12 replies to this topic

[morgank]

Merged 3 post



I have been infected by a trojan agent. I have attached the dds files as instructed. I have also ran malwarebytes multiple times and I am unable to remove the svchost.exe virus. Any help with this would be extremely appreciated. Thanks for taking your time to help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by User at 9:53:49 on 2012-02-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2428 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
-netsvcs
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [lxcymon.exe] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{4BB4C70D-E912-4030-ACC5-AA775104CED9} : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{4BB4C70D-E912-4030-ACC5-AA775104CED9}\2375942554932353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4BB4C70D-E912-4030-ACC5-AA775104CED9}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [lxcymon.exe] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjtshiog.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1292250947&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fco102w.col102.mail.live.com%2Fdefault.aspx%3Fwa%3Dwsignin1.0&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5b4bc333-57df-484c-97b3-ecab48d8a6da%7D&mid=dd8726c9a68d47d180347ac563f42f26-cbfc6c6e6092c973363299566f25a1370777a478&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-13%2013%3A38%3A23&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-16 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-23 909152]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-16 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-26 167264]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-16 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-27 08:37:55 20480 ------w- C:\Windows\svchost.exe
2012-02-26 01:53:25 -------- d-----w- C:\Program Files (x86)\pancakes.exe
2012-02-24 03:56:06 -------- d--h--w- C:\$AVG
2012-02-20 04:48:19 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-02-20 04:46:38 -------- d-----w- C:\Users\User\AppData\Roaming\AVG2012
2012-02-20 04:46:25 -------- d-----w- C:\ProgramData\AVG2012
2012-02-16 04:31:22 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 04:31:22 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 04:31:18 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 04:31:16 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 04:31:14 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 04:31:13 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 04:31:04 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 04:31:04 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 14:21:13 -------- d-----w- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-02-14 14:20:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-14 14:20:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-14 01:18:01 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-02-14 01:15:54 -------- d-----w- C:\Program Files\ATI Technologies
2012-02-14 01:00:40 -------- d-----w- C:\ProgramData\AMD
2012-02-12 01:29:44 -------- d-----w- C:\AMD
2012-02-11 02:03:26 -------- d-----w- C:\Users\User\AppData\Roaming\7C4E8
2012-02-11 02:02:37 -------- d-----w- C:\Users\User\AppData\Roaming\E86D4
2012-02-10 03:05:13 -------- d-----w- C:\Program Files (x86)\E86D4
2012-02-10 03:05:12 -------- d-----w- C:\Program Files (x86)\LP
2012-02-02 13:58:11 -------- d--h--w- C:\Users\User\AppData\Roaming\AVG
2012-02-01 06:00:56 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-01 06:00:56 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-01 06:00:56 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-01 06:00:56 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
.
==================== Find3M ====================
.
2012-02-20 03:46:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-12 00:19:16 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-06 16:38:05 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll




.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/12/2010 6:05:42 PM
System Uptime: 2/27/2012 7:25:58 AM (2 hours ago)
.
Motherboard: Dell Inc. | | Inspiron M5010
Processor: AMD Phenom™ II N850 Triple-Core Processor | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 292.49 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP121: 2/16/2012 12:06:12 PM - Windows Update
RP122: 2/19/2012 9:45:16 PM - Installed Java™ 6 Update 31
RP123: 2/19/2012 10:44:38 PM - Installed AVG 2012
RP124: 2/19/2012 10:45:23 PM - Installed AVG 2012
RP125: 2/19/2012 10:52:33 PM - Installed HiJackThis
RP126: 2/27/2012 3:28:44 AM - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced Audio FX Engine
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Best Buy pc app
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DivX Setup
Driver Whiz
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LeapFrog Connect
LeapFrog MyOwnLeaptop Plugin
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
Origin
Picasa 3
QuickTime
RIFT
Roxio Burn
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Toolbars
Skype™ 5.0
Star Wars: The Old Republic
System Requirements Lab CYRI
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 World Adventures
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
2/26/2012 5:43:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c59ce3, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022612-67673-01.
2/25/2012 7:49:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:49:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/25/2012 7:49:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/25/2012 7:48:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/25/2012 7:48:34 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
2/25/2012 7:48:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/25/2012 7:48:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache SASDIFSV SASKUTIL spldr Wanarpv6
2/25/2012 7:48:17 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:48:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000003753, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c95525). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022512-23259-01.
2/25/2012 7:42:23 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:41:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/25/2012 7:39:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/25/2012 7:39:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/25/2012 7:38:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
2/25/2012 7:38:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/25/2012 7:38:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:38:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:38:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:38:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:38:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/25/2012 7:38:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/25/2012 7:38:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/25/2012 7:38:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/25/2012 7:38:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/25/2012 7:38:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c53525). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022512-23431-01.
2/25/2012 7:34:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca1ce3, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022512-39109-01.
2/25/2012 3:31:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
2/25/2012 3:31:07 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2012 10:23:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/25/2012 10:23:31 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2012 10:23:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/25/2012 10:20:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2012 9:30:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================

I am not sure if it is against forum rules to bump your topic or not, so please forgive me if it is. I am just not sure if anyone has seen my post yet.

