Jump to content


Photo
- - - - -

Google redirect virus

Started by RichHeller, Apr 02 2012 09:14 AM

  • This topic is locked This topic is locked
29 replies to this topic

#1 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 02 April 2012 - 09:14 AM

When I do a search on google, the address of the links changes when I click on them. Well, the first one changes. If I right click on a link, it will change it to another address. After that, the other links on the page are unaffected.

Malwarebytes quick scan results
------------------------------------------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
rich :: RICH-PC [administrator]

4/2/2012 9:05:10 AM
mbam-log-2012-04-02 (09-05-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190005
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS.log
----------------------------------------

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by rich at 9:09:15 on 2012-04-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2156 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{855A61B4-F3AB-4273-AA7C-3A9801B994B6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{96E1D7E3-0FF9-4000-AC2A-8104715BC0B7} : DhcpNameServer = 192.168.0.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rich\appdata\roaming\mozilla\firefox\profiles\kvtcmbdk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w --> C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-2 40776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-27 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-20 1343400]
.
=============== Created Last 30 ================
.
2012-04-02 14:05:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 23:33:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-30 23:33:07 -------- d-----w- c:\users\rich\appdata\local\temp
2012-03-30 23:22:49 98816 ----a-w- c:\windows\sed.exe
2012-03-30 23:22:49 518144 ----a-w- c:\windows\SWREG.exe
2012-03-30 23:22:49 256000 ----a-w- c:\windows\PEV.exe
2012-03-30 23:22:49 208896 ----a-w- c:\windows\MBR.exe
2012-03-14 18:23:27 -------- d-----w- c:\program files\M-Audio
2012-03-11 00:15:01 68068 ----a-w- c:\windows\system32\bassmididrvuninstall.exe
2012-03-11 00:15:01 -------- d-----w- c:\windows\system32\bassmididrv
2012-03-10 22:39:58 -------- d-----w- c:\users\rich\TruePianos Settings
2012-03-10 22:39:31 -------- d-----w- c:\users\rich\appdata\roaming\Cakewalk
2012-03-10 22:35:17 -------- d-----w- c:\program files\common files\Native Instruments
2012-03-10 22:35:14 -------- d-----w- c:\program files\common files\Digidesign
2012-03-10 22:34:29 -------- d-----w- c:\program files\Native Instruments
2012-03-10 22:27:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-10 22:27:21 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-03-10 22:27:21 368640 ----a-w- c:\windows\system32\ReWire.dll
2012-03-10 22:27:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-10 22:27:21 344064 ----a-w- c:\windows\system32\msvcr70.dll
2012-03-10 22:27:21 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-03-10 22:27:18 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-10 22:26:45 -------- d-----w- c:\programdata\Cakewalk
2012-03-10 22:26:45 -------- d-----w- c:\program files\Cakewalk
2012-03-10 22:26:45 -------- d-----w- C:\Cakewalk Projects
.
==================== Find3M ====================
.
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:09:42.83 ===============


Attach.txt
---------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 11/20/2010 12:25:40 AM
System Uptime: 4/2/2012 4:11:26 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 0H275K
Processor: Intel® Core™2 Duo CPU T5850 @ 2.16GHz | Microprocessor | 996/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 217.518 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.348 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0
Service:
.
Class GUID:
Description:
Device ID: ACPI\ITE8708\4&1E0559A0&0
Manufacturer:
Name:
PNP Device ID: ACPI\ITE8708\4&1E0559A0&0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Absolute Poker
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X
Android SDK Tools
Audacity 1.2.6
Compatibility Pack for the 2007 Office system
ESET Online Scanner v3
Finale Reader 2011
Full Tilt Poker
Guitar Pro 5.2
Java Auto Updater
Java DB 10.5.3.0
Java™ 7 Update 1
M-Audio FastTrack Driver 6.0.6 (x86)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
Mp3tag v2.48
Native Instruments Guitar Rig 3
Native Instruments Service Center
NetBeans IDE 7.0 Beta 2
PokerStars
PostgreSQL 9.0
SONAR 8.0 Producer Edition
Winamp
Winamp Detector Plug-in
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
4/2/2012 8:40:54 AM, Error: atikmdag [43029] - Display is not active
3/30/2012 6:36:32 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
3/30/2012 6:31:11 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/29/2012 4:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/29/2012 4:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/29/2012 4:59:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/29/2012 4:59:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/29/2012 4:59:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
.
==== End Of File ===========================

#2 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 April 2012 - 12:45 PM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.




I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingc...to-use-combofix

Quote

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.



Please download Gmer from here and save it to your Desktop.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it



  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#3 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 03 April 2012 - 02:36 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-03 14:35:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75ZCT2 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\rich\AppData\Local\Temp\pxldrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2B754346-56B8-42EE-B406-E2CCACEB027B}\Connection@Name isatap.{87969DCC-9B23-468E-B0A8-9D57C8CAEFBF}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}?\Device\{2B754346-56B8-42EE-B406-E2CCACEB027B}?\Device\{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}?\Device\{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}"?"{2B754346-56B8-42EE-B406-E2CCACEB027B}"?"{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}"?"{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}?\Device\TCPIP6TUNNEL_{2B754346-56B8-42EE-B406-E2CCACEB027B}?\Device\TCPIP6TUNNEL_{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}?\Device\TCPIP6TUNNEL_{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2B754346-56B8-42EE-B406-E2CCACEB027B}@InterfaceName isatap.{87969DCC-9B23-468E-B0A8-9D57C8CAEFBF}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2B754346-56B8-42EE-B406-E2CCACEB027B}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 11438

---- EOF - GMER 1.0.15 ----

#4 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 04 April 2012 - 11:39 AM

Hy there,


Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan

  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.

  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#5 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 04 April 2012 - 01:18 PM

