View Full Version : HP Laptop with redirector
drjohnamy
2011-12-21, 03:21
Hi again, this time my laptop has a bug. It's an HP G62 runnung Windows 7 Home Premium SP1 with AMD Athlon II p320 dual core 2.09 GHz, 64 bit.
I have WIN 7 Security 2012 popping up all over the place. I ran Registry Mechanic and SpyBot S&D, but no help. I've booted up in safe mode and run ERUNT ans DDS.
Thanks in advance for your help.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by John at 19:28:20 on 2011-12-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1935 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OCAEBNDVDUpdate] C:\Program Files (x86)\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe /update
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C} : NameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\2427566716274675962756C6563737D2843523 : DhcpNameServer = 192.168.192.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\24C657563456461627D27657563747 : DhcpNameServer = 69.1.30.11 69.1.30.10
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\2656C6B696E6E2266616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\37471697262796467656 : DhcpNameServer = 69.1.30.10 69.1.30.11 8.8.8.8
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}\C696E6B6379737 : DhcpNameServer = 69.1.30.11 69.1.30.10
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-3-14 632792]
S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-14 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-21 00:26:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0EEB740A-0034-4066-B636-6B455B2CF609}\offreg.dll
2011-12-20 01:25:24 -------- d-----we C:\Windows\system64
2011-12-20 01:25:05 337408 ----a-w- C:\Users\John\AppData\Local\eqb.exe
2011-12-20 01:25:04 337408 ----a-w- C:\Users\John\AppData\Local\eqy.exe
2011-12-19 23:57:47 -------- d-----w- C:\Users\John\AppData\Local\{99D0F5F1-5DE7-4ADB-A373-DC1B84194381}
2011-12-19 23:57:35 -------- d-----w- C:\Users\John\AppData\Local\{50CC582F-FE5C-42C8-9F56-D7488F8E07A0}
2011-12-18 17:14:24 -------- d-----w- C:\Users\John\AppData\Local\{51C2C4EE-E09F-4E70-8911-EA335DC06FE0}
2011-12-18 17:14:12 -------- d-----w- C:\Users\John\AppData\Local\{7A7477AE-7AE1-4B0E-B2B5-471E63864151}
2011-12-18 02:12:55 -------- d-----w- C:\Users\John\AppData\Local\{2E2CC646-C1FA-41C2-855F-FFBED5192AC4}
2011-12-18 02:12:43 -------- d-----w- C:\Users\John\AppData\Local\{AC05147B-0B13-4DE2-9498-1B2C560F6EC7}
2011-12-18 01:10:03 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0EEB740A-0034-4066-B636-6B455B2CF609}\mpengine.dll
2011-12-16 01:07:30 -------- d-----w- C:\Users\John\AppData\Local\{98C8B4BC-D646-429C-99EE-A41DBDBF87A9}
2011-12-16 01:07:18 -------- d-----w- C:\Users\John\AppData\Local\{838F1832-3563-4FDE-9B4B-4551B3012D78}
2011-12-15 01:53:21 -------- d-----w- C:\Users\John\AppData\Local\{AABFC1F2-D1AF-438F-9F03-52FAE652141B}
2011-12-15 01:53:09 -------- d-----w- C:\Users\John\AppData\Local\{BAAE2F96-DC15-4046-9943-A237D07A272F}
2011-12-15 01:31:28 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 01:31:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 01:31:26 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 01:31:24 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 01:31:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 01:31:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 00:40:44 -------- d-----w- C:\Users\John\AppData\Local\{0ADA6A77-F4A0-4AD8-88F7-B6740C803C9A}
2011-12-14 00:40:32 -------- d-----w- C:\Users\John\AppData\Local\{09D89E92-A46C-43A5-8D56-5A4DC0A203A3}
2011-12-09 22:17:56 -------- d-----w- C:\Users\John\AppData\Local\{CAF47799-95A2-46EE-903D-668DC1B317E2}
2011-12-09 22:17:44 -------- d-----w- C:\Users\John\AppData\Local\{11DBD611-83DE-426A-93AB-39EDB7367AE1}