Just wondering if there is anyone that can help me.

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

Sorry about the delay in responding

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.


Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[morgank]

Thank you so much for your reply. I figured I was causing problems with my bumping. Here is my report.

22:16:19.0846 5584 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
22:16:20.0273 5584 ============================================================
22:16:20.0273 5584 Current date / time: 2012/02/29 22:16:20.0273
22:16:20.0273 5584 SystemInfo:
22:16:20.0273 5584
22:16:20.0274 5584 OS Version: 6.1.7600 ServicePack: 0.0
22:16:20.0274 5584 Product type: Workstation
22:16:20.0274 5584 ComputerName: USER-PC
22:16:20.0274 5584 UserName: User
22:16:20.0274 5584 Windows directory: C:\Windows
22:16:20.0274 5584 System windows directory: C:\Windows
22:16:20.0275 5584 Running under WOW64
22:16:20.0275 5584 Processor architecture: Intel x64
22:16:20.0275 5584 Number of processors: 3
22:16:20.0275 5584 Page size: 0x1000
22:16:20.0275 5584 Boot type: Normal boot
22:16:20.0275 5584 ============================================================
22:16:21.0551 5584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:16:21.0555 5584 \Device\Harddisk0\DR0:
22:16:21.0555 5584 MBR used
22:16:21.0555 5584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
22:16:21.0555 5584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
22:16:21.0610 5584 Initialize success
22:16:21.0610 5584 ============================================================
22:16:32.0364 6824 ============================================================
22:16:32.0364 6824 Scan started
22:16:32.0364 6824 Mode: Manual; SigCheck; TDLFS;
22:16:32.0364 6824 ============================================================
22:16:34.0961 6824 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
22:16:35.0167 6824 1394ohci - ok
22:16:35.0258 6824 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
22:16:35.0294 6824 ACPI - ok
22:16:35.0357 6824 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:16:35.0487 6824 AcpiPmi - ok
22:16:35.0626 6824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:16:35.0646 6824 adp94xx - ok
22:16:35.0680 6824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:16:35.0698 6824 adpahci - ok
22:16:35.0727 6824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:16:35.0741 6824 adpu320 - ok
22:16:35.0851 6824 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:16:35.0967 6824 AFD - ok
22:16:36.0056 6824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:16:36.0067 6824 agp440 - ok
22:16:36.0178 6824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:16:36.0188 6824 aliide - ok
22:16:36.0311 6824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:16:36.0322 6824 amdide - ok
22:16:36.0362 6824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:16:36.0491 6824 AmdK8 - ok
22:16:36.0713 6824 amdkmdag (18ad9ad00ffad95dc820762fb7f4b80f) C:\Windows\system32\DRIVERS\atikmdag.sys
22:16:37.0021 6824 amdkmdag - ok
22:16:37.0121 6824 amdkmdap (dbf0db9a8b60a2c029eb70824afccbda) C:\Windows\system32\DRIVERS\atikmpag.sys
22:16:37.0186 6824 amdkmdap - ok
22:16:37.0290 6824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:16:37.0335 6824 AmdPPM - ok
22:16:37.0507 6824 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:16:37.0521 6824 amdsata - ok
22:16:37.0633 6824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:16:37.0663 6824 amdsbs - ok
22:16:37.0687 6824 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:16:37.0699 6824 amdxata - ok
22:16:37.0802 6824 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:16:37.0934 6824 AppID - ok
22:16:38.0097 6824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:16:38.0109 6824 arc - ok
22:16:38.0166 6824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:16:38.0181 6824 arcsas - ok
22:16:38.0217 6824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:38.0433 6824 AsyncMac - ok
22:16:38.0539 6824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:16:38.0563 6824 atapi - ok
22:16:38.0715 6824 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
22:16:38.0761 6824 AtiHdmiService - ok
22:16:38.0906 6824 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:16:38.0923 6824 AtiPcie - ok
22:16:39.0072 6824 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:16:39.0098 6824 AVGIDSDriver - ok
22:16:39.0180 6824 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:16:39.0195 6824 AVGIDSEH - ok
22:16:39.0260 6824 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:16:39.0281 6824 AVGIDSFilter - ok
22:16:39.0435 6824 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:16:39.0463 6824 Avgldx64 - ok
22:16:39.0585 6824 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:16:39.0593 6824 Avgmfx64 - ok
22:16:39.0635 6824 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:16:39.0643 6824 Avgrkx64 - ok
22:16:39.0742 6824 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:16:39.0757 6824 Avgtdia - ok
22:16:40.0068 6824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:16:40.0159 6824 b06bdrv - ok
22:16:40.0290 6824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:16:40.0329 6824 b57nd60a - ok
22:16:40.0511 6824 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
22:16:40.0532 6824 BCM42RLY - ok
22:16:40.0684 6824 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:16:40.0804 6824 BCM43XX - ok
22:16:40.0949 6824 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
22:16:40.0958 6824 BcmVWL - ok
22:16:41.0049 6824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:16:41.0133 6824 Beep - ok
22:16:41.0273 6824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:16:41.0308 6824 blbdrive - ok
22:16:41.0488 6824 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:16:41.0546 6824 bowser - ok
22:16:41.0649 6824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:16:41.0713 6824 BrFiltLo - ok
22:16:41.0827 6824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:16:41.0863 6824 BrFiltUp - ok
22:16:41.0933 6824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:16:42.0033 6824 Brserid - ok