13:17:27.0346 2244 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
13:17:27.0767 2244 ============================================================
13:17:27.0767 2244 Current date / time: 2012/04/04 13:17:27.0767
13:17:27.0767 2244 SystemInfo:
13:17:27.0767 2244
13:17:27.0767 2244 OS Version: 6.1.7601 ServicePack: 1.0
13:17:27.0767 2244 Product type: Workstation
13:17:27.0767 2244 ComputerName: RICH-PC
13:17:27.0767 2244 UserName: rich
13:17:27.0767 2244 Windows directory: C:\Windows
13:17:27.0767 2244 System windows directory: C:\Windows
13:17:27.0767 2244 Processor architecture: Intel x86
13:17:27.0767 2244 Number of processors: 2
13:17:27.0767 2244 Page size: 0x1000
13:17:27.0767 2244 Boot type: Normal boot
13:17:27.0767 2244 ============================================================
13:17:28.0828 2244 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:17:28.0828 2244 \Device\Harddisk0\DR0:
13:17:28.0843 2244 MBR used
13:17:28.0843 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000
13:17:28.0843 2244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x23FE7000
13:17:28.0890 2244 Initialize success
13:17:28.0890 2244 ============================================================
13:17:34.0303 3996 ============================================================
13:17:34.0303 3996 Scan started
13:17:34.0303 3996 Mode: Manual;
13:17:34.0303 3996 ============================================================
13:17:36.0441 3996 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:17:36.0441 3996 1394ohci - ok
13:17:36.0503 3996 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:17:36.0503 3996 ACPI - ok
13:17:36.0550 3996 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:17:36.0550 3996 AcpiPmi - ok
13:17:36.0597 3996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:17:36.0612 3996 adp94xx - ok
13:17:36.0643 3996 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:17:36.0643 3996 adpahci - ok
13:17:36.0690 3996 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:17:36.0690 3996 adpu320 - ok
13:17:36.0737 3996 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
13:17:36.0737 3996 AeLookupSvc - ok
13:17:36.0799 3996 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:17:36.0799 3996 AFD - ok
13:17:36.0846 3996 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:17:36.0846 3996 agp440 - ok
13:17:36.0893 3996 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:17:36.0893 3996 aic78xx - ok
13:17:36.0924 3996 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
13:17:36.0924 3996 ALG - ok
13:17:36.0955 3996 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:17:36.0955 3996 aliide - ok
13:17:37.0002 3996 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
13:17:37.0018 3996 AMD External Events Utility - ok
13:17:37.0049 3996 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:17:37.0049 3996 amdagp - ok
13:17:37.0080 3996 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:17:37.0080 3996 amdide - ok
13:17:37.0127 3996 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:17:37.0127 3996 AmdK8 - ok
13:17:37.0143 3996 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:17:37.0158 3996 AmdPPM - ok
13:17:37.0189 3996 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
13:17:37.0189 3996 amdsata - ok
13:17:37.0221 3996 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:17:37.0221 3996 amdsbs - ok
13:17:37.0236 3996 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
13:17:37.0236 3996 amdxata - ok
13:17:37.0283 3996 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:17:37.0299 3996 AppID - ok
13:17:37.0361 3996 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
13:17:37.0361 3996 AppIDSvc - ok
13:17:37.0392 3996 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
13:17:37.0392 3996 Appinfo - ok
13:17:37.0439 3996 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
13:17:37.0455 3996 AppMgmt - ok
13:17:37.0501 3996 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:17:37.0501 3996 arc - ok
13:17:37.0533 3996 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:17:37.0533 3996 arcsas - ok
13:17:37.0579 3996 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:17:37.0579 3996 AsyncMac - ok
13:17:37.0626 3996 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:17:37.0626 3996 atapi - ok
13:17:37.0767 3996 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
13:17:37.0876 3996 atikmdag - ok
13:17:37.0938 3996 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:17:37.0954 3996 AudioEndpointBuilder - ok
13:17:37.0969 3996 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
13:17:37.0969 3996 Audiosrv - ok
13:17:38.0016 3996 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
13:17:38.0016 3996 AxInstSV - ok
13:17:38.0079 3996 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:17:38.0094 3996 b06bdrv - ok
13:17:38.0141 3996 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:17:38.0141 3996 b57nd60x - ok
13:17:38.0235 3996 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:17:38.0266 3996 BCM43XX - ok
13:17:38.0313 3996 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
13:17:38.0313 3996 BDESVC - ok
13:17:38.0328 3996 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:17:38.0344 3996 Beep - ok
13:17:38.0391 3996 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
13:17:38.0391 3996 BFE - ok
13:17:38.0437 3996 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
13:17:38.0453 3996 BITS - ok
13:17:38.0469 3996 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:17:38.0469 3996 blbdrive - ok
13:17:38.0515 3996 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:17:38.0515 3996 bowser - ok
13:17:38.0531 3996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:17:38.0531 3996 BrFiltLo - ok
13:17:38.0562 3996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:17:38.0562 3996 BrFiltUp - ok
13:17:38.0609 3996 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:17:38.0609 3996 BridgeMP - ok
13:17:38.0656 3996 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
13:17:38.0656 3996 Browser - ok
13:17:38.0687 3996 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:17:38.0687 3996 Brserid - ok
13:17:38.0718 3996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:17:38.0718 3996 BrSerWdm - ok
13:17:38.0734 3996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:17:38.0734 3996 BrUsbMdm - ok
13:17:38.0765 3996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:17:38.0765 3996 BrUsbSer - ok
13:17:38.0796 3996 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:17:38.0796 3996 BTHMODEM - ok
13:17:38.0859 3996 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
13:17:38.0859 3996 bthserv - ok
13:17:38.0952 3996 catchme - ok
13:17:38.0999 3996 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:17:38.0999 3996 cdfs - ok
13:17:39.0046 3996 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:17:39.0046 3996 cdrom - ok
13:17:39.0093 3996 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:17:39.0093 3996 CertPropSvc - ok
13:17:39.0124 3996 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:17:39.0124 3996 circlass - ok
13:17:39.0155 3996 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:17:39.0155 3996 CLFS - ok
13:17:39.0217 3996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:17:39.0233 3996 clr_optimization_v2.0.50727_32 - ok
13:17:39.0249 3996 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:17:39.0249 3996 CmBatt - ok
13:17:39.0295 3996 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:17:39.0311 3996 cmdide - ok
13:17:39.0342 3996 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:17:39.0358 3996 CNG - ok
13:17:39.0389 3996 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:17:39.0389 3996 Compbatt - ok
13:17:39.0451 3996 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:17:39.0451 3996 CompositeBus - ok
13:17:39.0467 3996 COMSysApp - ok
13:17:39.0483 3996 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:17:39.0483 3996 crcdisk - ok
13:17:39.0545 3996 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
13:17:39.0545 3996 CryptSvc - ok
13:17:39.0592 3996 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:17:39.0592 3996 CSC - ok
13:17:39.0654 3996 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
13:17:39.0654 3996 CscService - ok
13:17:39.0732 3996 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
13:17:39.0732 3996 DcomLaunch - ok
13:17:39.0763 3996 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
13:17:39.0779 3996 defragsvc - ok
13:17:39.0826 3996 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:17:39.0826 3996 DfsC - ok
13:17:39.0857 3996 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
13:17:39.0873 3996 Dhcp - ok
13:17:39.0904 3996 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:17:39.0904 3996 discache - ok
13:17:39.0935 3996 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:17:39.0951 3996 Disk - ok
13:17:39.0982 3996 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
13:17:39.0982 3996 Dnscache - ok
13:17:40.0029 3996 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
13:17:40.0029 3996 dot3svc - ok
13:17:40.0075 3996 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
13:17:40.0075 3996 DPS - ok
13:17:40.0122 3996 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:17:40.0138 3996 drmkaud - ok
13:17:40.0185 3996 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:17:40.0200 3996 DXGKrnl - ok
13:17:40.0247 3996 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
13:17:40.0247 3996 EapHost - ok
13:17:40.0356 3996 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:17:40.0419 3996 ebdrv - ok
13:17:40.0450 3996 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
13:17:40.0450 3996 EFS - ok
13:17:40.0512 3996 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
13:17:40.0528 3996 ehRecvr - ok
13:17:40.0559 3996 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
13:17:40.0575 3996 ehSched - ok
13:17:40.0621 3996 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:17:40.0637 3996 elxstor - ok
13:17:40.0668 3996 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:17:40.0668 3996 ErrDev - ok
13:17:40.0715 3996 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
13:17:40.0731 3996 EventSystem - ok
13:17:40.0762 3996 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:17:40.0762 3996 exfat - ok
13:17:40.0777 3996 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:17:40.0793 3996 fastfat - ok
13:17:40.0824 3996 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
13:17:40.0855 3996 Fax - ok
13:17:40.0871 3996 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:17:40.0871 3996 fdc - ok
