Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect Virus + Ads playing in background

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 20th, 2012, 2:29 am

I seemed to have picked up a Google redirect virus and I have random ads playing in the background, although no window shows. My system restore is not working either so I am unable to restore to an earlier point. I appreciate all the help you guys have provided in the past and I hope you guys can help me once more. Here are the two DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by mike at 2:24:47 on 2012-07-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2438 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\WgaTray.exe
C:\dKEYUSBCradle\ProxyDaemon.exe
C:\WINDOWS\Explorer.EXE
C:\dKEYUSBCradle\stunnel-4.10.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\pcTrayApp.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30DFA4DE-996D-4C0C-B286-9064F8681E0B} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\uw4aeput.default\
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\mike\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 13958082;13958082 Boot Guard Driver;c:\windows\system32\drivers\13958082.sys [2011-5-12 37392]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 31952]
R1 13958081;13958081;c:\windows\system32\drivers\13958081.sys [2011-5-12 128016]
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2007-5-22 18088]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 setup_9.0.0.722_11.05.2011_11-43drv;setup_9.0.0.722_11.05.2011_11-43drv;c:\windows\system32\drivers\1395808.sys [2011-5-12 315408]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-28 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-28 41424]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-6-13 5161080]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-6-30 10384]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-7-19 361472]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-20 40776]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-28 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-4-14 14336]
S2 pcServiceHost;pcServiceHost;c:\program files\common files\motive\pcServiceHost.exe [2012-7-19 342016]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-16 250056]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 silabenm;GE Supra DisplayKey USB Cradle Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-3-10 24584]
S3 silabser;GE Supra DisplayKey USB Cradle Driver;c:\windows\system32\drivers\silabser.sys [2011-3-10 69256]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2009-5-23 247296]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2009-5-23 19200]
.
=============== Created Last 30 ================
.
2012-07-20 06:21:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-19 22:47:21 -------- d-----w- c:\program files\ATT-SST
2012-07-19 22:45:06 -------- d-----w- c:\program files\common files\Motive
2012-07-16 05:04:02 -------- d--h--w- c:\windows\PIF
2012-07-07 05:13:07 -------- d-----w- c:\documents and settings\mike\application data\DDMSettings
2012-07-05 06:19:52 -------- d-----w- c:\documents and settings\mike\local settings\application data\visi_coupon
2012-07-05 06:07:16 -------- d-----w- c:\program files\Yahoo!
2012-07-04 15:01:41 -------- d-----w- c:\documents and settings\mike\local settings\application data\Logitech® Webcam Software
2012-07-04 14:56:46 53248 ----a-r- c:\documents and settings\mike\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-07-04 14:55:25 -------- d-----w- c:\program files\common files\LWS
.
==================== Find3M ====================
.
2012-07-12 23:07:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 23:07:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-30 20:34:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-30 20:34:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD753LJ rev.1AA01110 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AA9E4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aaa593c]; MOV EAX, [0x8aaa5ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AE6DAB8]
3 CLASSPNP[0xBA118FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A4DEA78]
\Driver\atapi[0x8AD5BBB8] -> IRP_MJ_CREATE -> 0x8AA9E4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AA9E2E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 2:26:46.34 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2009 2:59:03 AM
System Uptime: 7/20/2012 2:03:33 AM (0 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R)
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2448/272mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 347.684 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&3BAAFE9&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&3BAAFE9&0&0001
