-21 06:58 . 2011-10-21 06:58 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-10-21 06:58 . 2011-10-21 06:58 258048 ----a-w- c:\windows\system32\winspool.drv
2011-10-21 06:56 . 2011-10-21 06:56 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-10-21 06:56 . 2011-10-21 06:56 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-21 06:56 . 2011-10-21 06:56 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-21 06:56 . 2011-10-21 06:56 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-21 00:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-21 00:16 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-20 22:25 . 2011-10-20 22:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-10-20 22:23 . 2011-10-20 22:23 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-10-20 19:28 . 2011-10-20 19:28 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-10-20 19:28 . 2011-10-20 19:28 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-10-20 19:28 . 2011-10-20 19:28 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-10-20 19:28 . 2011-10-20 19:28 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-10-20 19:28 . 2011-10-20 19:28 471552 ----a-w- c:\windows\system32\secproc.dll
2011-10-20 19:27 . 2011-10-20 19:27 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-10-20 19:27 . 2011-10-20 19:27 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-10-20 19:27 . 2011-10-20 19:27 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-10-20 18:26 . 2011-10-20 18:26 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-10-20 18:04 . 2011-10-20 18:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-10-20 17:57 . 2011-10-20 17:57 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-10-20 16:48 . 2011-10-20 16:48 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-10-20 16:48 . 2011-10-20 16:48 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-10-20 16:46 . 2011-10-20 16:46 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-10-20 16:46 . 2011-10-20 16:46 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-10-20 16:46 . 2011-10-20 16:46 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-10-20 16:46 . 2011-10-20 16:46 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-10-20 16:46 . 2011-10-20 16:46 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-10-20 16:44 . 2011-10-20 16:44 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-10-20 16:44 . 2011-10-20 16:44 72704 ----a-w- c:\windows\system32\secur32.dll
2011-10-20 16:43 . 2011-10-20 16:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-10-20 16:39 . 2011-10-20 16:39 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-10-20 16:29 . 2011-10-20 16:29 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-10-20 16:29 . 2011-10-20 16:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-10-20 16:27 . 2011-10-20 16:27 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-10-20 16:25 . 2011-10-20 16:25 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-10-20 16:24 . 2011-10-20 16:24 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-10-20 12:56 . 2011-10-20 12:56 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-10-20 12:53 . 2011-10-20 12:53 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-10-20 12:52 . 2011-10-20 12:52 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-10-20 12:51 . 2011-10-20 12:51 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-10-20 12:49 . 2011-10-20 12:49 243712 ----a-w- c:\windows\system32\rastls.dll
2011-10-20 12:49 . 2011-10-20 12:49 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-10-20 07:29 . 2011-10-20 07:29 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-10-20 07:29 . 2011-10-20 07:29 44768 ----a-w- c:\windows\system32\wups2.dll
2011-10-20 07:29 . 2011-10-20 07:29 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-10-20 07:29 . 2011-10-20 07:29 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-10-20 07:27 . 2011-10-20 07:27 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-10-20 07:27 . 2011-10-20 07:27 35552 ----a-w- c:\windows\system32\wups.dll
2011-10-20 07:27 . 2011-10-20 07:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-10-20 07:26 . 2011-10-20 07:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-10-20 07:26 . 2011-10-20 07:26 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-09-06 13:30 . 2011-10-21 06:37 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15 . 2011-10-21 06:37 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-09-29 06:53 . 2011-10-01 11:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-21 641400]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...592ca2f39c0d99" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2011-10-1 995328]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-04 47360]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2008-08-04 904192]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\B\AppData\Roaming\Mozilla\Firefox\Profiles\exmqxbh0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 18:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP000000023740D6938B8CC974 524288 bytes
c:\users\B\AppData\Roaming\Microsoft\Windows\Cookies\8JL7LMTE.txt 91 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\schtasks.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-10-23 18:14:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-24 01:13
ComboFix2.txt 2011-10-22 00:54
.
Pre-Run: 51,649,478,656 bytes free
Post-Run: 51,308,367,872 bytes free
.
- - End Of File - - 943C503824010BBCC6977F5CA10FEDA0

#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 23 October 2011 - 05:27 PM

Reboot - that will fix most oddities. After reboot run ComboFix again.

You are not running it from the Desktop and you didn't have Windows Defender disabled, but that seems to have been OK.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#23 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 23 October 2011 - 05:51 PM

Should I try to download to my desktop this time? Would I have to uninstall it and download it again?


Another question, sorry but how do i turn off windows defender? I don't see that option anywhere :/

Edited by marsspeaks, 23 October 2011 - 05:53 PM.


#24 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 23 October 2011 - 05:55 PM

Did the reboot fix up your Firefox?

The best thing would be delete the ComboFix icon from where it is.