13:17:40.0902 3996 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
13:17:40.0902 3996 fdPHost - ok
13:17:40.0918 3996 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
13:17:40.0918 3996 FDResPub - ok
13:17:40.0949 3996 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:17:40.0949 3996 FileInfo - ok
13:17:40.0965 3996 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:17:40.0965 3996 Filetrace - ok
13:17:40.0980 3996 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:17:40.0996 3996 flpydisk - ok
13:17:41.0027 3996 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:17:41.0027 3996 FltMgr - ok
13:17:41.0074 3996 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
13:17:41.0089 3996 FontCache - ok
13:17:41.0183 3996 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:17:41.0183 3996 FontCache3.0.0.0 - ok
13:17:41.0214 3996 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:17:41.0214 3996 FsDepends - ok
13:17:41.0245 3996 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:17:41.0245 3996 Fs_Rec - ok
13:17:41.0277 3996 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:17:41.0292 3996 fvevol - ok
13:17:41.0339 3996 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:17:41.0339 3996 gagp30kx - ok
13:17:41.0386 3996 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
13:17:41.0401 3996 gpsvc - ok
13:17:41.0433 3996 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:17:41.0433 3996 hcw85cir - ok
13:17:41.0511 3996 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:17:41.0511 3996 HdAudAddService - ok
13:17:41.0557 3996 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:17:41.0573 3996 HDAudBus - ok
13:17:41.0589 3996 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:17:41.0589 3996 HidBatt - ok
13:17:41.0620 3996 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:17:41.0620 3996 HidBth - ok
13:17:41.0667 3996 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:17:41.0667 3996 HidIr - ok
13:17:41.0698 3996 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
13:17:41.0698 3996 hidserv - ok
13:17:41.0745 3996 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:17:41.0760 3996 HidUsb - ok
13:17:41.0791 3996 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
13:17:41.0791 3996 hkmsvc - ok
13:17:41.0838 3996 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
13:17:41.0838 3996 HomeGroupListener - ok
13:17:41.0885 3996 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
13:17:41.0885 3996 HomeGroupProvider - ok
13:17:41.0932 3996 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:17:41.0932 3996 HpSAMD - ok
13:17:41.0994 3996 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:17:41.0994 3996 HTTP - ok
13:17:42.0025 3996 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:17:42.0025 3996 hwpolicy - ok
13:17:42.0103 3996 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:17:42.0103 3996 i8042prt - ok
13:17:42.0150 3996 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
13:17:42.0166 3996 iaStorV - ok
13:17:42.0259 3996 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:17:42.0291 3996 idsvc - ok
13:17:42.0322 3996 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:17:42.0322 3996 iirsp - ok
13:17:42.0400 3996 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
13:17:42.0415 3996 IKEEXT - ok
13:17:42.0462 3996 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:17:42.0462 3996 intelide - ok
13:17:42.0493 3996 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:17:42.0493 3996 intelppm - ok
13:17:42.0540 3996 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
13:17:42.0540 3996 IPBusEnum - ok
13:17:42.0571 3996 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:17:42.0571 3996 IpFilterDriver - ok
13:17:42.0618 3996 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
13:17:42.0618 3996 iphlpsvc - ok
13:17:42.0665 3996 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:17:42.0665 3996 IPMIDRV - ok
13:17:42.0696 3996 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:17:42.0696 3996 IPNAT - ok
13:17:42.0727 3996 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:17:42.0727 3996 IRENUM - ok
13:17:42.0759 3996 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:17:42.0759 3996 isapnp - ok
13:17:42.0805 3996 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:17:42.0805 3996 iScsiPrt - ok
13:17:42.0868 3996 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
13:17:42.0868 3996 k57nd60x - ok
13:17:42.0899 3996 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:17:42.0899 3996 kbdclass - ok
13:17:42.0946 3996 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:17:42.0946 3996 kbdhid - ok
13:17:42.0993 3996 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:17:42.0993 3996 KeyIso - ok
13:17:43.0024 3996 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:17:43.0024 3996 KSecDD - ok
13:17:43.0039 3996 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:17:43.0039 3996 KSecPkg - ok
13:17:43.0102 3996 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
13:17:43.0102 3996 KtmRm - ok
13:17:43.0164 3996 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
13:17:43.0164 3996 LanmanServer - ok
13:17:43.0211 3996 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
13:17:43.0211 3996 LanmanWorkstation - ok
13:17:43.0305 3996 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:17:43.0305 3996 lltdio - ok
13:17:43.0336 3996 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
13:17:43.0351 3996 lltdsvc - ok
13:17:43.0383 3996 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
13:17:43.0383 3996 lmhosts - ok
13:17:43.0414 3996 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:17:43.0414 3996 LSI_FC - ok
13:17:43.0445 3996 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:17:43.0445 3996 LSI_SAS - ok
13:17:43.0476 3996 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:17:43.0476 3996 LSI_SAS2 - ok
13:17:43.0507 3996 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:17:43.0507 3996 LSI_SCSI - ok
13:17:43.0539 3996 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:17:43.0539 3996 luafv - ok
13:17:43.0617 3996 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
13:17:43.0617 3996 MAUSBFASTTRACK - ok
13:17:43.0663 3996 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
13:17:43.0663 3996 Mcx2Svc - ok
13:17:43.0695 3996 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:17:43.0695 3996 megasas - ok
13:17:43.0726 3996 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:17:43.0726 3996 MegaSR - ok
13:17:43.0773 3996 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:17:43.0773 3996 MMCSS - ok
13:17:43.0788 3996 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:17:43.0788 3996 Modem - ok
13:17:43.0819 3996 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:17:43.0819 3996 monitor - ok
13:17:43.0882 3996 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:17:43.0882 3996 mouclass - ok
13:17:43.0897 3996 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:17:43.0897 3996 mouhid - ok
13:17:43.0944 3996 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:17:43.0944 3996 mountmgr - ok
13:17:43.0975 3996 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:17:43.0991 3996 mpio - ok
13:17:44.0007 3996 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:17:44.0007 3996 mpsdrv - ok
13:17:44.0053 3996 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
13:17:44.0069 3996 MpsSvc - ok
13:17:44.0116 3996 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:17:44.0116 3996 MRxDAV - ok
13:17:44.0163 3996 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:17:44.0163 3996 mrxsmb - ok
13:17:44.0209 3996 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:17:44.0209 3996 mrxsmb10 - ok
13:17:44.0241 3996 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:17:44.0241 3996 mrxsmb20 - ok
13:17:44.0272 3996 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:17:44.0272 3996 msahci - ok
13:17:44.0319 3996 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:17:44.0319 3996 msdsm - ok
13:17:44.0365 3996 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
13:17:44.0365 3996 MSDTC - ok
13:17:44.0412 3996 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:17:44.0412 3996 Msfs - ok
13:17:44.0443 3996 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:17:44.0443 3996 mshidkmdf - ok
13:17:44.0475 3996 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:17:44.0475 3996 msisadrv - ok
13:17:44.0521 3996 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
13:17:44.0521 3996 MSiSCSI - ok
13:17:44.0537 3996 msiserver - ok
13:17:44.0584 3996 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:17:44.0584 3996 MSKSSRV - ok
13:17:44.0615 3996 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:17:44.0615 3996 MSPCLOCK - ok
13:17:44.0631 3996 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:17:44.0631 3996 MSPQM - ok
13:17:44.0662 3996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:17:44.0677 3996 MsRPC - ok
13:17:44.0693 3996 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:17:44.0693 3996 mssmbios - ok
13:17:44.0709 3996 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:17:44.0724 3996 MSTEE - ok
13:17:44.0740 3996 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:17:44.0740 3996 MTConfig - ok
13:17:44.0755 3996 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:17:44.0755 3996 Mup - ok
13:17:44.0802 3996 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
13:17:44.0802 3996 napagent - ok
13:17:44.0849 3996 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:17:44.0849 3996 NativeWifiP - ok
13:17:44.0896 3996 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:17:44.0911 3996 NDIS - ok
13:17:44.0927 3996 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:17:44.0943 3996 NdisCap - ok
13:17:44.0958 3996 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:17:44.0974 3996 NdisTapi - ok
13:17:45.0005 3996 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:17:45.0005 3996 Ndisuio - ok
13:17:45.0036 3996 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:17:45.0052 3996 NdisWan - ok
13:17:45.0083 3996 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:17:45.0083 3996 NDProxy - ok
13:17:45.0099 3996 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:17:45.0114 3996 NetBIOS - ok
13:17:45.0145 3996 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:17:45.0145 3996 NetBT - ok
13:17:45.0192 3996 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:17:45.0192 3996 Netlogon - ok
13:17:45.0239 3996 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
13:17:45.0239 3996 Netman - ok
13:17:45.0286 3996 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