22:16:42.0155 6824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:16:42.0199 6824 BrSerWdm - ok
22:16:42.0266 6824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:16:42.0310 6824 BrUsbMdm - ok
22:16:42.0376 6824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:16:42.0428 6824 BrUsbSer - ok
22:16:42.0568 6824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:16:42.0600 6824 BTHMODEM - ok
22:16:42.0789 6824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:42.0881 6824 cdfs - ok
22:16:42.0984 6824 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:16:43.0036 6824 cdrom - ok
22:16:43.0121 6824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:16:43.0181 6824 circlass - ok
22:16:43.0253 6824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:16:43.0271 6824 CLFS - ok
22:16:43.0426 6824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:16:43.0464 6824 CmBatt - ok
22:16:43.0578 6824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:16:43.0588 6824 cmdide - ok
22:16:43.0670 6824 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
22:16:43.0756 6824 CNG - ok
22:16:43.0863 6824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:16:43.0873 6824 Compbatt - ok
22:16:43.0946 6824 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:16:44.0007 6824 CompositeBus - ok
22:16:44.0152 6824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:16:44.0163 6824 crcdisk - ok
22:16:44.0286 6824 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:16:44.0362 6824 CtClsFlt - ok
22:16:44.0492 6824 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
22:16:44.0565 6824 dc3d - ok
22:16:44.0755 6824 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:16:44.0818 6824 DfsC - ok
22:16:44.0911 6824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:16:45.0002 6824 discache - ok
22:16:45.0135 6824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:16:45.0147 6824 Disk - ok
22:16:45.0320 6824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:16:45.0361 6824 drmkaud - ok
22:16:45.0506 6824 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:45.0542 6824 DXGKrnl - ok
22:16:45.0706 6824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:16:45.0818 6824 ebdrv - ok
22:16:45.0947 6824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:16:45.0968 6824 elxstor - ok
22:16:46.0016 6824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:16:46.0080 6824 ErrDev - ok
22:16:46.0199 6824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:16:46.0287 6824 exfat - ok
22:16:46.0414 6824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:16:46.0484 6824 fastfat - ok
22:16:46.0668 6824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:16:46.0712 6824 fdc - ok
22:16:46.0832 6824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:16:46.0860 6824 FileInfo - ok
22:16:46.0953 6824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:16:47.0020 6824 Filetrace - ok
22:16:47.0163 6824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:16:47.0200 6824 flpydisk - ok
22:16:47.0326 6824 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:16:47.0355 6824 FltMgr - ok
22:16:47.0479 6824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:16:47.0503 6824 FsDepends - ok
22:16:47.0550 6824 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:47.0560 6824 Fs_Rec - ok
22:16:47.0697 6824 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:16:47.0720 6824 fvevol - ok
22:16:47.0757 6824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:16:47.0769 6824 gagp30kx - ok
22:16:47.0830 6824 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:16:47.0839 6824 GEARAspiWDM - ok
22:16:48.0028 6824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:16:48.0109 6824 hcw85cir - ok
22:16:48.0229 6824 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:16:48.0270 6824 HdAudAddService - ok
22:16:48.0436 6824 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:16:48.0477 6824 HDAudBus - ok
22:16:48.0582 6824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:16:48.0733 6824 HidBatt - ok
22:16:48.0853 6824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:16:48.0887 6824 HidBth - ok
22:16:48.0991 6824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:16:49.0038 6824 HidIr - ok
22:16:49.0212 6824 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:49.0246 6824 HidUsb - ok
22:16:49.0351 6824 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:16:49.0369 6824 HpSAMD - ok
22:16:49.0483 6824 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:16:49.0532 6824 HTTP - ok
22:16:49.0625 6824 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:16:49.0636 6824 hwpolicy - ok
22:16:49.0730 6824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:16:49.0746 6824 i8042prt - ok
22:16:49.0995 6824 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:16:50.0013 6824 iaStorV - ok
22:16:50.0278 6824 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:16:50.0468 6824 igfx - ok
22:16:50.0611 6824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:16:50.0622 6824 iirsp - ok
22:16:50.0691 6824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:16:50.0703 6824 intelide - ok
22:16:50.0776 6824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:16:50.0835 6824 intelppm - ok
22:16:50.0901 6824 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:50.0965 6824 IpFilterDriver - ok
22:16:51.0089 6824 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:16:51.0132 6824 IPMIDRV - ok
22:16:51.0256 6824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:16:51.0310 6824 IPNAT - ok
22:16:51.0438 6824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:16:51.0520 6824 IRENUM - ok
22:16:51.0608 6824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:16:51.0620 6824 isapnp - ok
22:16:51.0665 6824 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:16:51.0680 6824 iScsiPrt - ok
22:16:51.0799 6824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:51.0822 6824 kbdclass - ok
22:16:51.0977 6824 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:52.0010 6824 kbdhid - ok
22:16:52.0144 6824 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
22:16:52.0174 6824 KSecDD - ok