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2
PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0
Service: RTL8023xp
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ABT2005\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\ABT2005\3&2411E6FE&0
Service:
.
==== System Restore Points ===================
.
RP187: 7/1/2012 3:15:18 PM - System Checkpoint
RP188: 7/2/2012 4:48:41 PM - System Checkpoint
RP189: 7/3/2012 7:38:07 PM - System Checkpoint
RP190: 7/4/2012 7:44:34 PM - System Checkpoint
RP191: 7/5/2012 8:10:20 PM - System Checkpoint
RP192: 7/6/2012 8:43:41 PM - System Checkpoint
RP193: 7/7/2012 2:29:53 AM - Restore Operation
RP194: 7/8/2012 6:29:00 PM - System Checkpoint
RP195: 7/9/2012 7:37:19 PM - System Checkpoint
RP196: 7/11/2012 5:28:31 PM - System Checkpoint
RP197: 7/12/2012 7:09:02 PM - System Checkpoint
RP198: 7/13/2012 9:19:22 PM - System Checkpoint
RP199: 7/14/2012 10:49:31 PM - System Checkpoint
RP200: 7/15/2012 11:41:10 PM - Removed Windows Live Sign-in Assistant
RP201: 7/15/2012 11:54:39 PM - Removed IEEE 802.11g USB Wireless LAN Adapter
RP202: 7/17/2012 8:32:11 AM - System Checkpoint
RP203: 7/18/2012 2:57:44 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Adobe® CreatePDF Desktop
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
ATI Display Driver
AVG 2012
Bonjour
BufferChm
CameraHelperMsi
CarbonPoker
Casino Verite Blackjack V5
CDDRV_Installer
Chinese Simplified Fonts Support For Adobe Reader 9
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
D1600
DeviceDiscovery
Diablo II
DisplayKEY USB Cradle
DivX Setup
DJ_SF_06_D1600_SW_Min
dKeyUSBCradleDriver_x86
Dota 2
Download Updater (AOL LLC)
Dragon Age: Origins
EPSON Printer Software
EPSON Scan
erLT
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19]
Full Tilt Poker
G9 Device Package
GIMP 2.6.8
GPBaseService2
Heroes of Might and Magic® III Complete
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Photo Creations
HP Play [beta]
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
iTunes
Java Auto Updater
Java(TM) 6 Update 29
JMB36X Raid Configurer
KhalInstallWrapper
Left 4 Dead
Logitech SetPoint
Logitech SetPoint 5.10
Logitech Updater
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Online III
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Might & Magic Heroes VI
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 6.0 Parser (KB927977)
MTGO Library Bot 2.46
NVIDIA PhysX
OCCT Perestroika 3.1.0
OGA Notifier 2.0.0048.0
PokerStars.net
Prototype(TM)
QuickTime
Ray Adams ATI Tray Tools
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shipstream Manager
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
SSC Service Utility v4.30
Stamps.com
Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
Stamps.com support for Microsoft Word 2000-2007
StarCraft
Status
Steam
Sun xVM VirtualBox
SUPERAntiSpyware
System Requirements Lab CYRI
The Sims™ 3
Toolbox
TrayApp
Tropico 3 1.00
Turbo Lister 2
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
VideoLAN VLC media player 0.8.4a
VNC Free Edition 4.1.3
Warcraft III
WebFldrs XP
WebReg
Windows Driver Package - GE Security (silabenm) Ports (12/10/2008 5.4.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
WinPcap 3.1
WinRAR archiver
World of Warcraft
Yahoo! Detect
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
7/20/2012 2:15:09 AM, error: Service Control Manager [7034] - The pcServiceHost service terminated unexpectedly. It has done this 1 time(s).
7/20/2012 2:00:44 AM, error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
7/19/2012 6:33:39 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{30DFA4DE-996D-4C0C-B286-9064F8681E0B} because another computer on the network has the same name. The server could not start.
7/18/2012 5:30:16 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/18/2012 3:30:09 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/18/2012 2:30:05 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/18/2012 2:00:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/18/2012 12:08:23 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/15/2012 11:31:20 PM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 00508DBBD0F2 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
7/14/2012 2:04:15 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/14/2012 2:03:40 PM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
7/14/2012 2:03:40 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
7/14/2012 11:52:41 PM, error: JRAID [9] - The device, \Device\Scsi\JRAID1, did not respond within the timeout period.
7/13/2012 9:43:07 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/13/2012 9:42:56 AM, error: Service Control Manager [7034] - The DisplayKey Sync Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am
Advertisement
Register to Remove