13:17:45.0301 3996 netprofm - ok
13:17:45.0395 3996 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:17:45.0395 3996 NetTcpPortSharing - ok
13:17:45.0442 3996 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:17:45.0442 3996 nfrd960 - ok
13:17:45.0473 3996 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
13:17:45.0473 3996 NlaSvc - ok
13:17:45.0504 3996 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:17:45.0504 3996 Npfs - ok
13:17:45.0535 3996 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
13:17:45.0535 3996 nsi - ok
13:17:45.0567 3996 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:17:45.0567 3996 nsiproxy - ok
13:17:45.0629 3996 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
13:17:45.0660 3996 Ntfs - ok
13:17:45.0676 3996 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:17:45.0676 3996 Null - ok
13:17:45.0738 3996 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
13:17:45.0738 3996 nvraid - ok
13:17:45.0754 3996 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
13:17:45.0754 3996 nvstor - ok
13:17:45.0785 3996 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:17:45.0801 3996 nv_agp - ok
13:17:45.0832 3996 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:17:45.0832 3996 ohci1394 - ok
13:17:45.0925 3996 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:17:45.0925 3996 ose - ok
13:17:45.0957 3996 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:17:45.0972 3996 p2pimsvc - ok
13:17:46.0019 3996 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
13:17:46.0019 3996 p2psvc - ok
13:17:46.0050 3996 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:17:46.0050 3996 Parport - ok
13:17:46.0081 3996 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:17:46.0081 3996 partmgr - ok
13:17:46.0113 3996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:17:46.0113 3996 Parvdm - ok
13:17:46.0144 3996 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
13:17:46.0144 3996 PcaSvc - ok
13:17:46.0175 3996 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:17:46.0191 3996 pci - ok
13:17:46.0222 3996 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:17:46.0237 3996 pciide - ok
13:17:46.0253 3996 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:17:46.0269 3996 pcmcia - ok
13:17:46.0284 3996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:17:46.0284 3996 pcw - ok
13:17:46.0315 3996 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:17:46.0331 3996 PEAUTH - ok
13:17:46.0409 3996 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
13:17:46.0440 3996 PeerDistSvc - ok
13:17:46.0518 3996 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
13:17:46.0565 3996 pla - ok
13:17:46.0627 3996 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
13:17:46.0627 3996 PlugPlay - ok
13:17:46.0659 3996 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
13:17:46.0659 3996 PNRPAutoReg - ok
13:17:46.0690 3996 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
13:17:46.0690 3996 PNRPsvc - ok
13:17:46.0705 3996 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
13:17:46.0721 3996 PolicyAgent - ok
13:17:46.0815 3996 postgresql-9.0 - ok
13:17:46.0861 3996 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
13:17:46.0861 3996 Power - ok
13:17:46.0893 3996 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:17:46.0908 3996 PptpMiniport - ok
13:17:46.0939 3996 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:17:46.0939 3996 Processor - ok
13:17:46.0971 3996 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
13:17:46.0971 3996 ProfSvc - ok
13:17:47.0017 3996 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:17:47.0017 3996 ProtectedStorage - ok
13:17:47.0064 3996 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:17:47.0064 3996 Psched - ok
13:17:47.0111 3996 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:17:47.0142 3996 ql2300 - ok
13:17:47.0173 3996 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:17:47.0173 3996 ql40xx - ok
13:17:47.0251 3996 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
13:17:47.0251 3996 QWAVE - ok
13:17:47.0267 3996 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:17:47.0267 3996 QWAVEdrv - ok
13:17:47.0298 3996 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:17:47.0298 3996 RasAcd - ok
13:17:47.0361 3996 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:17:47.0361 3996 RasAgileVpn - ok
13:17:47.0376 3996 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
13:17:47.0376 3996 RasAuto - ok
13:17:47.0407 3996 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:17:47.0407 3996 Rasl2tp - ok
13:17:47.0454 3996 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
13:17:47.0470 3996 RasMan - ok
13:17:47.0501 3996 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:17:47.0501 3996 RasPppoe - ok
13:17:47.0517 3996 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:17:47.0517 3996 RasSstp - ok
13:17:47.0563 3996 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:17:47.0563 3996 rdbss - ok
13:17:47.0579 3996 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:17:47.0595 3996 rdpbus - ok
13:17:47.0610 3996 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:17:47.0610 3996 RDPCDD - ok
13:17:47.0641 3996 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:17:47.0641 3996 RDPDR - ok
13:17:47.0688 3996 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:17:47.0688 3996 RDPENCDD - ok
13:17:47.0704 3996 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:17:47.0704 3996 RDPREFMP - ok
13:17:47.0766 3996 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:17:47.0766 3996 RdpVideoMiniport - ok
13:17:47.0813 3996 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:17:47.0813 3996 RDPWD - ok
13:17:47.0860 3996 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:17:47.0860 3996 rdyboost - ok
13:17:47.0907 3996 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
13:17:47.0907 3996 RemoteAccess - ok
13:17:47.0953 3996 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
13:17:47.0953 3996 RemoteRegistry - ok
13:17:47.0969 3996 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
13:17:47.0969 3996 RpcEptMapper - ok
13:17:48.0031 3996 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
13:17:48.0031 3996 RpcLocator - ok
13:17:48.0078 3996 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
13:17:48.0078 3996 RpcSs - ok
13:17:48.0141 3996 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:17:48.0141 3996 rspndr - ok
13:17:48.0172 3996 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:17:48.0172 3996 s3cap - ok
13:17:48.0219 3996 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:17:48.0219 3996 SamSs - ok
13:17:48.0250 3996 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:17:48.0250 3996 sbp2port - ok
13:17:48.0281 3996 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
13:17:48.0297 3996 SCardSvr - ok
13:17:48.0343 3996 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:17:48.0343 3996 scfilter - ok
13:17:48.0406 3996 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
13:17:48.0421 3996 Schedule - ok
13:17:48.0453 3996 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
13:17:48.0453 3996 SCPolicySvc - ok
13:17:48.0499 3996 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
13:17:48.0499 3996 sdbus - ok
13:17:48.0546 3996 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
13:17:48.0546 3996 SDRSVC - ok
13:17:48.0593 3996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:17:48.0593 3996 secdrv - ok
13:17:48.0624 3996 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
13:17:48.0640 3996 seclogon - ok
13:17:48.0671 3996 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
13:17:48.0671 3996 SENS - ok
13:17:48.0702 3996 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
13:17:48.0702 3996 SensrSvc - ok
13:17:48.0733 3996 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:17:48.0733 3996 Serenum - ok
13:17:48.0749 3996 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:17:48.0749 3996 Serial - ok
13:17:48.0796 3996 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:17:48.0796 3996 sermouse - ok
13:17:48.0827 3996 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
13:17:48.0827 3996 SessionEnv - ok
13:17:48.0874 3996 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:17:48.0874 3996 sffdisk - ok
13:17:48.0905 3996 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:17:48.0905 3996 sffp_mmc - ok
13:17:48.0921 3996 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:17:48.0921 3996 sffp_sd - ok
13:17:48.0952 3996 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:17:48.0952 3996 sfloppy - ok
13:17:48.0999 3996 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
13:17:48.0999 3996 SharedAccess - ok
13:17:49.0045 3996 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
13:17:49.0045 3996 ShellHWDetection - ok
13:17:49.0092 3996 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:17:49.0092 3996 sisagp - ok
13:17:49.0123 3996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:17:49.0123 3996 SiSRaid2 - ok
13:17:49.0139 3996 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:17:49.0139 3996 SiSRaid4 - ok
13:17:49.0186 3996 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:17:49.0186 3996 Smb - ok
13:17:49.0233 3996 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
13:17:49.0233 3996 SNMPTRAP - ok
13:17:49.0264 3996 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:17:49.0279 3996 spldr - ok
13:17:49.0326 3996 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
13:17:49.0357 3996 Spooler - ok
13:17:49.0498 3996 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
13:17:49.0607 3996 sppsvc - ok
13:17:49.0654 3996 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
13:17:49.0654 3996 sppuinotify - ok
13:17:49.0701 3996 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:17:49.0716 3996 srv - ok
13:17:49.0732 3996 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:17:49.0732 3996 srv2 - ok
13:17:49.0779 3996 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:17:49.0794 3996 srvnet - ok
13:17:49.0825 3996 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
13:17:49.0841 3996 SSDPSRV - ok
13:17:49.0857 3996 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
13:17:49.0857 3996 SstpSvc - ok
13:17:49.0903 3996 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:17:49.0903 3996 stexstor - ok
13:17:49.0950 3996 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
13:17:49.0981 3996 StiSvc - ok
13:17:50.0013 3996 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:17:50.0013 3996 storflt - ok
13:17:50.0044 3996 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:17:50.0044 3996 storvsc - ok