2011-12-08 01:16:42 -------- d-----w- C:\Users\John\AppData\Local\{EAE4756C-2562-4BE1-B555-C681B28FBA9D}
2011-12-08 01:16:30 -------- d-----w- C:\Users\John\AppData\Local\{7C427E85-C635-4DCB-8046-58AE52B9EA87}
2011-12-07 02:21:36 -------- d-----w- C:\Users\John\AppData\Local\{6ED50E27-5BDF-401B-91AA-EC046ADE5FD4}
2011-12-07 02:21:24 -------- d-----w- C:\Users\John\AppData\Local\{B32846B8-61C1-4F77-B435-DFA4AE6D6B95}
2011-12-05 23:49:54 -------- d-----w- C:\Users\John\AppData\Local\{53EE16BA-3630-4FDA-BE72-32D531683F41}
2011-12-05 23:49:42 -------- d-----w- C:\Users\John\AppData\Local\{1C18891E-905E-43BA-A335-7EB644A4215C}
2011-12-05 01:18:44 -------- d-----w- C:\Users\John\AppData\Local\{644B3241-3050-4FAA-A924-52FFF974511C}
2011-12-04 00:30:55 -------- d-----w- C:\Users\John\AppData\Local\{3EE0D181-BDC3-41CA-AAA6-C101600669FD}
2011-12-04 00:30:43 -------- d-----w- C:\Users\John\AppData\Local\{B59A586F-ABD0-4440-B6BE-3AE927F54C55}
2011-12-03 00:53:23 -------- d-----w- C:\Users\John\AppData\Local\{703877FB-8E99-4F86-9115-175AD5CFCBA0}
2011-12-03 00:53:10 -------- d-----w- C:\Users\John\AppData\Local\{1970521A-C4E0-42B8-8B91-138CEF36FE17}
2011-12-01 23:12:41 -------- d-----w- C:\Users\John\AppData\Local\{A7675990-E740-4573-8A6F-E5259968A586}
2011-12-01 23:12:29 -------- d-----w- C:\Users\John\AppData\Local\{52168579-FE60-4585-AE60-7C31758893D8}
2011-11-30 23:35:05 -------- d-----w- C:\Users\John\AppData\Local\{BD35689A-9278-4CAF-B72F-6971DBD38D81}
2011-11-30 23:34:53 -------- d-----w- C:\Users\John\AppData\Local\{F9071B22-B45E-4636-A92A-B544D9918283}
2011-11-29 23:47:46 -------- d-----w- C:\Users\John\AppData\Local\{B75B7BAB-48FC-460A-B12F-FFB171D136A5}
2011-11-29 23:47:34 -------- d-----w- C:\Users\John\AppData\Local\{2E2AC596-B5B1-477D-9F01-BF85C893D9FA}
2011-11-28 23:17:33 -------- d-----w- C:\Users\John\AppData\Local\{CE2694E4-2580-493C-B504-B12E8396CD76}
2011-11-28 23:17:20 -------- d-----w- C:\Users\John\AppData\Local\{439C3738-8B98-4DAB-B61D-830F3D256927}
2011-11-25 23:47:19 -------- d-----w- C:\Users\John\AppData\Local\{7BFDF869-B904-4B82-B42E-51D56C0E8F51}
2011-11-25 23:47:05 -------- d-----w- C:\Users\John\AppData\Local\{DE0FEC84-662D-4495-A983-A241B0CBF14C}
2011-11-23 23:52:21 -------- d-----w- C:\Users\John\AppData\Local\{ED7E149F-6ADC-4FE2-BA1B-604BA44B8B9E}
2011-11-23 23:52:08 -------- d-----w- C:\Users\John\AppData\Local\{EC7EF1F4-11A2-431E-98EA-8C3FA4F850FF}
2011-11-21 23:48:02 -------- d-----w- C:\Users\John\AppData\Local\{7362F4B4-4ACD-447F-BC80-7A2BF9C023ED}
2011-11-21 23:47:49 -------- d-----w- C:\Users\John\AppData\Local\{1CD7C4ED-1577-4137-B3E8-33249F393FE6}
2011-11-21 01:24:55 -------- d-----w- C:\Users\John\AppData\Local\{F9F340F8-A29B-4D79-A82F-BF2507A0F976}
2011-11-21 01:24:43 -------- d-----w- C:\Users\John\AppData\Local\{8F4B6251-8ABD-4104-BB96-1900C92AB249}
.
==================== Find3M ====================
.
2011-11-11 01:40:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:30:02.47 ===============
shelf life
2011-12-25, 04:09
hi drjohnamy,
Your post is a few days old. If you still need help with the problem simply reply back.
drjohnamy
2011-12-25, 17:17
I have not booted the computer since I ran DDS.
shelf life
2011-12-25, 19:36
hi,
I have not booted the computer since I ran DDS.
Ok, thats a good thing.
see if you can download and install Malwarebytes and we will start with that.
Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
You may have problems trying to run a .exe. Try the above and we will go from there.
drjohnamy
2011-12-25, 23:32
Hi,
I downloaded MBAM to a jump drive, booted the HP in safemode wth networking, it updated MBAM and ran the scan. When it rebooted I saw my real homepage for the first time in days...