Then please download ComboFix.exe. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#25 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 23 October 2011 - 06:32 PM

Yes, firefox was fixed.

I'm not sure if it shows up in the log but in the window screen for ComboFix it said something about not being able to reading something but before I could read it all it closed out. I wasn't quite sure what that was about.

ComboFix 11-10-23.03 - B 10/23/2011 19:14:03.6.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3319.2457 [GMT -7:00]
Running from: c:\users\B\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-23 23:44 . 2011-10-23 23:44 -------- d-----w- c:\program files\Common Files\Barbie
2011-10-23 23:44 . 2011-10-23 23:44 -------- d-----w- c:\program files\Barbie™
2011-10-23 23:44 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-10-22 05:07 . 2011-10-22 05:08 -------- d-----w- c:\program files\Trillian
2011-10-22 01:06 . 2011-10-18 09:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C3351DA-DBC1-4F12-B84B-8B2519CF6CC0}\mpengine.dll
2011-10-22 01:05 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-21 10:09 . 2011-10-21 10:09 -------- d-----w- c:\program files\ESET
2011-10-21 10:02 . 2011-10-21 10:02 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 10:00 . 2011-10-21 10:00 -------- d-----w- c:\program files\Java
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF31.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF20.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF1F.tmp
2011-10-21 09:47 . 2011-10-21 09:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-21 08:24 . 2011-10-21 08:24 -------- d-----w- c:\program files\Microsoft.NET
2011-10-21 08:05 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 07:18 . 2011-10-21 07:18 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-21 07:10 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-10-21 07:10 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-21 07:10 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-21 06:58 . 2011-10-21 06:58 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-21 06:56 . 2011-10-21 06:56 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-21 06:56 . 2011-10-21 06:56 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-21 06:56 . 2011-10-21 06:56 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-21 06:56 . 2011-10-21 06:56 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-21 06:56 . 2011-10-21 06:56 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-21 06:56 . 2011-10-21 06:56 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-21 06:56 . 2011-10-21 06:56 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-21 06:42 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-21 06:40 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-21 06:40 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-21 06:40 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-21 06:39 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-21 06:39 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-21 06:39 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-21 06:39 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-21 06:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-21 06:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-21 06:39 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-21 06:39 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-21 06:39 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-21 06:39 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-21 06:39 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-21 06:39 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-21 06:37 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-21 06:37 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-21 06:37 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-21 06:37 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-21 06:37 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-21 06:36 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-21 06:36 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-21 06:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-21 06:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-21 06:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-21 06:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-21 06:17 . 2011-10-21 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\{6CAEDAE7-64A9-4DF9-A8F6-4F46F71F16A5}
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\ca-ES
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\eu-ES
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\vi-VN
2011-10-21 04:50 . 2011-10-21 04:50 -------- d-----w- c:\windows\system32\EventProviders
2011-10-21 04:45 . 2009-04-11 06:27 1081856 ----a-w- c:\program files\Microsoft Games\Purble Place\PurblePlace.exe
2011-10-21 04:44 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll
2011-10-21 04:43 . 2009-04-11 06:32 223208 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-21 04:42 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2011-10-21 04:41 . 2009-04-11 06:28 42496 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll
2011-10-21 04:40 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-10-21 04:40 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-10-21 04:40 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-10-21 04:40 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-10-21 04:40 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-10-21 04:40 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-10-21 04:40 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-10-21 04:40 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-10-21 04:40 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-10-21 03:29 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-10-21 03:22 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-10-21 03:18 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-10-21 03:18 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-21 03:18 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-21 03:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-21 03:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-21 02:39 . 2011-10-21 02:39 -------- d-----w- C:\FCFB0163556615BD245C35281A
2011-10-21 02:30 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-21 02:30 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-21 02:30 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-21 02:30 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-21 02:30 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-21 02:28 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-10-21 02:27 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-10-21 02:27 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-10-21 02:27 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-21 02:27 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-21 02:27 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-21 02:25 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-21 02:25 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-10-21 02:25 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-21 02:25 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-10-21 02:25 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-21 02:25 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-10-21 02:25 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-10-21 02:25 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-21 02:25 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-21 02:25 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-10-21 01:44 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-21 01:44 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-21 01:42 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-21 01:42 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-21 01:40 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-10-21 01:03 . 2011-10-21 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\{9E06CBCE-AFF1-4F43-BFB6-88ACA7FB3FDC}
2011-10-21 00:46 . 2011-10-21 00:46 -------- d-----w- C:\PerfLogs
2011-10-21 00:13 . 2011-10-21 00:13 -------- d-----w- C:\27BD85E4744B83A63DCFC6C4D81AF53A
2011-10-20 23:56 . 2008-01-19 07:37 574976 ----a-w- c:\windows\system32\XPSSHHDR.dll
2011-10-20 23:55 . 2008-01-19 07:36 79360 ----a-w- c:\windows\system32\QUTIL.DLL
2011-10-20 23:54 . 2008-01-19 07:36 16384 ----a-w- c:\windows\system32\winusb.dll
2011-10-20 23:53 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2011-10-20 23:53 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-10-20 23:53 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-10-20 23:53 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-10-20 23:53 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2011-10-20 22:45 . 2011-10-21 10:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-20 22:25 . 2011-10-20 22:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-10-20 19:41 . 2011-10-20 19:41 -------- d-----w- C:\AF65CC7DFD6742B3B2FA790836C733C3
2011-10-20 19:30 . 2011-10-20 19:30 -------- d-----w- c:\windows\system32\x64
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 06:56 . 2011-10-21 06:56 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-10-21 00:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-21 00:16 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-20 22:23 . 2011-10-20 22:23 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-10-20 18:04 . 2011-10-20 18:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-09-29 06:53 . 2011-10-01 11:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-21 641400]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...592ca2f39c0d99" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2011-10-1 995328]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-04 47360]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2008-08-04 904192]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\B\AppData\Roaming\Mozilla\Firefox\Profiles\exmqxbh0.default\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-23 19:28:21
ComboFix-quarantined-files.txt 2011-10-24 02:28
ComboFix2.txt 2011-10-24 01:14
ComboFix3.txt 2011-10-22 00:54
.
Pre-Run: 51,329,007,616 bytes free
Post-Run: 52,002,701,312 bytes free
.
- - End Of File - - 1DDB576C9FC824E20BA7FA5A7F6ACFBE