22:16:52.0223 6824 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
22:16:52.0255 6824 KSecPkg - ok
22:16:52.0371 6824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:16:52.0431 6824 ksthunk - ok
22:16:52.0648 6824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:16:52.0703 6824 lltdio - ok
22:16:52.0847 6824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:16:52.0873 6824 LSI_FC - ok
22:16:52.0972 6824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:16:52.0984 6824 LSI_SAS - ok
22:16:53.0048 6824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:16:53.0075 6824 LSI_SAS2 - ok
22:16:53.0333 6824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:16:53.0407 6824 LSI_SCSI - ok
22:16:53.0684 6824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:16:53.0766 6824 luafv - ok
22:16:53.0958 6824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:16:53.0972 6824 megasas - ok
22:16:54.0123 6824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:16:54.0139 6824 MegaSR - ok
22:16:54.0264 6824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:16:54.0326 6824 Modem - ok
22:16:54.0513 6824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:16:54.0576 6824 monitor - ok
22:16:54.0825 6824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:16:54.0825 6824 mouclass - ok
22:16:54.0981 6824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:16:55.0044 6824 mouhid - ok
22:16:55.0169 6824 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:16:55.0169 6824 mountmgr - ok
22:16:55.0247 6824 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:16:55.0278 6824 mpio - ok
22:16:55.0340 6824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:16:55.0418 6824 mpsdrv - ok
22:16:55.0559 6824 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:16:55.0621 6824 MRxDAV - ok
22:16:55.0746 6824 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:55.0808 6824 mrxsmb - ok
22:16:55.0949 6824 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:55.0995 6824 mrxsmb10 - ok
22:16:56.0136 6824 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:56.0167 6824 mrxsmb20 - ok
22:16:56.0292 6824 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
22:16:56.0323 6824 msahci - ok
22:16:56.0432 6824 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:16:56.0448 6824 msdsm - ok
22:16:56.0588 6824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:16:56.0635 6824 Msfs - ok
22:16:56.0729 6824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:16:56.0791 6824 mshidkmdf - ok
22:16:56.0822 6824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:16:56.0822 6824 msisadrv - ok
22:16:56.0963 6824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:16:57.0041 6824 MSKSSRV - ok
22:16:57.0134 6824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:57.0197 6824 MSPCLOCK - ok
22:16:57.0290 6824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:16:57.0368 6824 MSPQM - ok
22:16:57.0446 6824 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:16:57.0462 6824 MsRPC - ok
22:16:57.0524 6824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:57.0555 6824 mssmbios - ok
22:16:57.0633 6824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:16:57.0696 6824 MSTEE - ok
22:16:57.0789 6824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:16:57.0883 6824 MTConfig - ok
22:16:58.0008 6824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:16:58.0039 6824 Mup - ok
22:16:58.0242 6824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:16:58.0304 6824 NativeWifiP - ok
22:16:58.0523 6824 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:16:58.0554 6824 NDIS - ok
22:16:58.0725 6824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:16:58.0803 6824 NdisCap - ok
22:16:58.0991 6824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:59.0084 6824 NdisTapi - ok
22:16:59.0271 6824 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:59.0349 6824 Ndisuio - ok
22:16:59.0552 6824 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:59.0615 6824 NdisWan - ok
22:16:59.0755 6824 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:16:59.0849 6824 NDProxy - ok
22:17:00.0020 6824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:17:00.0067 6824 NetBIOS - ok
22:17:00.0207 6824 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:17:00.0317 6824 NetBT - ok
22:17:00.0488 6824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:17:00.0504 6824 nfrd960 - ok
22:17:00.0722 6824 NPF (324c4d3c3fc6accb72d5d83986442ebb) C:\Windows\system32\drivers\NPF.sys
22:17:00.0738 6824 NPF - ok
22:17:00.0863 6824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:17:00.0941 6824 Npfs - ok
22:17:01.0128 6824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:17:01.0190 6824 nsiproxy - ok
22:17:01.0377 6824 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:17:01.0424 6824 Ntfs - ok
22:17:01.0580 6824 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:17:01.0611 6824 NuidFltr - ok
22:17:01.0689 6824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:17:01.0752 6824 Null - ok
22:17:01.0892 6824 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:17:01.0908 6824 nvraid - ok
22:17:02.0064 6824 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:17:02.0079 6824 nvstor - ok
22:17:02.0251 6824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:17:02.0282 6824 nv_agp - ok
22:17:02.0423 6824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:17:02.0501 6824 ohci1394 - ok
22:17:02.0688 6824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:17:02.0703 6824 Parport - ok
22:17:02.0859 6824 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:17:02.0875 6824 partmgr - ok
22:17:03.0031 6824 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:17:03.0047 6824 pci - ok
22:17:03.0218 6824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:17:03.0234 6824 pciide - ok
22:17:03.0390 6824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:17:03.0405 6824 pcmcia - ok
22:17:03.0546 6824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:17:03.0561 6824 pcw - ok
22:17:03.0717 6824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:17:03.0780 6824 PEAUTH - ok