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 21st, 2012, 7:28 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


====================================================


aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it
  • Click NO to the prompt to download Avast! virus definitions.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 21st, 2012, 8:52 pm

Hi Melboy, thanks for the reply. Here is the aswMBR.txt logs:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-21 20:49:25
-----------------------------
20:49:25.671 OS Version: Windows 5.1.2600 Service Pack 3
20:49:25.671 Number of processors: 4 586 0xF0B
20:49:25.671 ComputerName: ---------- UserName: mike
20:49:27.890 Initialize success
20:49:35.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
20:49:35.906 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01110 Size: 715404MB BusType: 3
20:49:35.906 Device \Driver\atapi -> DriverStartIo 8aa702e2
20:49:35.921 Disk 0 MBR read successfully
20:49:35.921 Disk 0 MBR scan
20:49:35.921 Disk 0 Windows XP default MBR code
20:49:35.937 Disk 0 MBR hidden
20:49:35.937 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 715394 MB offset 63
20:49:35.953 Disk 0 scanning sectors +1465128000
20:49:36.015 Disk 0 scanning C:\WINDOWS\system32\drivers
20:49:46.328 Service scanning
20:49:47.765 Service ALLOW-IO D:\ALLOW-IO.sys **LOCKED** 21
20:49:59.703 Modules scanning
20:50:09.578 Disk 0 trace - called modules:
20:50:09.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8aa704b1]<<
20:50:09.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae52ab8]
20:50:09.578 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> [0x8a41faf0]
20:50:09.578 \Driver\atapi[0x8ad54ac0] -> IRP_MJ_CREATE -> 0x8aa704b1
20:50:09.578 Scan finished successfully
20:50:47.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mike\Desktop\Logs\MBR.dat"
20:50:47.953 The log file has been saved successfully to "C:\Documents and Settings\mike\Desktop\Logs\aswMBR 7-20-2012.txt"
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 22nd, 2012, 4:40 am

Hi


TDSSKiller

Download tdsskiller.exe and save it to your desktop

  • Double click TDSSKiller.exe to run it.
  • Click Change parameters
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 22nd, 2012, 12:50 pm

Here are the two log files. TDSKiller did detect a Malicious object, a rootkit, that it cured. Malwarebytes didn't detect any malicious objects.