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122503
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
12/25/2011 4:20:01 PM
mbam-log-2011-12-25 (16-20-01).txt
Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 374615
Time elapsed: 44 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\John\AppData\Local\eqy.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\John\AppData\Local\eqb.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\John\AppData\Local\eqy.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\John\AppData\Local\Temp\trfjqtwnkh (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\John\AppData\Local\Temp\ynp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\John\documents\rB2HY.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
shelf life
2011-12-26, 01:51
ok good. We will continue with combofix. There is a guide to read first, read through the guide then apply the directions on your own machine. Please run it after a normal boot up. If you have problems then run it in safe mode. Post the log:
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
drjohnamy
2011-12-26, 05:53
ok ran combofix, but cannot open Internet Explorer "illegal operation attempted on a registry key that has been marked for deletion"
ComboFix 11-12-25.01 - John 12/25/2011 20:46:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1214 [GMT -5:00]
Running from: c:\users\John\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Roaming\.#
c:\users\John\AppData\Roaming\.#\MBX@135C@3E1C40.###
c:\users\John\AppData\Roaming\.#\MBX@135C@3E1C50.###
c:\users\John\AppData\Roaming\.#\MBX@135C@3E1C60.###
c:\users\John\AppData\Roaming\.#\MBX@135C@3E1C70.###
c:\users\John\AppData\Roaming\.#\MBX@1368@22A1C00.###
c:\users\John\AppData\Roaming\.#\MBX@1368@22A1C10.###
c:\users\John\AppData\Roaming\.#\MBX@1368@22A1C20.###
c:\users\John\AppData\Roaming\.#\MBX@1368@22A1C30.###
c:\users\John\AppData\Roaming\.#\MBX@1378@2D1C40.###
c:\users\John\AppData\Roaming\.#\MBX@1378@2D1C50.###
c:\users\John\AppData\Roaming\.#\MBX@1378@2D1C60.###
c:\users\John\AppData\Roaming\.#\MBX@1378@2D1C70.###
c:\users\John\AppData\Roaming\.#\MBX@1734@2341C40.###
c:\users\John\AppData\Roaming\.#\MBX@1734@2341C50.###
c:\users\John\AppData\Roaming\.#\MBX@1734@2341C60.###
c:\users\John\AppData\Roaming\.#\MBX@1734@2341C70.###
c:\users\John\AppData\Roaming\.#\MBX@17D0@9C1C40.###
c:\users\John\AppData\Roaming\.#\MBX@17D0@9C1C50.###
c:\users\John\AppData\Roaming\.#\MBX@17D0@9C1C60.###
c:\users\John\AppData\Roaming\.#\MBX@17D0@9C1C70.###
c:\users\John\AppData\Roaming\.#\MBX@18BC@231C40.###
c:\users\John\AppData\Roaming\.#\MBX@18BC@231C50.###
c:\users\John\AppData\Roaming\.#\MBX@18BC@231C60.###
c:\users\John\AppData\Roaming\.#\MBX@18BC@231C70.###
c:\users\John\AppData\Roaming\.#\MBX@19F4@281C40.###
c:\users\John\AppData\Roaming\.#\MBX@19F4@281C50.###
c:\users\John\AppData\Roaming\.#\MBX@19F4@281C60.###
c:\users\John\AppData\Roaming\.#\MBX@19F4@281C70.###
c:\users\John\AppData\Roaming\.#\MBX@1A10@2181C40.###
c:\users\John\AppData\Roaming\.#\MBX@1A10@2181C50.###
c:\users\John\AppData\Roaming\.#\MBX@1A10@2181C60.###
c:\users\John\AppData\Roaming\.#\MBX@1A10@2181C70.###
c:\users\John\AppData\Roaming\.#\MBX@1B38@3E1C00.###
c:\users\John\AppData\Roaming\.#\MBX@1B38@3E1C10.###
c:\users\John\AppData\Roaming\.#\MBX@1B38@3E1C20.###
c:\users\John\AppData\Roaming\.#\MBX@1B38@3E1C30.###
c:\users\John\AppData\Roaming\.#\MBX@A9C@2301C40.###
c:\users\John\AppData\Roaming\.#\MBX@A9C@2301C50.###
c:\users\John\AppData\Roaming\.#\MBX@A9C@2301C60.###
c:\users\John\AppData\Roaming\.#\MBX@A9C@2301C70.###
c:\users\John\AppData\Roaming\.#\MBX@B44@23F1C40.###
c:\users\John\AppData\Roaming\.#\MBX@B44@23F1C50.###
c:\users\John\AppData\Roaming\.#\MBX@B44@23F1C60.###
c:\users\John\AppData\Roaming\.#\MBX@B44@23F1C70.###
c:\users\John\AppData\Roaming\.#\MBX@E04@2351C40.###
c:\users\John\AppData\Roaming\.#\MBX@E04@2351C50.###
c:\users\John\AppData\Roaming\.#\MBX@E04@2351C60.###
c:\users\John\AppData\Roaming\.#\MBX@E04@2351C70.###
c:\users\John\AppData\Roaming\.#\MBX@E04@251C40.###
c:\users\John\AppData\Roaming\.#\MBX@E04@251C50.###
c:\users\John\AppData\Roaming\.#\MBX@E04@251C60.###
c:\users\John\AppData\Roaming\.#\MBX@E04@251C70.###
c:\windows\security\Database\tmp.edb
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 03:12 . 2011-12-26 03:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F338FDAD-1D8E-4E5C-81C9-9543B65D64A6}\offreg.dll
2011-12-26 03:07 . 2011-12-26 03:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-26 03:07 . 2011-12-26 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-25 21:33 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F338FDAD-1D8E-4E5C-81C9-9543B65D64A6}\mpengine.dll
2011-12-25 20:32 . 2011-12-25 20:32 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2011-12-25 20:32 . 2011-12-25 20:32 -------- d-----w- c:\programdata\Malwarebytes
2011-12-25 20:32 . 2011-12-25 20:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-25 20:32 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 00:27 . 2011-12-21 00:27 -------- d-----w- c:\program files (x86)\ERUNT
2011-12-20 01:25 . 2011-12-20 01:25 -------- d-----we c:\windows\system64
2011-12-15 01:31 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 01:31 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 01:31 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 01:31 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 01:31 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 01:31 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-01 18:47 . 2011-12-01 18:47 -------- d-----w- c:\users\Guest\AppData\Roaming\hpqlog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 19:29 . 2011-03-15 19:35 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-11 01:40 . 2011-06-12 04:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:29 . 2011-11-09 23:34 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OCAEBNDVDUpdate"="c:\program files (x86)\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe" [2006-12-14 1081344]
"SanDiskSecureAccess_Manager.exe"="c:\users\John\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-08-07 27306624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\HPCeeScheduleForJohn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2011-12-26 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-14 21:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-12 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: Interfaces\{D6927469-24A5-41E6-B6BC-40C4FADE1F7C}: NameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2011-12-25 22:34:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 03:34
.