22:17:03.0983 6824 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:17:03.0998 6824 Point64 - ok
22:17:04.0154 6824 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:17:04.0248 6824 PptpMiniport - ok
22:17:04.0388 6824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:17:04.0419 6824 Processor - ok
22:17:04.0622 6824 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:17:04.0685 6824 Psched - ok
22:17:04.0919 6824 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:17:04.0950 6824 PxHlpa64 - ok
22:17:05.0184 6824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:17:05.0246 6824 ql2300 - ok
22:17:05.0402 6824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:17:05.0418 6824 ql40xx - ok
22:17:05.0543 6824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:17:05.0621 6824 QWAVEdrv - ok
22:17:05.0761 6824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:17:05.0823 6824 RasAcd - ok
22:17:05.0995 6824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:17:06.0042 6824 RasAgileVpn - ok
22:17:06.0198 6824 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:17:06.0291 6824 Rasl2tp - ok
22:17:06.0432 6824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:17:06.0525 6824 RasPppoe - ok
22:17:06.0697 6824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:17:06.0744 6824 RasSstp - ok
22:17:06.0869 6824 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:17:06.0962 6824 rdbss - ok
22:17:07.0134 6824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:17:07.0165 6824 rdpbus - ok
22:17:07.0383 6824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:17:07.0430 6824 RDPCDD - ok
22:17:07.0571 6824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:17:07.0649 6824 RDPENCDD - ok
22:17:07.0898 6824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:17:07.0945 6824 RDPREFMP - ok
22:17:08.0117 6824 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:17:08.0210 6824 RDPWD - ok
22:17:08.0460 6824 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:17:08.0460 6824 rdyboost - ok
22:17:08.0631 6824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:17:08.0709 6824 rspndr - ok
22:17:08.0865 6824 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
22:17:08.0897 6824 RSUSBSTOR - ok
22:17:09.0068 6824 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:17:09.0084 6824 RTL8167 - ok
22:17:09.0177 6824 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:17:09.0177 6824 SASDIFSV - ok
22:17:09.0209 6824 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:17:09.0224 6824 SASKUTIL - ok
22:17:09.0380 6824 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:17:09.0380 6824 sbp2port - ok
22:17:09.0567 6824 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:17:09.0614 6824 scfilter - ok
22:17:09.0770 6824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:17:09.0833 6824 secdrv - ok
22:17:10.0004 6824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:17:10.0051 6824 Serenum - ok
22:17:10.0207 6824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:17:10.0223 6824 Serial - ok
22:17:10.0394 6824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:17:10.0441 6824 sermouse - ok
22:17:10.0613 6824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:17:10.0659 6824 sffdisk - ok
22:17:10.0800 6824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:17:10.0847 6824 sffp_mmc - ok
22:17:10.0987 6824 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:17:11.0018 6824 sffp_sd - ok
22:17:11.0237 6824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:17:11.0268 6824 sfloppy - ok
22:17:11.0439 6824 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:17:11.0502 6824 Sftfs - ok
22:17:11.0673 6824 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:17:11.0689 6824 Sftplay - ok
22:17:11.0907 6824 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:17:11.0923 6824 Sftredir - ok
22:17:12.0079 6824 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:17:12.0095 6824 Sftvol - ok
22:17:12.0251 6824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:17:12.0266 6824 SiSRaid2 - ok
22:17:12.0375 6824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:17:12.0391 6824 SiSRaid4 - ok
22:17:12.0485 6824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:17:12.0578 6824 Smb - ok
22:17:12.0719 6824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:17:12.0734 6824 spldr - ok
22:17:12.0890 6824 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:17:12.0953 6824 srv - ok
22:17:13.0093 6824 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:17:13.0124 6824 srv2 - ok
22:17:13.0280 6824 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:13.0311 6824 srvnet - ok
22:17:13.0483 6824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:17:13.0514 6824 stexstor - ok
22:17:13.0701 6824 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
22:17:13.0779 6824 STHDA - ok
22:17:13.0920 6824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:17:13.0935 6824 swenum - ok
22:17:14.0107 6824 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
22:17:14.0138 6824 SynTP - ok
22:17:14.0310 6824 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
22:17:14.0403 6824 Tcpip - ok
22:17:14.0591 6824 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
22:17:14.0622 6824 TCPIP6 - ok
22:17:14.0747 6824 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:17:14.0825 6824 tcpipreg - ok
22:17:14.0934 6824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:17:15.0012 6824 TDPIPE - ok
22:17:15.0152 6824 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:17:15.0215 6824 TDTCP - ok
22:17:15.0371 6824 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:17:15.0464 6824 tdx - ok
22:17:15.0620 6824 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:17:15.0651 6824 TermDD - ok
22:17:15.0807 6824 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:17:15.0870 6824 tssecsrv - ok
22:17:16.0026 6824 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:17:16.0119 6824 tunnel - ok
22:17:16.0275 6824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:17:16.0307 6824 uagp35 - ok
22:17:16.0463 6824 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
22:17:16.0509 6824 udfs - ok