12:36:01.0390 1112 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
12:36:01.0937 1112 ============================================================
12:36:01.0937 1112 Current date / time: 2012/07/22 12:36:01.0937
12:36:01.0937 1112 SystemInfo:
12:36:01.0937 1112
12:36:01.0937 1112 OS Version: 5.1.2600 ServicePack: 3.0
12:36:01.0937 1112 Product type: Workstation
12:36:01.0937 1112 ComputerName: ----------
12:36:01.0937 1112 UserName: mike
12:36:01.0937 1112 Windows directory: C:\WINDOWS
12:36:01.0937 1112 System windows directory: C:\WINDOWS
12:36:01.0937 1112 Processor architecture: Intel x86
12:36:01.0937 1112 Number of processors: 4
12:36:01.0937 1112 Page size: 0x1000
12:36:01.0937 1112 Boot type: Normal boot
12:36:01.0937 1112 ============================================================
12:36:03.0828 1112 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:36:03.0828 1112 ============================================================
12:36:03.0828 1112 \Device\Harddisk0\DR0:
12:36:03.0828 1112 MBR partitions:
12:36:03.0828 1112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
12:36:03.0828 1112 ============================================================
12:36:03.0859 1112 C: <-> \Device\Harddisk0\DR0\Partition0
12:36:03.0859 1112 ============================================================
12:36:03.0859 1112 Initialize success
12:36:03.0859 1112 ============================================================
12:36:40.0218 4092 ============================================================
12:36:40.0218 4092 Scan started
12:36:40.0218 4092 Mode: Manual; SigCheck;
12:36:40.0218 4092 ============================================================
12:36:40.0421 4092 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:36:40.0500 4092 !SASCORE - ok
12:36:40.0625 4092 13958081 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\13958081.sys
12:36:40.0671 4092 13958081 - ok
12:36:40.0703 4092 13958082 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\13958082.sys
12:36:40.0718 4092 13958082 - ok
12:36:40.0718 4092 Abiosdsk - ok
12:36:40.0718 4092 abp480n5 - ok
12:36:40.0750 4092 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:36:42.0250 4092 ACPI - ok
12:36:42.0281 4092 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:36:42.0359 4092 ACPIEC - ok
12:36:42.0421 4092 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:36:42.0437 4092 AdobeFlashPlayerUpdateSvc - ok
12:36:42.0437 4092 adpu160m - ok
12:36:42.0468 4092 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:36:42.0562 4092 aec - ok
12:36:42.0609 4092 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
12:36:42.0671 4092 AFD - ok
12:36:42.0671 4092 Aha154x - ok
12:36:42.0687 4092 aic78u2 - ok
12:36:42.0687 4092 aic78xx - ok
12:36:42.0703 4092 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:36:42.0812 4092 Alerter - ok
12:36:42.0843 4092 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:36:42.0875 4092 ALG - ok
12:36:42.0890 4092 AliIde - ok
12:36:42.0890 4092 ALLOW-IO - ok
12:36:42.0890 4092 amsint - ok
12:36:42.0968 4092 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:36:42.0968 4092 Apple Mobile Device - ok
12:36:43.0000 4092 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:36:43.0046 4092 AppMgmt - ok
12:36:43.0062 4092 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:36:43.0156 4092 Arp1394 - ok
12:36:43.0156 4092 asc - ok
12:36:43.0156 4092 asc3350p - ok
12:36:43.0156 4092 asc3550 - ok
12:36:43.0234 4092 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:36:43.0250 4092 aspnet_state - ok
12:36:43.0281 4092 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:36:43.0359 4092 AsyncMac - ok
12:36:43.0375 4092 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:36:43.0453 4092 atapi - ok
12:36:43.0453 4092 Atdisk - ok
12:36:43.0500 4092 Ati HotKey Poller (d5406ad4263487bd6c6b2d7735b095bc) C:\WINDOWS\system32\Ati2evxx.exe
12:36:43.0531 4092 Ati HotKey Poller - ok
12:36:43.0578 4092 ATI Smart (c9bf3114b6fdb46e01ca55d0336cde88) C:\WINDOWS\system32\ati2sgag.exe
12:36:43.0625 4092 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
12:36:43.0625 4092 ATI Smart - detected UnsignedFile.Multi.Generic (1)
12:36:43.0796 4092 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:36:43.0875 4092 ati2mtag - ok
12:36:44.0000 4092 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
12:36:44.0000 4092 ATITool ( UnsignedFile.Multi.Generic ) - warning
12:36:44.0000 4092 ATITool - detected UnsignedFile.Multi.Generic (1)
12:36:44.0078 4092 atitray (f46afb51f1a1cb8c7ecd85533ca839fe) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
12:36:44.0078 4092 atitray ( UnsignedFile.Multi.Generic ) - warning
12:36:44.0078 4092 atitray - detected UnsignedFile.Multi.Generic (1)
12:36:44.0093 4092 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:36:44.0171 4092 Atmarpc - ok
12:36:44.0218 4092 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:36:44.0296 4092 AudioSrv - ok
12:36:44.0312 4092 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:36:44.0390 4092 audstub - ok
12:36:44.0687 4092 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
12:36:44.0812 4092 AVGIDSAgent - ok
12:36:44.0875 4092 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
12:36:44.0875 4092 AVGIDSDriver - ok
12:36:44.0890 4092 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
12:36:44.0906 4092 AVGIDSFilter - ok
12:36:44.0921 4092 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
12:36:44.0937 4092 AVGIDSHX - ok
12:36:44.0937 4092 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
12:36:44.0953 4092 AVGIDSShim - ok
12:36:44.0968 4092 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:36:44.0968 4092 Avgldx86 - ok