#26 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 23 October 2011 - 06:45 PM

That looks excellent. I believe your PC is clean and you can go ahead and transfer files to your other disk without fear of infecting it.

Please do this cleanup:

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop.

Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#27 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 23 October 2011 - 08:10 PM

Thanks! I just transferred some stuff to my external hd and I hope I'm not asking for too much but could you read this one last scan? No infection came up but I just want to be sure I also didn't get anything from my ext. hd either. Better be safe then sorry and thanks for the tips!

ComboFix 11-10-23.03 - B 10/23/2011 20:47:06.8.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3319.2299 [GMT -7:00]
Running from: c:\users\B\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 03:57 . 2011-10-24 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-23 23:44 . 2011-10-23 23:44 -------- d-----w- c:\program files\Common Files\Barbie
2011-10-23 23:44 . 2011-10-23 23:44 -------- d-----w- c:\program files\Barbie™
2011-10-23 23:44 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-10-22 05:07 . 2011-10-22 05:08 -------- d-----w- c:\program files\Trillian
2011-10-22 01:06 . 2011-10-18 09:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C3351DA-DBC1-4F12-B84B-8B2519CF6CC0}\mpengine.dll
2011-10-22 01:05 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-21 10:09 . 2011-10-21 10:09 -------- d-----w- c:\program files\ESET
2011-10-21 10:02 . 2011-10-21 10:02 -------- d-----w- c:\program files\Common Files\Java
2011-10-21 10:00 . 2011-10-21 10:00 -------- d-----w- c:\program files\Java
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF31.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF20.tmp
2011-10-21 09:52 . 2011-10-21 09:52 0 ----a-w- c:\windows\system32\RENF1F.tmp
2011-10-21 09:47 . 2011-10-21 09:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-21 08:24 . 2011-10-21 08:24 -------- d-----w- c:\program files\Microsoft.NET
2011-10-21 08:05 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-21 07:18 . 2011-10-21 07:18 -------- d-----w- c:\program files\Windows Portable Devices
2011-10-21 07:10 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-10-21 07:10 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-10-21 07:10 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-10-21 06:58 . 2011-10-21 06:58 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-21 06:56 . 2011-10-21 06:56 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-21 06:56 . 2011-10-21 06:56 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-21 06:56 . 2011-10-21 06:56 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-21 06:56 . 2011-10-21 06:56 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-21 06:56 . 2011-10-21 06:56 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-21 06:56 . 2011-10-21 06:56 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-21 06:56 . 2011-10-21 06:56 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-21 06:42 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-21 06:40 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-21 06:40 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-21 06:40 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-21 06:39 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-21 06:39 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-21 06:39 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-21 06:39 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-21 06:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-21 06:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-10-21 06:39 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-21 06:39 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-21 06:39 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-21 06:39 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-21 06:39 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-21 06:39 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-21 06:37 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-21 06:37 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-21 06:37 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-21 06:37 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-21 06:37 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-21 06:36 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-21 06:36 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-21 06:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-21 06:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-21 06:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-21 06:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-21 06:17 . 2011-10-21 06:18 -------- d-----w- c:\windows\system32\config\systemprofile\{6CAEDAE7-64A9-4DF9-A8F6-4F46F71F16A5}
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\ca-ES
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\eu-ES
2011-10-21 05:35 . 2011-10-21 05:37 -------- d-----w- c:\windows\system32\vi-VN
2011-10-21 04:50 . 2011-10-21 04:50 -------- d-----w- c:\windows\system32\EventProviders
2011-10-21 04:45 . 2009-04-11 06:27 1081856 ----a-w- c:\program files\Microsoft Games\Purble Place\PurblePlace.exe
2011-10-21 04:44 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll
2011-10-21 04:43 . 2009-04-11 06:32 223208 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-21 04:42 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2011-10-21 04:41 . 2009-04-11 06:28 42496 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll
2011-10-21 04:40 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-10-21 04:40 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-10-21 04:40 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-10-21 04:40 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-10-21 04:40 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-21 04:40 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-10-21 04:40 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-10-21 04:40 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-10-21 04:40 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-10-21 04:40 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-10-21 03:29 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-10-21 03:22 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-10-21 03:18 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-10-21 03:18 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-10-21 03:18 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-10-21 03:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-21 03:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-21 02:39 . 2011-10-21 02:39 -------- d-----w- C:\FCFB0163556615BD245C35281A
2011-10-21 02:30 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-21 02:30 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-21 02:30 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-10-21 02:30 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-21 02:30 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-21 02:28 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2011-10-21 02:27 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-10-21 02:27 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-10-21 02:27 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-10-21 02:27 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-21 02:27 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-21 02:25 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-10-21 02:25 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-10-21 02:25 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-10-21 02:25 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-10-21 02:25 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-21 02:25 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-10-21 02:25 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-10-21 02:25 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-21 02:25 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-21 02:25 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-10-21 01:44 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-10-21 01:44 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-21 01:42 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-10-21 01:42 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-10-21 01:40 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-10-21 01:03 . 2011-10-21 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\{9E06CBCE-AFF1-4F43-BFB6-88ACA7FB3FDC}
2011-10-21 00:46 . 2011-10-21 00:46 -------- d-----w- C:\PerfLogs
2011-10-21 00:13 . 2011-10-21 00:13 -------- d-----w- C:\27BD85E4744B83A63DCFC6C4D81AF53A
2011-10-20 23:56 . 2008-01-19 07:37 574976 ----a-w- c:\windows\system32\XPSSHHDR.dll
2011-10-20 23:55 . 2008-01-19 07:36 79360 ----a-w- c:\windows\system32\QUTIL.DLL
2011-10-20 23:54 . 2008-01-19 07:36 16384 ----a-w- c:\windows\system32\winusb.dll
2011-10-20 23:53 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2011-10-20 23:53 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-10-20 23:53 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-10-20 23:53 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-10-20 23:53 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll
2011-10-20 22:45 . 2011-10-21 10:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-20 22:25 . 2011-10-20 22:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-10-20 19:41 . 2011-10-20 19:41 -------- d-----w- C:\AF65CC7DFD6742B3B2FA790836C733C3
2011-10-20 19:30 . 2011-10-20 19:30 -------- d-----w- c:\windows\system32\x64
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-21 06:56 . 2011-10-21 06:56 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-10-21 00:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-21 00:16 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-10-20 22:23 . 2011-10-20 22:23 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2011-10-20 18:04 . 2011-10-20 18:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-09-29 06:53 . 2011-10-01 11:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-10-21 641400]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...592ca2f39c0d99" [?]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2011-10-1 995328]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-04 47360]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2008-08-04 904192]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\B\AppData\Roaming\Mozilla\Firefox\Profiles\exmqxbh0.default\
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-23 21:03:29
ComboFix-quarantined-files.txt 2011-10-24 04:03
ComboFix2.txt 2011-10-24 02:28
ComboFix3.txt 2011-10-24 01:14
ComboFix4.txt 2011-10-22 00:54
.
Pre-Run: 51,917,471,744 bytes free
Post-Run: 51,889,823,744 bytes free
.
- - End Of File - - 356034787E7B86B372CE2F5F7D36F7ED

#28 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 23 October 2011 - 09:25 PM

The log looks fine.
Be sure to uninstall Combo Fix now. This is necessary to remove its Qoobox quarantine folder and the various drivers it added to Windows.
Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'.


You might want to scan the other drive.

Run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan (or allow special installer).
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • By default it will scan all hard drives. You can optionally click Change and select the drive(s) you want scanned.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Disable your other protections.
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
It may not make a log if nothing is found.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#29 marsspeaks

marsspeaks

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 24 October 2011 - 05:33 PM

Yeah, nothing came up. My external hard drive appears to be clean. I did a scan with AVG and Malwarebytes as well and nothing came up. Thanks so much for the help and tips! =)

#30 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 24 October 2011 - 05:34 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button