22:17:16.0650 6824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:17:16.0681 6824 uliagpkx - ok
22:17:16.0806 6824 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:17:16.0837 6824 umbus - ok
22:17:16.0977 6824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:17:17.0009 6824 UmPass - ok
22:17:17.0180 6824 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:17:17.0243 6824 USBAAPL64 - ok
22:17:17.0367 6824 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
22:17:17.0445 6824 usbccgp - ok
22:17:17.0586 6824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:17:17.0633 6824 usbcir - ok
22:17:17.0820 6824 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
22:17:17.0851 6824 usbehci - ok
22:17:18.0007 6824 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
22:17:18.0023 6824 usbfilter - ok
22:17:18.0163 6824 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
22:17:18.0210 6824 usbhub - ok
22:17:18.0397 6824 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
22:17:18.0459 6824 usbohci - ok
22:17:18.0725 6824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:17:18.0756 6824 usbprint - ok
22:17:19.0052 6824 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:17:19.0177 6824 USBSTOR - ok
22:17:19.0302 6824 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
22:17:19.0333 6824 usbuhci - ok
22:17:19.0489 6824 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:17:19.0567 6824 usbvideo - ok
22:17:19.0723 6824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:17:19.0723 6824 vdrvroot - ok
22:17:19.0910 6824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:17:19.0926 6824 vga - ok
22:17:20.0066 6824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:17:20.0129 6824 VgaSave - ok
22:17:20.0269 6824 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:17:20.0300 6824 vhdmp - ok
22:17:20.0409 6824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:17:20.0472 6824 viaide - ok
22:17:20.0628 6824 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:17:20.0659 6824 volmgr - ok
22:17:20.0799 6824 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:17:20.0831 6824 volmgrx - ok
22:17:20.0971 6824 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:17:20.0987 6824 volsnap - ok
22:17:21.0143 6824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:17:21.0174 6824 vsmraid - ok
22:17:21.0377 6824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:17:21.0423 6824 vwifibus - ok
22:17:21.0564 6824 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:17:21.0611 6824 vwififlt - ok
22:17:21.0751 6824 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:17:21.0767 6824 vwifimp - ok
22:17:21.0876 6824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:17:21.0907 6824 WacomPen - ok
22:17:22.0094 6824 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:22.0172 6824 WANARP - ok
22:17:22.0188 6824 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:22.0235 6824 Wanarpv6 - ok
22:17:22.0375 6824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:17:22.0391 6824 Wd - ok
22:17:22.0515 6824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:17:22.0531 6824 Wdf01000 - ok
22:17:22.0656 6824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:17:22.0703 6824 WfpLwf - ok
22:17:22.0734 6824 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
22:17:22.0749 6824 WimFltr - ok
22:17:22.0874 6824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:17:22.0890 6824 WIMMount - ok
22:17:23.0077 6824 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
22:17:23.0139 6824 WinUsb - ok
22:17:23.0295 6824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:17:23.0342 6824 WmiAcpi - ok
22:17:23.0483 6824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:17:23.0561 6824 ws2ifsl - ok
22:17:23.0701 6824 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
22:17:23.0763 6824 WudfPf - ok
22:17:23.0966 6824 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:17:24.0013 6824 WUDFRd - ok
22:17:24.0263 6824 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:17:24.0309 6824 yukonw7 - ok
22:17:24.0356 6824 MBR (0x1B8) (4f67409277c79a1c33061decc087f711) \Device\Harddisk0\DR0
22:17:24.0419 6824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:17:24.0419 6824 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:17:25.0620 6824 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:17:25.0620 6824 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:17:25.0651 6824 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
22:17:25.0651 6824 \Device\Harddisk0\DR0\Partition0 - ok
22:17:25.0667 6824 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
22:17:25.0682 6824 \Device\Harddisk0\DR0\Partition1 - ok
22:17:25.0682 6824 ============================================================
22:17:25.0682 6824 Scan finished
22:17:25.0682 6824 ============================================================
22:17:25.0713 4068 Detected object count: 2
22:17:25.0713 4068 Actual detected object count: 2
22:19:35.0380 4068 \Device\Harddisk0\DR0\# - copied to quarantine
22:19:35.0380 4068 \Device\Harddisk0\DR0 - copied to quarantine
22:19:35.0489 4068 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:19:35.0489 4068 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:19:35.0505 4068 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:19:35.0521 4068 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:19:35.0536 4068 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:19:35.0536 4068 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:19:35.0536 4068 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:19:35.0536 4068 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:19:35.0536 4068 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:19:35.0536 4068 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:19:35.0583 4068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:19:35.0583 4068 \Device\Harddisk0\DR0 - ok
22:19:36.0020 4068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:19:36.0020 4068 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:19:36.0020 4068 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:19:39.0889 5296 Deinitialize success