13:17:50.0075 3996 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:17:50.0075 3996 swenum - ok
13:17:50.0106 3996 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
13:17:50.0122 3996 swprv - ok
13:17:50.0153 3996 Synth3dVsc - ok
13:17:50.0231 3996 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
13:17:50.0262 3996 SysMain - ok
13:17:50.0309 3996 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
13:17:50.0309 3996 TabletInputService - ok
13:17:50.0371 3996 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
13:17:50.0371 3996 TapiSrv - ok
13:17:50.0418 3996 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
13:17:50.0418 3996 TBS - ok
13:17:50.0496 3996 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:17:50.0543 3996 Tcpip - ok
13:17:50.0605 3996 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:17:50.0621 3996 TCPIP6 - ok
13:17:50.0668 3996 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:17:50.0668 3996 tcpipreg - ok
13:17:50.0715 3996 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:17:50.0715 3996 TDPIPE - ok
13:17:50.0730 3996 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:17:50.0730 3996 TDTCP - ok
13:17:50.0777 3996 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:17:50.0777 3996 tdx - ok
13:17:50.0824 3996 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:17:50.0824 3996 TermDD - ok
13:17:50.0886 3996 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
13:17:50.0902 3996 TermService - ok
13:17:50.0949 3996 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
13:17:50.0949 3996 Themes - ok
13:17:50.0995 3996 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
13:17:50.0995 3996 THREADORDER - ok
13:17:51.0027 3996 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
13:17:51.0027 3996 TrkWks - ok
13:17:51.0089 3996 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
13:17:51.0105 3996 TrustedInstaller - ok
13:17:51.0136 3996 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:17:51.0136 3996 tssecsrv - ok
13:17:51.0229 3996 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:17:51.0245 3996 TsUsbFlt - ok
13:17:51.0245 3996 tsusbhub - ok
13:17:51.0323 3996 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:17:51.0323 3996 tunnel - ok
13:17:51.0370 3996 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:17:51.0370 3996 uagp35 - ok
13:17:51.0417 3996 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:17:51.0417 3996 udfs - ok
13:17:51.0463 3996 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
13:17:51.0463 3996 UI0Detect - ok
13:17:51.0526 3996 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:17:51.0541 3996 uliagpkx - ok
13:17:51.0588 3996 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:17:51.0588 3996 umbus - ok
13:17:51.0651 3996 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:17:51.0651 3996 UmPass - ok
13:17:51.0697 3996 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
13:17:51.0697 3996 UmRdpService - ok
13:17:51.0760 3996 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
13:17:51.0760 3996 upnphost - ok
13:17:51.0807 3996 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:17:51.0807 3996 usbaudio - ok
13:17:51.0853 3996 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:17:51.0853 3996 usbccgp - ok
13:17:51.0916 3996 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:17:51.0916 3996 usbcir - ok
13:17:51.0947 3996 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:17:51.0947 3996 usbehci - ok
13:17:51.0978 3996 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:17:51.0994 3996 usbhub - ok
13:17:52.0009 3996 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:17:52.0009 3996 usbohci - ok
13:17:52.0056 3996 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:17:52.0056 3996 usbprint - ok
13:17:52.0087 3996 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:17:52.0087 3996 USBSTOR - ok
13:17:52.0103 3996 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:17:52.0103 3996 usbuhci - ok
13:17:52.0150 3996 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:17:52.0165 3996 usbvideo - ok
13:17:52.0197 3996 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
13:17:52.0212 3996 UxSms - ok
13:17:52.0243 3996 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
13:17:52.0243 3996 VaultSvc - ok
13:17:52.0306 3996 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:17:52.0306 3996 vdrvroot - ok
13:17:52.0368 3996 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
13:17:52.0399 3996 vds - ok
13:17:52.0431 3996 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:17:52.0431 3996 vga - ok
13:17:52.0462 3996 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:17:52.0462 3996 VgaSave - ok
13:17:52.0477 3996 VGPU - ok
13:17:52.0524 3996 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:17:52.0540 3996 vhdmp - ok
13:17:52.0587 3996 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:17:52.0587 3996 viaagp - ok
13:17:52.0618 3996 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:17:52.0618 3996 ViaC7 - ok
13:17:52.0633 3996 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:17:52.0633 3996 viaide - ok
13:17:52.0665 3996 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:17:52.0680 3996 vmbus - ok
13:17:52.0696 3996 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:17:52.0696 3996 VMBusHID - ok
13:17:52.0743 3996 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:17:52.0743 3996 volmgr - ok
13:17:52.0758 3996 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:17:52.0774 3996 volmgrx - ok
13:17:52.0789 3996 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:17:52.0789 3996 volsnap - ok
13:17:52.0821 3996 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:17:52.0836 3996 vsmraid - ok
13:17:52.0883 3996 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
13:17:52.0930 3996 VSS - ok
13:17:52.0945 3996 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:17:52.0945 3996 vwifibus - ok
13:17:52.0961 3996 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:17:52.0977 3996 vwififlt - ok
13:17:53.0008 3996 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
13:17:53.0008 3996 vwifimp - ok
13:17:53.0055 3996 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
13:17:53.0070 3996 W32Time - ok
13:17:53.0086 3996 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:17:53.0086 3996 WacomPen - ok
13:17:53.0133 3996 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:17:53.0133 3996 WANARP - ok
13:17:53.0148 3996 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:17:53.0148 3996 Wanarpv6 - ok
13:17:53.0257 3996 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
13:17:53.0304 3996 WatAdminSvc - ok
13:17:53.0367 3996 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
13:17:53.0413 3996 wbengine - ok
13:17:53.0460 3996 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
13:17:53.0476 3996 WbioSrvc - ok
13:17:53.0507 3996 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
13:17:53.0523 3996 wcncsvc - ok
13:17:53.0554 3996 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
13:17:53.0569 3996 WcsPlugInService - ok
13:17:53.0601 3996 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:17:53.0601 3996 Wd - ok
13:17:53.0632 3996 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:17:53.0647 3996 Wdf01000 - ok
13:17:53.0663 3996 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:17:53.0663 3996 WdiServiceHost - ok
13:17:53.0679 3996 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
13:17:53.0679 3996 WdiSystemHost - ok
13:17:53.0710 3996 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
13:17:53.0725 3996 WebClient - ok
13:17:53.0741 3996 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
13:17:53.0741 3996 Wecsvc - ok
13:17:53.0772 3996 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
13:17:53.0772 3996 wercplsupport - ok
13:17:53.0803 3996 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
13:17:53.0803 3996 WerSvc - ok
13:17:53.0866 3996 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:17:53.0866 3996 WfpLwf - ok
13:17:53.0881 3996 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:17:53.0897 3996 WIMMount - ok
13:17:54.0006 3996 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
13:17:54.0037 3996 WinDefend - ok
13:17:54.0037 3996 WinHttpAutoProxySvc - ok
13:17:54.0115 3996 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
13:17:54.0115 3996 Winmgmt - ok
13:17:54.0193 3996 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
13:17:54.0240 3996 WinRM - ok
13:17:54.0303 3996 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
13:17:54.0334 3996 Wlansvc - ok
13:17:54.0381 3996 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:17:54.0381 3996 WmiAcpi - ok
13:17:54.0459 3996 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
13:17:54.0459 3996 wmiApSrv - ok
13:17:54.0568 3996 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:17:54.0615 3996 WMPNetworkSvc - ok
13:17:54.0646 3996 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
13:17:54.0661 3996 WPCSvc - ok
13:17:54.0708 3996 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
13:17:54.0708 3996 WPDBusEnum - ok
13:17:54.0755 3996 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:17:54.0755 3996 ws2ifsl - ok
13:17:54.0786 3996 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
13:17:54.0786 3996 wscsvc - ok
13:17:54.0802 3996 WSearch - ok
13:17:54.0895 3996 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
13:17:54.0958 3996 wuauserv - ok
13:17:54.0989 3996 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:17:55.0005 3996 WudfPf - ok
13:17:55.0036 3996 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:17:55.0036 3996 WUDFRd - ok
13:17:55.0098 3996 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
13:17:55.0098 3996 wudfsvc - ok
13:17:55.0145 3996 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
13:17:55.0161 3996 WwanSvc - ok
13:17:55.0192 3996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:17:55.0254 3996 \Device\Harddisk0\DR0 - ok
13:17:55.0270 3996 Boot (0x1200) (7ef4f5ffa007777457f9170bf81cc197) \Device\Harddisk0\DR0\Partition0
13:17:55.0270 3996 \Device\Harddisk0\DR0\Partition0 - ok
13:17:55.0285 3996 Boot (0x1200) (d1f645201fcabad361e29e5c1fb9b7e2) \Device\Harddisk0\DR0\Partition1
13:17:55.0285 3996 \Device\Harddisk0\DR0\Partition1 - ok
13:17:55.0285 3996 ============================================================
13:17:55.0285 3996 Scan finished
13:17:55.0285 3996 ============================================================
13:17:55.0363 3220 Detected object count: 0
13:17:55.0363 3220 Actual detected object count: 0
13:18:07.0360 2200 Deinitialize success