Pre-Run: 234,136,854,528 bytes free
Post-Run: 233,819,721,728 bytes free
.
- - End Of File - - 4B4BE3467717652ADF5DA8C7A58FD046
shelf life
2011-12-26, 17:32
cannot open Internet Explorer
Reboot your machine.
We will get another download to run:
Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result."
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report
drjohnamy
2011-12-26, 21:02
13:58:54.0717 5352 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:58:55.0201 5352 ============================================================
13:58:55.0201 5352 Current date / time: 2011/12/26 13:58:55.0201
13:58:55.0201 5352 SystemInfo:
13:58:55.0201 5352
13:58:55.0201 5352 OS Version: 6.1.7601 ServicePack: 1.0
13:58:55.0201 5352 Product type: Workstation
13:58:55.0201 5352 ComputerName: JOHN-HP
13:58:55.0201 5352 UserName: John
13:58:55.0201 5352 Windows directory: C:\Windows
13:58:55.0201 5352 System windows directory: C:\Windows
13:58:55.0201 5352 Running under WOW64
13:58:55.0201 5352 Processor architecture: Intel x64
13:58:55.0201 5352 Number of processors: 2
13:58:55.0201 5352 Page size: 0x1000
13:58:55.0201 5352 Boot type: Normal boot
13:58:55.0201 5352 ============================================================
13:58:56.0355 5352 Initialize success
13:59:01.0254 1684 ============================================================
13:59:01.0254 1684 Scan started
13:59:01.0254 1684 Mode: Manual;
13:59:01.0254 1684 ============================================================
13:59:02.0252 1684 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:59:02.0268 1684 1394ohci - ok
13:59:02.0408 1684 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:59:02.0424 1684 ACPI - ok
13:59:02.0486 1684 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:59:02.0486 1684 AcpiPmi - ok
13:59:02.0642 1684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:59:02.0658 1684 adp94xx - ok
13:59:02.0783 1684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:59:02.0783 1684 adpahci - ok
13:59:02.0829 1684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:59:02.0829 1684 adpu320 - ok
13:59:03.0032 1684 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:59:03.0048 1684 AFD - ok
13:59:03.0095 1684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:59:03.0110 1684 agp440 - ok
13:59:03.0141 1684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:59:03.0141 1684 aliide - ok
13:59:03.0266 1684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:59:03.0266 1684 amdide - ok
13:59:03.0313 1684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:59:03.0313 1684 AmdK8 - ok
13:59:03.0609 1684 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
13:59:03.0750 1684 amdkmdag - ok
13:59:04.0140 1684 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
13:59:04.0140 1684 amdkmdap - ok
13:59:04.0280 1684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:59:04.0280 1684 AmdPPM - ok
13:59:04.0327 1684 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
13:59:04.0327 1684 amdsata - ok
13:59:04.0452 1684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:59:04.0467 1684 amdsbs - ok
13:59:04.0483 1684 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
13:59:04.0483 1684 amdxata - ok
13:59:04.0577 1684 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:59:04.0577 1684 AppID - ok
13:59:04.0686 1684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:59:04.0701 1684 arc - ok
13:59:04.0748 1684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:59:04.0748 1684 arcsas - ok
13:59:04.0857 1684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:59:04.0857 1684 AsyncMac - ok
13:59:05.0029 1684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:59:05.0029 1684 atapi - ok
13:59:05.0216 1684 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
13:59:05.0294 1684 athr - ok
13:59:05.0450 1684 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
13:59:05.0450 1684 AtiHdmiService - ok
13:59:05.0466 1684 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:59:05.0481 1684 AtiPcie - ok
13:59:05.0544 1684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:59:05.0559 1684 b06bdrv - ok
13:59:05.0606 1684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:59:05.0606 1684 b57nd60a - ok
13:59:05.0700 1684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:59:05.0700 1684 Beep - ok
13:59:05.0825 1684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:59:05.0825 1684 blbdrive - ok
13:59:05.0981 1684 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:59:05.0981 1684 bowser - ok
13:59:06.0043 1684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:59:06.0043 1684 BrFiltLo - ok
13:59:06.0074 1684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:59:06.0074 1684 BrFiltUp - ok
13:59:06.0105 1684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:59:06.0121 1684 Brserid - ok
13:59:06.0137 1684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:59:06.0137 1684 BrSerWdm - ok
13:59:06.0152 1684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:59:06.0168 1684 BrUsbMdm - ok
13:59:06.0183 1684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:59:06.0183 1684 BrUsbSer - ok
13:59:06.0199 1684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:59:06.0199 1684 BTHMODEM - ok
13:59:06.0230 1684 catchme - ok
13:59:06.0371 1684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:59:06.0371 1684 cdfs - ok
13:59:06.0433 1684 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:59:06.0433 1684 cdrom - ok
13:59:06.0527 1684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:59:06.0542 1684 circlass - ok
13:59:06.0667 1684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:59:06.0667 1684 CLFS - ok
13:59:06.0854 1684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:59:06.0854 1684 CmBatt - ok
13:59:06.0963 1684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:59:06.0979 1684 cmdide - ok
13:59:07.0041 1684 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:59:07.0041 1684 CNG - ok
13:59:07.0088 1684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:59:07.0104 1684 Compbatt - ok