12:36:44.0984 4092 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:36:44.0984 4092 Avgmfx86 - ok
12:36:44.0984 4092 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:36:45.0000 4092 Avgrkx86 - ok
12:36:45.0015 4092 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:36:45.0031 4092 Avgtdix - ok
12:36:45.0062 4092 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
12:36:45.0078 4092 avgwd - ok
12:36:45.0156 4092 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:36:45.0312 4092 Beep - ok
12:36:45.0515 4092 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:36:45.0765 4092 BITS - ok
12:36:45.0875 4092 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:36:45.0890 4092 Bonjour Service - ok
12:36:45.0937 4092 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:36:46.0046 4092 Browser - ok
12:36:46.0078 4092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:36:46.0156 4092 cbidf2k - ok
12:36:46.0218 4092 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:36:46.0312 4092 CCDECODE - ok
12:36:46.0312 4092 cd20xrnt - ok
12:36:46.0328 4092 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:36:46.0406 4092 Cdaudio - ok
12:36:46.0453 4092 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:36:46.0546 4092 Cdfs - ok
12:36:46.0609 4092 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:36:46.0703 4092 Cdrom - ok
12:36:46.0703 4092 Changer - ok
12:36:46.0718 4092 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:36:46.0828 4092 CiSvc - ok
12:36:46.0828 4092 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:36:46.0906 4092 ClipSrv - ok
12:36:47.0031 4092 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:47.0109 4092 clr_optimization_v2.0.50727_32 - ok
12:36:47.0109 4092 CmdIde - ok
12:36:47.0109 4092 COMSysApp - ok
12:36:47.0109 4092 Cpqarray - ok
12:36:47.0187 4092 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:36:47.0281 4092 CryptSvc - ok
12:36:47.0281 4092 dac2w2k - ok
12:36:47.0281 4092 dac960nt - ok
12:36:47.0390 4092 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
12:36:47.0406 4092 DAUpdaterSvc - ok
12:36:47.0750 4092 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:36:47.0875 4092 DcomLaunch - ok
12:36:47.0906 4092 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:36:48.0015 4092 Dhcp - ok
12:36:48.0250 4092 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:36:48.0375 4092 Disk - ok
12:36:48.0531 4092 dKeySync (aeeee0bdb4d83596fbcf1810f6eacbdc) C:\dKEYUSBCradle\SyncService.exe
12:36:48.0578 4092 dKeySync ( UnsignedFile.Multi.Generic ) - warning
12:36:48.0578 4092 dKeySync - detected UnsignedFile.Multi.Generic (1)
12:36:48.0578 4092 dmadmin - ok
12:36:48.0671 4092 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:36:48.0781 4092 dmboot - ok
12:36:48.0828 4092 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:36:48.0906 4092 dmio - ok
12:36:48.0921 4092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:36:49.0015 4092 dmload - ok
12:36:49.0078 4092 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:36:49.0171 4092 dmserver - ok
12:36:49.0234 4092 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:36:49.0312 4092 DMusic - ok
12:36:49.0437 4092 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:36:49.0531 4092 Dnscache - ok
12:36:49.0562 4092 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:36:49.0640 4092 Dot3svc - ok
12:36:49.0656 4092 dpti2o - ok
12:36:49.0656 4092 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:36:49.0734 4092 drmkaud - ok
12:36:49.0906 4092 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
12:36:49.0937 4092 dtscsi - ok
12:36:49.0953 4092 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:36:50.0031 4092 EapHost - ok
12:36:50.0109 4092 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:36:50.0859 4092 ERSvc - ok
12:36:50.0921 4092 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:36:50.0984 4092 Eventlog - ok
12:36:51.0046 4092 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:36:51.0125 4092 EventSystem - ok
12:36:51.0187 4092 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:36:51.0265 4092 Fastfat - ok
12:36:51.0312 4092 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:36:51.0453 4092 FastUserSwitchingCompatibility - ok
12:36:51.0468 4092 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:36:51.0546 4092 Fdc - ok
12:36:51.0593 4092 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:36:51.0687 4092 Fips - ok
12:36:51.0750 4092 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:36:51.0828 4092 Flpydisk - ok
12:36:51.0906 4092 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:36:51.0984 4092 FltMgr - ok
12:36:52.0093 4092 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:36:52.0109 4092 FontCache3.0.0.0 - ok
12:36:52.0203 4092 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:36:52.0296 4092 Fs_Rec - ok
12:36:52.0312 4092 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:36:52.0437 4092 Ftdisk - ok
12:36:52.0515 4092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:36:52.0531 4092 GEARAspiWDM - ok
12:36:52.0609 4092 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
12:36:52.0609 4092 giveio ( UnsignedFile.Multi.Generic ) - warning
12:36:52.0609 4092 giveio - detected UnsignedFile.Multi.Generic (1)
12:36:52.0640 4092 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:36:52.0734 4092 Gpc - ok
12:36:52.0890 4092 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:36:52.0968 4092 HDAudBus - ok
12:36:53.0000 4092 helpsvc - ok
12:36:53.0156 4092 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:36:53.0265 4092 HidServ - ok