#6 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 05 April 2012 - 12:40 AM

Appears also clean.

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator


  • The tool may ask you

    Quote

    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?
    Please click Yes ( The download could take some time )


  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.

  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#7 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 05 April 2012 - 01:43 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 10:36:45
-----------------------------
10:36:45.977 OS Version: Windows 6.1.7601 Service Pack 1
10:36:45.977 Number of processors: 2 586 0xF0D
10:36:45.977 ComputerName: RICH-PC UserName: rich
10:36:48.177 Initialize success
10:38:54.373 AVAST engine defs: 12040500
10:39:12.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:39:12.453 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
10:39:12.516 Disk 0 MBR read successfully
10:39:12.531 Disk 0 MBR scan
10:39:12.531 Disk 0 Windows 7 default MBR code
10:39:12.609 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 141 MB offset 63
10:39:12.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 290816
10:39:12.874 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294862 MB offset 21262336
10:39:13.046 Disk 0 scanning sectors +625139712
10:39:13.186 Disk 0 scanning C:\Windows\system32\drivers
10:41:35.677 Service scanning
10:41:54.257 Modules scanning
10:45:52.204 Disk 0 trace - called modules:
10:45:52.344 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:45:52.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8f7b8]
10:45:52.391 3 CLASSPNP.SYS[8afd659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c7a030]
10:45:55.199 AVAST engine scan C:\Windows
10:51:43.501 AVAST engine scan C:\Windows\system32
11:30:49.585 AVAST engine scan C:\Windows\system32\drivers
11:33:24.668 AVAST engine scan C:\Users\rich
12:10:32.360 File: C:\Users\rich\AppData\Roaming\Cakewalk\Cakewalk\ivzucplz.dll **INFECTED** Win32:Malware-gen
12:29:12.059 File: C:\Users\rich\AppData\Roaming\Media Center Programs\Media Center Programs\ezbdzgg.dll **INFECTED** Win32:Rootkit-gen [Rtk]
13:10:05.003 AVAST engine scan C:\ProgramData
13:36:57.621 Scan finished successfully
13:38:47.876 Disk 0 MBR has been saved successfully to "C:\Users\rich\Desktop\MBR.dat"
13:38:47.885 The log file has been saved successfully to "C:\Users\rich\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   567bytes   8 downloads