13:59:07.0135 1684 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:59:07.0151 1684 CompositeBus - ok
13:59:07.0244 1684 CpqDfw - ok
13:59:07.0291 1684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:59:07.0291 1684 crcdisk - ok
13:59:07.0369 1684 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
13:59:07.0369 1684 dc3d - ok
13:59:07.0541 1684 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:59:07.0541 1684 DfsC - ok
13:59:07.0619 1684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:59:07.0619 1684 discache - ok
13:59:07.0665 1684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:59:07.0665 1684 Disk - ok
13:59:07.0806 1684 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:59:07.0821 1684 Dot4 - ok
13:59:07.0946 1684 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:59:07.0946 1684 Dot4Print - ok
13:59:08.0024 1684 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:59:08.0024 1684 dot4usb - ok
13:59:08.0102 1684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:59:08.0102 1684 drmkaud - ok
13:59:08.0196 1684 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:59:08.0227 1684 DXGKrnl - ok
13:59:08.0399 1684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:59:08.0492 1684 ebdrv - ok
13:59:08.0648 1684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:59:08.0664 1684 elxstor - ok
13:59:08.0726 1684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:59:08.0726 1684 ErrDev - ok
13:59:08.0804 1684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:59:08.0804 1684 exfat - ok
13:59:08.0851 1684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:59:08.0851 1684 fastfat - ok
13:59:08.0882 1684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:59:08.0882 1684 fdc - ok
13:59:09.0038 1684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:59:09.0054 1684 FileInfo - ok
13:59:09.0101 1684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:59:09.0132 1684 Filetrace - ok
13:59:09.0241 1684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:59:09.0241 1684 flpydisk - ok
13:59:09.0303 1684 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:59:09.0319 1684 FltMgr - ok
13:59:09.0428 1684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:59:09.0428 1684 FsDepends - ok
13:59:09.0537 1684 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:59:09.0553 1684 fssfltr - ok
13:59:09.0678 1684 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:59:09.0693 1684 Fs_Rec - ok
13:59:09.0803 1684 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:59:09.0803 1684 fvevol - ok
13:59:09.0865 1684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:59:09.0865 1684 gagp30kx - ok
13:59:10.0005 1684 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:59:10.0005 1684 GEARAspiWDM - ok
13:59:10.0068 1684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:59:10.0068 1684 hcw85cir - ok
13:59:10.0130 1684 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:59:10.0146 1684 HdAudAddService - ok
13:59:10.0208 1684 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:59:10.0208 1684 HDAudBus - ok
13:59:10.0239 1684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:59:10.0239 1684 HidBatt - ok
13:59:10.0302 1684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:59:10.0302 1684 HidBth - ok
13:59:10.0349 1684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:59:10.0349 1684 HidIr - ok
13:59:10.0427 1684 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:59:10.0427 1684 HidUsb - ok
13:59:10.0645 1684 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:59:10.0645 1684 HpSAMD - ok
13:59:10.0754 1684 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:59:10.0785 1684 HTTP - ok
13:59:10.0832 1684 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:59:10.0832 1684 hwpolicy - ok
13:59:10.0879 1684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:59:10.0895 1684 i8042prt - ok
13:59:10.0957 1684 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:59:10.0973 1684 iaStorV - ok
13:59:11.0144 1684 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:59:11.0300 1684 igfx - ok
13:59:11.0409 1684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:59:11.0425 1684 iirsp - ok
13:59:11.0565 1684 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
13:59:11.0628 1684 IntcAzAudAddService - ok
13:59:11.0675 1684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:59:11.0675 1684 intelide - ok
13:59:11.0721 1684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:59:11.0721 1684 intelppm - ok
13:59:11.0784 1684 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:59:11.0784 1684 IpFilterDriver - ok
13:59:11.0831 1684 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:59:11.0846 1684 IPMIDRV - ok
13:59:11.0877 1684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:59:11.0893 1684 IPNAT - ok
13:59:11.0909 1684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:59:11.0909 1684 IRENUM - ok
13:59:11.0955 1684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:59:11.0955 1684 isapnp - ok
13:59:12.0002 1684 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:59:12.0018 1684 iScsiPrt - ok
13:59:12.0065 1684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:59:12.0065 1684 kbdclass - ok
13:59:12.0096 1684 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:59:12.0096 1684 kbdhid - ok
13:59:12.0189 1684 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:59:12.0189 1684 KSecDD - ok
13:59:12.0267 1684 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:59:12.0267 1684 KSecPkg - ok
13:59:12.0361 1684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:59:12.0361 1684 ksthunk - ok
13:59:12.0501 1684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:59:12.0501 1684 lltdio - ok
13:59:12.0642 1684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:59:12.0657 1684 LSI_FC - ok
13:59:12.0767 1684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:59:12.0767 1684 LSI_SAS - ok
13:59:12.0845 1684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:59:12.0845 1684 LSI_SAS2 - ok