[LDTate]

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste".

[morgank]

My computer hasn't crashed with the blue screen lately, but I am still getting redirected a lot on websites. Here is my mbam log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.01.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
User :: USER-PC [administrator]

3/1/2012 7:53:29 AM
mbam-log-2012-03-01 (07-53-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186897
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[LDTate]

Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[morgank]

My computer seems to be running fine, but I haven't been using it a lot. Here is my log for combo fix:

ComboFix 12-03-01.02 - User 03/01/2012 21:27:37.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2379 [GMT -6:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\B3F7\304.tmp
c:\program files (x86)\LP\B3F7\3F8A.tmp
c:\program files (x86)\LP\B3F7\829A.tmp
c:\program files (x86)\LP\B3F7\9C01.tmp
c:\program files (x86)\LP\B3F7\A5C6.tmp
c:\program files (x86)\LP\B3F7\AE5C.tmp
c:\program files (x86)\LP\B3F7\B0C.tmp
c:\program files (x86)\LP\B3F7\BE1C.tmp
c:\program files (x86)\LP\B3F7\FA47.tmp
c:\program files (x86)\LP\D3B7\80E6.tmp
c:\program files (x86)\LP\D3B7\AE5B.tmp
c:\program files (x86)\LP\D3B7\C4C4.tmp
c:\program files (x86)\LP\D3B7\F518.tmp
c:\programdata\~xqlIG44fP9zRa0
c:\programdata\~xqlIG44fP9zRa0r
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjtshiog.default\extensions\{775f58c8-67be-4d72-a7fe-248424a03e89}
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjtshiog.default\extensions\{775f58c8-67be-4d72-a7fe-248424a03e89}\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjtshiog.default\extensions\{775f58c8-67be-4d72-a7fe-248424a03e89}\chrome\xulcache.jar
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjtshiog.default\extensions\{775f58c8-67be-4d72-a7fe-248424a03e89}\defaults\preferences\xulcache.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjtshiog.default\extensions\{775f58c8-67be-4d72-a7fe-248424a03e89}\install.rdf
c:\users\User\Desktop\System Check.lnk
c:\users\User\Taskmgr.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 03:45 . 2012-03-02 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-01 13:52 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 04:19 . 2012-03-01 04:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 03:56 . 2012-02-24 03:56 -------- d-----w- C:\$AVG
2012-02-20 04:48 . 2012-02-25 21:27 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-20 04:46 . 2012-02-25 21:26 -------- d-----w- c:\programdata\AVG2012
2012-02-16 04:31 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 04:31 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 04:31 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 04:31 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 04:31 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 04:31 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 04:31 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 04:31 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 14:21 . 2012-02-25 21:26 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-02-14 14:20 . 2012-02-25 21:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-14 14:20 . 2012-02-14 14:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-14 01:18 . 2012-02-14 01:18 -------- d-----w- c:\programdata\ATI
2012-02-14 01:18 . 2012-02-14 01:18 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-14 01:15 . 2012-02-14 01:17 -------- d-----w- c:\program files\ATI Technologies
2012-02-14 01:00 . 2012-02-14 01:19 -------- d-----w- c:\programdata\AMD
2012-02-12 01:29 . 2012-02-25 21:26 -------- d-----w- C:\AMD
2012-02-11 02:03 . 2012-02-14 05:31 -------- d-----w- c:\users\User\AppData\Roaming\7C4E8
2012-02-11 02:02 . 2012-02-14 05:31 -------- d-----w- c:\users\User\AppData\Roaming\E86D4
2012-02-10 03:05 . 2012-02-14 14:21 -------- d-----w- c:\program files (x86)\E86D4
2012-02-02 13:58 . 2012-02-02 14:01 -------- d--h--w- c:\users\User\AppData\Roaming\AVG