#8 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 05 April 2012 - 03:25 PM

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#9 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 05 April 2012 - 04:07 PM

ComboFix 12-04-05.06 - rich 04/05/2012 15:57:52.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1765 [GMT -5:00]
Running from: c:\users\rich\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 15:43 . 2012-04-03 15:43 -------- d-----w- c:\users\rich\AppData\Local\Diagnostics
2012-04-03 15:27 . 2012-04-03 15:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-30 23:33 . 2012-04-05 21:03 -------- d-----w- c:\users\rich\AppData\Local\temp
2012-03-14 18:23 . 2012-03-14 18:23 -------- d-----w- c:\program files\M-Audio
2012-03-11 00:15 . 2012-03-11 00:15 -------- d-----w- c:\windows\system32\bassmididrv
2012-03-10 22:39 . 2012-03-10 22:39 -------- d-----w- c:\users\rich\TruePianos Settings
2012-03-10 22:39 . 2012-03-30 22:55 -------- d-----w- c:\users\rich\AppData\Roaming\Cakewalk
2012-03-10 22:35 . 2012-03-10 22:36 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-03-10 22:35 . 2012-03-10 22:35 -------- d-----w- c:\program files\Common Files\Digidesign
2012-03-10 22:34 . 2012-03-10 22:35 -------- d-----w- c:\program files\Native Instruments
2012-03-10 22:27 . 2006-11-30 21:49 368640 ----a-w- c:\windows\system32\ReWire.dll
2012-03-10 22:27 . 2006-02-24 16:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-10 22:27 . 2006-02-24 16:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-03-10 22:27 . 2006-02-24 16:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-10 22:27 . 2006-02-24 16:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2012-03-10 22:27 . 2006-02-24 16:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-03-10 22:27 . 2006-02-24 16:00 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-10 22:26 . 2012-03-16 18:36 -------- d-----w- C:\Cakewalk Projects
2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\programdata\Cakewalk
2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\program files\Cakewalk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-05-16 02:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 91556802
*NewlyCreated* - ASWMBR
*Deregistered* - 91556802
*Deregistered* - aswMBR
*Deregistered* - pxldrpow
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-05 16:04:33
ComboFix-quarantined-files.txt 2012-04-05 21:04
ComboFix2.txt 2012-04-03 15:38
ComboFix3.txt 2011-08-22 16:32
ComboFix4.txt 2011-08-21 14:53
.
Pre-Run: 233,308,356,608 bytes free
Post-Run: 233,373,519,872 bytes free
.
- - End Of File - - 1BC23575C4345C52CC89180C209DB690

#10 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 06 April 2012 - 12:01 PM

Hy there.

The logfiles appears clean. So let me find out a few details first.


Does the redirections appears with both Browsers ? IE and/or FF
Do you notice any other issues, like a slow startup .....
Do you have an USB stick handy or are you able to burn a CD ?
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#11 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 06 April 2012 - 11:06 PM

It appears to only be happening in FF. In IE, when I right click on a search result on google, it changes to a url of the form "http://www.google.com/url?" but ends up going to the intended site. In FF, one of the links will get changed to a numbered address, for example

http://206.51.231.11...earch%3Fq%3Davp

After one of them changes, the rest of the links on the page don't get changed.

No other issues. I have a USB stick and can burn CDs.

#12 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 07 April 2012 - 09:26 AM

Thank you.

Download OTL to your Desktop.
  • Double click on the icon to run it.
  • Under the Posted Image box paste this in
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#13 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 08 April 2012 - 09:57 AM

It only created the OTL.txt. There wasn't an Extras.txt. Here's the one it did make.

OTL logfile created on: 4/8/2012 9:26:20 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\rich\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.82% Memory free
5.99 Gb Paging File | 5.33 Gb Available in Paging File | 88.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.95 Gb Total Space | 217.55 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.48% Space Free | Partition Type: NTFS

Computer Name: RICH-PC | User Name: rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 09:25:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/22 13:10:37 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
PRC - [2011/03/22 13:09:59 | 004,913,152 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/07 16:08:32 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/18 05:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/03/22 13:10:37 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-9.0)
SRV - [2010/11/20 10:51:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\rich\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/12/07 16:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/08/18 06:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 70 EB D6 7C 88 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8D 87 63 0E D9 0A 74 4E AD EF 61 F3 47 7C 9F 33 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 21:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/26 10:40:46 | 000,000,000 | ---D | M]

[2011/05/15 21:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rich\AppData\Roaming\Mozilla\Extensions
[2012/03/30 17:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\extensions
[2011/06/11 19:04:43 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/11/28 22:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/22 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/11/28 22:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\ZUFOGUHMWK@ZUFOGUHMWK.ORG.XPI
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 03:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/03/30 18:31:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855A61B4-F3AB-4273-AA7C-3A9801B994B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E1D7E3-0FF9-4000-AC2A-8104715BC0B7}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 09:25:11 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe
[2012/04/05 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/05 16:03:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/05 10:36:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\rich\Desktop\aswMBR.exe
[2012/04/04 13:17:17 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rich\Desktop\tdsskiller.exe
[2012/04/03 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\Diagnostics
[2012/04/03 10:29:42 | 004,449,976 | R--- | C] (Swearware) -- C:\Users\rich\Desktop\ComboFix.exe
[2012/04/03 10:27:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/30 18:33:07 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\temp
[2012/03/30 18:22:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/30 18:22:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/30 18:22:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/14 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2012/03/14 13:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2012/03/10 19:15:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\bassmididrv
[2012/03/10 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BASSMIDI System Synth
[2012/03/10 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\rich\TruePianos Settings
[2012/03/10 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\rich\Documents\Cakewalk
[2012/03/10 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Cakewalk
[2012/03/10 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\rich\Documents\Native Instruments
[2012/03/10 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012/03/10 17:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012/03/10 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2012/03/10 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2012/03/10 17:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012/03/10 17:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities
[2012/03/10 17:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
[2012/03/10 17:27:21 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects
[2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk
[2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk

========== Files - Modified Within 30 Days ==========

[2012/04/08 09:25:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe
[2012/04/08 09:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/07 08:01:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/07 08:01:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 16:09:50 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/05 16:09:50 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/05 16:05:30 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 15:56:21 | 004,449,976 | R--- | M] (Swearware) -- C:\Users\rich\Desktop\ComboFix.exe
[2012/04/05 13:39:31 | 000,000,567 | ---- | M] () -- C:\Users\rich\Desktop\MBR.zip
[2012/04/05 13:38:47 | 000,000,512 | ---- | M] () -- C:\Users\rich\Desktop\MBR.dat
[2012/04/05 10:36:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\rich\Desktop\aswMBR.exe
[2012/04/04 13:17:18 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rich\Desktop\tdsskiller.exe
[2012/04/03 13:15:57 | 000,302,592 | ---- | M] () -- C:\Users\rich\Desktop\gmer.exe
[2012/03/30 18:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/16 13:34:24 | 269,658,397 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/14 13:24:50 | 000,291,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/10 19:22:41 | 000,000,047 | ---- | M] () -- C:\Windows\bassmidi.sflist
[2012/03/10 19:15:01 | 000,068,068 | ---- | M] () -- C:\Windows\System32\bassmididrvuninstall.exe
[2012/03/10 17:33:48 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\SONAR 8 Producer Edition.lnk