13:59:12.0938 1684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:59:12.0954 1684 LSI_SCSI - ok
13:59:13.0063 1684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:59:13.0063 1684 luafv - ok
13:59:13.0188 1684 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
13:59:13.0203 1684 MBAMProtector - ok
13:59:13.0266 1684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:59:13.0266 1684 megasas - ok
13:59:13.0344 1684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:59:13.0359 1684 MegaSR - ok
13:59:13.0453 1684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:59:13.0453 1684 Modem - ok
13:59:13.0531 1684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:59:13.0531 1684 monitor - ok
13:59:13.0625 1684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:59:13.0625 1684 mouclass - ok
13:59:13.0687 1684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:59:13.0687 1684 mouhid - ok
13:59:13.0765 1684 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:59:13.0781 1684 mountmgr - ok
13:59:13.0890 1684 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:59:13.0890 1684 mpio - ok
13:59:13.0968 1684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:59:13.0968 1684 mpsdrv - ok
13:59:14.0061 1684 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:59:14.0061 1684 MRxDAV - ok
13:59:14.0202 1684 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:59:14.0202 1684 mrxsmb - ok
13:59:14.0280 1684 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:59:14.0295 1684 mrxsmb10 - ok
13:59:14.0358 1684 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:59:14.0358 1684 mrxsmb20 - ok
13:59:14.0467 1684 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:59:14.0467 1684 msahci - ok
13:59:14.0545 1684 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:59:14.0545 1684 msdsm - ok
13:59:14.0639 1684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:59:14.0639 1684 Msfs - ok
13:59:14.0654 1684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:59:14.0654 1684 mshidkmdf - ok
13:59:14.0701 1684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:59:14.0701 1684 msisadrv - ok
13:59:14.0748 1684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:59:14.0748 1684 MSKSSRV - ok
13:59:14.0763 1684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:59:14.0763 1684 MSPCLOCK - ok
13:59:14.0795 1684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:59:14.0795 1684 MSPQM - ok
13:59:14.0826 1684 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:59:14.0841 1684 MsRPC - ok
13:59:14.0873 1684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:59:14.0873 1684 mssmbios - ok
13:59:14.0904 1684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:59:14.0904 1684 MSTEE - ok
13:59:14.0919 1684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:59:14.0919 1684 MTConfig - ok
13:59:15.0060 1684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:59:15.0060 1684 Mup - ok
13:59:15.0216 1684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:59:15.0231 1684 NativeWifiP - ok
13:59:15.0387 1684 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:59:15.0419 1684 NDIS - ok
13:59:15.0543 1684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:59:15.0559 1684 NdisCap - ok
13:59:15.0621 1684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:59:15.0621 1684 NdisTapi - ok
13:59:15.0777 1684 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:59:15.0777 1684 Ndisuio - ok
13:59:15.0949 1684 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:59:15.0965 1684 NdisWan - ok
13:59:16.0105 1684 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:59:16.0121 1684 NDProxy - ok
13:59:16.0277 1684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:59:16.0277 1684 NetBIOS - ok
13:59:16.0464 1684 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:59:16.0464 1684 NetBT - ok
13:59:16.0776 1684 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:59:16.0901 1684 netw5v64 - ok
13:59:17.0057 1684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:59:17.0057 1684 nfrd960 - ok
13:59:17.0228 1684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:59:17.0244 1684 Npfs - ok
13:59:17.0400 1684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:59:17.0400 1684 nsiproxy - ok
13:59:17.0603 1684 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:59:17.0665 1684 Ntfs - ok
13:59:17.0790 1684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:59:17.0790 1684 Null - ok
13:59:17.0930 1684 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:59:17.0930 1684 nvraid - ok
13:59:18.0055 1684 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:59:18.0055 1684 nvstor - ok
13:59:18.0164 1684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:59:18.0164 1684 nv_agp - ok
13:59:18.0320 1684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:59:18.0320 1684 ohci1394 - ok
13:59:18.0492 1684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:59:18.0507 1684 Parport - ok
13:59:18.0648 1684 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:59:18.0663 1684 partmgr - ok
13:59:18.0804 1684 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:59:18.0804 1684 pci - ok
13:59:18.0960 1684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:59:18.0960 1684 pciide - ok
13:59:19.0116 1684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:59:19.0116 1684 pcmcia - ok
13:59:19.0287 1684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:59:19.0303 1684 pcw - ok
13:59:19.0490 1684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:59:19.0506 1684 PEAUTH - ok
13:59:19.0740 1684 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
13:59:19.0740 1684 Point64 - ok
13:59:19.0943 1684 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:59:19.0943 1684 PptpMiniport - ok
13:59:20.0083 1684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:59:20.0083 1684 Processor - ok
13:59:20.0286 1684 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:59:20.0301 1684 Psched - ok
13:59:20.0442 1684 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
13:59:20.0442 1684 PSI - ok