2012-02-01 06:00 . 2012-03-01 04:24 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-01 06:00 . 2012-03-01 04:24 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-01 06:00 . 2012-03-01 04:24 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-01 06:00 . 2012-03-01 04:24 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 03:46 . 2011-02-28 23:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-12-06 16:38 . 2011-12-06 16:40 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-20 04:48 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-20 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-28 102400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"lxcymon.exe"="c:\program files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 3400 Series\ezprint.exe" [2009-05-01 82600]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-20 939872]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-11-4 16032]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-24 909152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 04:51]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 04:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF6522.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.15.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rjtshiog.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1292250947&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fco102w.col102.mail.live.com%2Fdefault.aspx%3Fwa%3Dwsignin1.0&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5b4bc333-57df-484c-97b3-ecab48d8a6da%7D&mid=dd8726c9a68d47d180347ac563f42f26-cbfc6c6e6092c973363299566f25a1370777a478&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-13%2013%3A38%3A23&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-209528003-3485898392-3193350400-1000\Software\SecuROM\License information*]
"datasecu"=hex:aa,08,7e,0b,a5,31,a2,59,14,69,29,1b,0c,dd,00,6b,6c,ed,d0,30,f2,
0b,d9,5c,c9,27,54,48,4a,97,df,f2,48,9b,27,3a,2e,a9,08,90,f2,c5,e1,bd,8c,47,\
"rkeysecu"=hex:59,72,fd,04,69,7f,59,a9,92,f7,54,cb,2d,60,af,3b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-01 22:17:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 04:16
.
Pre-Run: 314,434,506,752 bytes free
Post-Run: 313,855,950,848 bytes free
.
- - End Of File - - 71BE1D937793F85034B64D10BF124A5D

[LDTate]

Run a new updated MBAM scan and we'll see if that bad guy is gone.

[morgank]

Everything seems to look good. No malicious items detected! Thanks so much!

Do you happen to know why I keep getting redirected on websites when I click a link? It is still happening.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.01.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
User :: USER-PC [administrator]

3/2/2012 5:50:34 PM
mbam-log-2012-03-02 (17-50-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188484
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[LDTate]

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.


Log looks good

• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
• 
  
• Securing Your Web Browser
  This paper will help you configure your web browser for safer internet surfing.
  
  
  
• Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
  
  •Free browser plug-in for Internet Explorer and Firefox
  •Real-time safety ratings
  •Ideal for Facebook, Twitter and LinkedIn
  
  
  
• JAVA Click this link and click on the Free JAVA Download
  
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.

Only run one Anti-Virus and Firewall program.


I would suggest you read:
PC Safety and Security--What Do I Need?.
How to Prevent Malware:


The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.
We use different ways of protecting your computer(s):

• Dynamically Blocks Malware Sites & Servers
  
• Malware Execution Prevention

Save yourself the hassle and get protected.

[morgank]

Thanks again for all of your help!

[LDTate]

You're more than welcome.
Glad we were able to help

Peace be with you

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.