========== Files Created - No Company Name ==========

[2012/04/05 13:39:31 | 000,000,567 | ---- | C] () -- C:\Users\rich\Desktop\MBR.zip
[2012/04/05 13:38:47 | 000,000,512 | ---- | C] () -- C:\Users\rich\Desktop\MBR.dat
[2012/04/03 13:17:02 | 000,302,592 | ---- | C] () -- C:\Users\rich\Desktop\gmer.exe
[2012/03/30 18:22:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/30 18:22:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/30 18:22:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/30 18:22:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/30 18:22:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/10 19:22:41 | 000,000,047 | ---- | C] () -- C:\Windows\bassmidi.sflist
[2012/03/10 19:15:01 | 000,068,068 | ---- | C] () -- C:\Windows\System32\bassmididrvuninstall.exe
[2012/03/10 17:33:48 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\SONAR 8 Producer Edition.lnk
[2011/07/27 23:45:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/27 23:43:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/26 22:30:12 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/24 11:31:49 | 000,000,024 | ---- | C] () -- C:\ProgramData\1cba34b0
[2011/05/15 21:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\Users\rich\AppData\Local\704g2smt3les0vhg27bh254kl6878srlwy60
[2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\ProgramData\704g2smt3les0vhg27bh254kl6878srlwy60
[2011/04/03 11:36:46 | 000,000,120 | ---- | C] () -- C:\Users\rich\AppData\Local\Btemutejefifino.dat
[2011/04/03 11:36:46 | 000,000,000 | ---- | C] () -- C:\Users\rich\AppData\Local\Vsuqu.bin
[2010/11/20 01:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/29 15:15:21 | 000,000,792 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll

========== LOP Check ==========

[2011/08/22 22:46:32 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\794570693DE38B612A5551A88025B00F
[2010/11/21 11:40:31 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Absolute Poker
[2012/03/30 17:55:07 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Cakewalk
[2011/05/31 23:27:27 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\MakeMusic
[2011/05/26 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Mp3tag
[2011/04/09 07:53:54 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\postgresql
[2011/06/29 14:15:22 | 000,030,410 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/04/05 16:03:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/08/21 16:51:31 | 000,000,000 | ---D | M] -- C:\Boot
[2012/03/16 13:36:22 | 000,000,000 | ---D | M] -- C:\Cakewalk Projects
[2008/10/03 17:03:59 | 000,000,000 | ---D | M] -- C:\DELL
[2011/01/02 13:18:04 | 000,000,000 | ---D | M] -- C:\derby-10.7.1.1
[2008/09/17 18:46:38 | 000,000,000 | ---D | M] -- C:\doctemp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008/03/11 05:47:38 | 000,000,000 | ---D | M] -- C:\Drivers
[2011/05/12 22:09:30 | 000,000,000 | ---D | M] -- C:\eclipse
[2009/01/24 14:29:53 | 000,000,000 | ---D | M] -- C:\emacs
[2011/03/24 08:18:29 | 000,000,000 | ---D | M] -- C:\glassfish3
[2011/05/26 15:10:38 | 000,000,000 | ---D | M] -- C:\home
[2010/01/07 20:07:46 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2008/10/24 22:04:10 | 000,000,000 | ---D | M] -- C:\Poker Application
[2012/03/14 13:23:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/03/10 17:34:11 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011/05/31 23:26:33 | 000,000,000 | ---D | M] -- C:\PSFONTS
[2012/04/05 16:04:35 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010/11/20 01:25:30 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/04/08 09:27:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/04/03 10:27:18 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011/04/08 23:25:38 | 000,000,000 | R--D | M] -- C:\Users
[2012/04/05 16:04:35 | 000,000,000 | ---D | M] -- C:\Windows
[2010/11/20 00:55:56 | 000,000,000 | ---D | M] -- C:\Windows.old

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/08/29 15:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/08/29 15:03:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/08/29 15:03:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/08/29 15:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\regedit.exe
[2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe
[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/08/29 15:05:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/08/29 15:05:58 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-08 16:45:54

< End of report >

#14 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 08 April 2012 - 02:44 PM

No Problem.


Double click on the OTL icon to run it.
Copy/paste the entire contents of the codebox below into the Posted Image Box:

:otl
() (No name found) -- C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\ZUFOGUHMWK@ZUFOGUHMWK.ORG.XPI
:commands
[emptytemp]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Please post the log in your next reply.



I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are a few very good free Antivirus products which are available: Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.



I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.




Let me know if the redirections are still present
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#15 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 09 April 2012 - 08:52 AM

Used Avaste. Might try the MS one. The redirect is still there, though the behavior is a little different. After right clicking on a link and having it change to a numbered address, once I move off the link then the redirect is gone. IE still changes things to google URLs. Is that normal?


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Public
->Temp folder emptied: 0 bytes

User: rich
->Temp folder emptied: 3459 bytes
->Temporary Internet Files folder emptied: 38999458 bytes
->Java cache emptied: 157625 bytes
->FireFox cache emptied: 168728331 bytes
->Flash cache emptied: 55153 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 198.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04082012_164646

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#16 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 09 April 2012 - 10:40 AM

Hm. Looks like the Script wont work.


Double click on the OTL icon to run it.
Copy/paste the entire contents of the codebox below into the Posted Image Box:

:files
C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\ZUFOGUHMWK@ZUFOGUHMWK.ORG.XPI
:commands
[reboot]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Please post the log in your next reply.
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#17 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 09 April 2012 - 12:14 PM

Seems to have worked. Now everything redirects to the "http://www.google.com?url" addresses. The numbered addresses aren't coming up anymore.


========== FILES ==========
C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\zufoguhmwk@zufoguhmwk.org.xpi moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.2 log created on 04092012_120802

#18 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 874 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 09 April 2012 - 12:52 PM

Hy there. Could you give me a little bit more details ? I am not sure what you mean with "redirects me to" ...

What happens, when you look for something in google and then clicking on the link ?
regards, Daniel
Posted Image

Bread for the world instead bombs and bangers

I'll always help for free but if you want to support me in my fight against malware, please Posted Image

I am away from 14-16th of June !!

#19 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 09 April 2012 - 12:58 PM

If I search for "malwarebytes", the actual address that is shown in the results is www.malwarebytes.org, but if I right click and select Copy Link Location, it gives this,

http://www.google.co...MP3pO3w&cad=rja

#20 RichHeller

RichHeller

    New Member

  • Members
  • Pip
  • 29 posts

Posted 09 April 2012 - 01:00 PM

It does end up taking me to the right address if I follow the link.
Back to Resolved HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malware Removal Support
  3. Malware Removal Help
  4. Resolved HijackThis Logs
  5. Privacy Policy
  6. Terms of Use ·