13:59:20.0613 1684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:59:20.0691 1684 ql2300 - ok
13:59:20.0816 1684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:59:20.0816 1684 ql40xx - ok
13:59:20.0957 1684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:59:20.0957 1684 QWAVEdrv - ok
13:59:21.0081 1684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:59:21.0097 1684 RasAcd - ok
13:59:21.0222 1684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:59:21.0222 1684 RasAgileVpn - ok
13:59:21.0378 1684 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:59:21.0378 1684 Rasl2tp - ok
13:59:21.0518 1684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:59:21.0534 1684 RasPppoe - ok
13:59:21.0659 1684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:59:21.0659 1684 RasSstp - ok
13:59:21.0815 1684 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:59:21.0830 1684 rdbss - ok
13:59:21.0924 1684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:59:21.0924 1684 rdpbus - ok
13:59:22.0017 1684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:59:22.0017 1684 RDPCDD - ok
13:59:22.0158 1684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:59:22.0158 1684 RDPENCDD - ok
13:59:22.0283 1684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:59:22.0283 1684 RDPREFMP - ok
13:59:22.0439 1684 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:59:22.0439 1684 RDPWD - ok
13:59:22.0595 1684 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:59:22.0595 1684 rdyboost - ok
13:59:22.0813 1684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:59:22.0813 1684 rspndr - ok
13:59:22.0938 1684 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
13:59:22.0953 1684 RSUSBSTOR - ok
13:59:23.0109 1684 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:59:23.0125 1684 RTL8167 - ok
13:59:23.0281 1684 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:59:23.0281 1684 sbp2port - ok
13:59:23.0453 1684 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:59:23.0453 1684 scfilter - ok
13:59:23.0640 1684 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:59:23.0640 1684 sdbus - ok
13:59:23.0811 1684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:59:23.0827 1684 secdrv - ok
13:59:24.0030 1684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:59:24.0045 1684 Serenum - ok
13:59:24.0186 1684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:59:24.0186 1684 Serial - ok
13:59:24.0357 1684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:59:24.0357 1684 sermouse - ok
13:59:24.0529 1684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:59:24.0529 1684 sffdisk - ok
13:59:24.0685 1684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:59:24.0701 1684 sffp_mmc - ok
13:59:24.0841 1684 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:59:24.0857 1684 sffp_sd - ok
13:59:24.0981 1684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:59:24.0981 1684 sfloppy - ok
13:59:25.0169 1684 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:59:25.0200 1684 Sftfs - ok
13:59:25.0496 1684 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:59:25.0543 1684 Sftplay - ok
13:59:25.0824 1684 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:59:25.0824 1684 Sftredir - ok
13:59:25.0964 1684 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:59:25.0964 1684 Sftvol - ok
13:59:26.0136 1684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:59:26.0136 1684 SiSRaid2 - ok
13:59:26.0276 1684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:59:26.0292 1684 SiSRaid4 - ok
13:59:26.0448 1684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:59:26.0448 1684 Smb - ok
13:59:26.0619 1684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:59:26.0619 1684 spldr - ok
13:59:26.0822 1684 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:59:26.0822 1684 srv - ok
13:59:27.0009 1684 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:59:27.0025 1684 srv2 - ok
13:59:27.0165 1684 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:59:27.0165 1684 SrvHsfHDA - ok
13:59:27.0353 1684 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:59:27.0399 1684 SrvHsfV92 - ok
13:59:27.0555 1684 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:59:27.0587 1684 SrvHsfWinac - ok
13:59:27.0743 1684 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:59:27.0743 1684 srvnet - ok
13:59:27.0821 1684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:59:27.0836 1684 stexstor - ok
13:59:27.0899 1684 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:59:27.0899 1684 StillCam - ok
13:59:27.0977 1684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:59:27.0977 1684 swenum - ok
13:59:28.0023 1684 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
13:59:28.0039 1684 SynTP - ok
13:59:28.0242 1684 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:59:28.0304 1684 Tcpip - ok
13:59:28.0491 1684 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:59:28.0507 1684 TCPIP6 - ok
13:59:28.0679 1684 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:59:28.0679 1684 tcpipreg - ok
13:59:28.0757 1684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:59:28.0757 1684 TDPIPE - ok
13:59:28.0819 1684 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:59:28.0819 1684 TDTCP - ok
13:59:28.0897 1684 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:59:28.0913 1684 tdx - ok
13:59:29.0022 1684 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:59:29.0037 1684 TermDD - ok
13:59:29.0256 1684 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:59:29.0256 1684 tssecsrv - ok
13:59:29.0365 1684 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:59:29.0365 1684 TsUsbFlt - ok
13:59:29.0521 1684 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:59:29.0537 1684 tunnel - ok
13:59:29.0630 1684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:59:29.0630 1684 uagp35 - ok
13:59:29.0786 1684 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:59:29.0786 1684 udfs - ok
13:59:29.0958 1684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:59:29.0958 1684 uliagpkx - ok
13:59:30.0083 1684 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:59:30.0083 1684 umbus - ok
13:59:30.0223 1684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:59:30.0223 1684 UmPass - ok
13:59:30.0379 1684 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:59:30.0379 1684 usbaudio - ok
13:59:30.0488 1684 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:59:30.0504 1684 usbccgp - ok
13:59:30.0644 1684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:59:30.0644 1684 usbcir - ok
13:59:30.0722 1684 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:59:30.0738 1684 usbehci - ok
13:59:31.0034 1684 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
13:59:31.0050 1684 usbfilter - ok
13:59:31.0284 1684 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:59:31.0299 1684 usbhub - ok
13:59:31.0424 1684 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:59:31.0424 1684 usbohci - ok
13:59:31.0596 1684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:59:31.0596 1684 usbprint - ok
13:59:31.0783 1684 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:59:31.0799 1684 usbscan - ok
13:59:31.0970 1684 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:59:31.0970 1684 USBSTOR - ok
13:59:32.0126 1684 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:59:32.0126 1684 usbuhci - ok
13:59:32.0282 1684 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:59:32.0282 1684 usbvideo - ok
13:59:32.0454 1684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:59:32.0454 1684 vdrvroot - ok
13:59:32.0610 1684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:59:32.0610 1684 vga - ok
13:59:32.0750 1684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:59:32.0750 1684 VgaSave - ok
13:59:32.0891 1684 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:59:32.0891 1684 vhdmp - ok
13:59:33.0031 1684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:59:33.0031 1684 viaide - ok
13:59:33.0156 1684 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:59:33.0156 1684 volmgr - ok
13:59:33.0312 1684 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:59:33.0312 1684 volmgrx - ok
13:59:33.0483 1684 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:59:33.0483 1684 volsnap - ok
13:59:33.0593 1684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:59:33.0593 1684 vsmraid - ok
13:59:33.0733 1684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:59:33.0733 1684 vwifibus - ok
13:59:33.0842 1684 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:59:33.0842 1684 vwififlt - ok
13:59:33.0951 1684 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:59:33.0967 1684 vwifimp - ok
13:59:34.0014 1684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:59:34.0014 1684 WacomPen - ok
13:59:34.0076 1684 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:59:34.0076 1684 WANARP - ok
13:59:34.0092 1684 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:59:34.0092 1684 Wanarpv6 - ok
13:59:34.0248 1684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:59:34.0248 1684 Wd - ok
13:59:34.0419 1684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:59:34.0435 1684 Wdf01000 - ok
13:59:34.0653 1684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:59:34.0653 1684 WfpLwf - ok
13:59:34.0794 1684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:59:34.0809 1684 WIMMount - ok
13:59:35.0012 1684 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:59:35.0028 1684 WinUsb - ok
13:59:35.0215 1684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:59:35.0215 1684 WmiAcpi - ok
13:59:35.0387 1684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:59:35.0387 1684 ws2ifsl - ok
13:59:35.0574 1684 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:59:35.0574 1684 WSDPrintDevice - ok
13:59:35.0761 1684 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:59:35.0777 1684 WudfPf - ok
13:59:35.0948 1684 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:59:35.0948 1684 WUDFRd - ok
13:59:36.0135 1684 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
13:59:36.0151 1684 yukonw7 - ok
13:59:36.0182 1684 MBR (0x1B8) (5b0fe4f8b89e44902b10336475518e06) \Device\Harddisk0\DR0
13:59:36.0229 1684 \Device\Harddisk0\DR0 - ok
13:59:36.0260 1684 Boot (0x1200) (8b2f1556608501c37f58ff27e6a0b09d) \Device\Harddisk0\DR0\Partition0
13:59:36.0276 1684 \Device\Harddisk0\DR0\Partition0 - ok
13:59:36.0338 1684 Boot (0x1200) (caf481e5cab69e0c1206485f1023e10c) \Device\Harddisk0\DR0\Partition1
13:59:36.0354 1684 \Device\Harddisk0\DR0\Partition1 - ok
13:59:36.0401 1684 Boot (0x1200) (8f6c49ebc4ac22ddcb9f9472340388ba) \Device\Harddisk0\DR0\Partition2
13:59:36.0401 1684 \Device\Harddisk0\DR0\Partition2 - ok
13:59:36.0416 1684 Boot (0x1200) (06a6b1daff3b88379ce551a5f8b4146b) \Device\Harddisk0\DR0\Partition3
13:59:36.0416 1684 \Device\Harddisk0\DR0\Partition3 - ok
13:59:36.0416 1684 ============================================================
13:59:36.0416 1684 Scan finished
13:59:36.0416 1684 ============================================================
13:59:36.0447 6100 Detected object count: 0
13:59:36.0447 6100 Actual detected object count: 0
shelf life
2011-12-27, 00:42
ok. Nothing wrong with that. Hows the redirection issue looking now?
drjohnamy
2011-12-27, 01:24
Everything seems to be back to normal
shelf life
2011-12-27, 19:05
hi,
ok good. Couple of things: Note that the free version of malwarebytes must be updated manually and a scan started manually.
You can remove combofix like this:
Start>run> and type in combofix /uninstall
click ok or enter
Note the space after the x and before the /
You can also delete the tdsskiller icon and log.
Last, for your reference;
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes, media players, browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) The why and how to secure (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.
10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it.
Do you really trust the source?
More info/tips with pictures in links below.
Happy Safe Surfing.
drjohnamy
2011-12-29, 02:54
Thanks for your help.