12:36:53.0312 4092 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:36:53.0406 4092 HidUsb - ok
12:36:53.0437 4092 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:36:53.0515 4092 hkmsvc - ok
12:36:53.0515 4092 hpn - ok
12:36:53.0703 4092 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:36:53.0718 4092 hpqcxs08 - ok
12:36:53.0750 4092 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:36:53.0765 4092 hpqddsvc - ok
12:36:53.0796 4092 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:36:53.0968 4092 HPZid412 - ok
12:36:54.0015 4092 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:36:54.0031 4092 HPZipr12 - ok
12:36:54.0062 4092 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:36:54.0093 4092 HPZius12 - ok
12:36:54.0171 4092 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:54.0218 4092 HTTP - ok
12:36:54.0234 4092 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:36:54.0359 4092 HTTPFilter - ok
12:36:54.0359 4092 i2omgmt - ok
12:36:54.0359 4092 i2omp - ok
12:36:54.0390 4092 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:54.0484 4092 i8042prt - ok
12:36:54.0609 4092 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:36:54.0656 4092 idsvc - ok
12:36:54.0687 4092 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:36:54.0781 4092 Imapi - ok
12:36:54.0812 4092 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:36:54.0906 4092 ImapiService - ok
12:36:54.0906 4092 ini910u - ok
12:36:55.0281 4092 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:36:55.0406 4092 IntcAzAudAddService - ok
12:36:55.0515 4092 IntelIde - ok
12:36:55.0562 4092 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:36:55.0640 4092 intelppm - ok
12:36:55.0656 4092 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:36:55.0765 4092 Ip6Fw - ok
12:36:55.0781 4092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:36:55.0859 4092 IpFilterDriver - ok
12:36:55.0875 4092 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:36:55.0953 4092 IpInIp - ok
12:36:55.0968 4092 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:36:56.0062 4092 IpNat - ok
12:36:56.0187 4092 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:36:56.0218 4092 iPod Service - ok
12:36:56.0265 4092 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:36:56.0375 4092 IPSec - ok
12:36:56.0406 4092 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:36:56.0453 4092 IRENUM - ok
12:36:56.0625 4092 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:36:56.0734 4092 isapnp - ok
12:36:56.0734 4092 itlperf - ok
12:36:57.0312 4092 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
12:36:57.0312 4092 JavaQuickStarterService - ok
12:36:57.0359 4092 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys
12:36:57.0390 4092 JRAID - ok
12:36:57.0437 4092 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:36:57.0515 4092 Kbdclass - ok
12:36:57.0531 4092 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:36:57.0609 4092 kbdhid - ok
12:36:57.0656 4092 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:36:57.0734 4092 kmixer - ok
12:36:57.0750 4092 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:36:57.0843 4092 KSecDD - ok
12:36:57.0968 4092 L8042Kbd (dc61f15187372d164769c841655e58f3) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
12:36:57.0984 4092 L8042Kbd - ok
12:36:58.0078 4092 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
12:36:58.0093 4092 L8042mou - ok
12:36:58.0281 4092 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:36:58.0343 4092 LanmanServer - ok
12:36:58.0468 4092 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:36:58.0546 4092 lanmanworkstation - ok
12:36:58.0609 4092 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
12:36:58.0609 4092 LBeepKE - ok
12:36:58.0609 4092 lbrtfdc - ok
12:36:59.0156 4092 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
12:36:59.0171 4092 LBTServ - ok
12:36:59.0359 4092 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:36:59.0375 4092 LHidFilt - ok
12:36:59.0453 4092 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:36:59.0562 4092 LmHosts - ok
12:36:59.0640 4092 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:36:59.0656 4092 LMouFilt - ok
12:36:59.0734 4092 LMouKE (58597a99792461e89bb5c44e17508d70) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:36:59.0750 4092 LMouKE - ok
12:36:59.0937 4092 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\WINDOWS\system32\DRIVERS\lvrs.sys
12:36:59.0937 4092 LVRS - ok
12:37:00.0765 4092 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
12:37:01.0031 4092 LVUVC - ok
12:37:01.0156 4092 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:37:01.0265 4092 Messenger - ok
12:37:01.0296 4092 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:37:01.0375 4092 mnmdd - ok
12:37:01.0437 4092 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:37:01.0515 4092 mnmsrvc - ok
12:37:01.0546 4092 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:37:01.0640 4092 Modem - ok
12:37:01.0656 4092 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:37:01.0750 4092 Mouclass - ok
12:37:01.0781 4092 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:37:01.0875 4092 mouhid - ok
12:37:01.0921 4092 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:37:02.0000 4092 MountMgr - ok
12:37:02.0078 4092 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:37:02.0093 4092 MozillaMaintenance - ok
12:37:02.0093 4092 mraid35x - ok
12:37:02.0203 4092 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
12:37:02.0203 4092 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
12:37:02.0203 4092 MREMP50 - detected UnsignedFile.Multi.Generic (1)
12:37:02.0203 4092 MREMPR5 - ok
12:37:02.0203 4092 MRENDIS5 - ok
12:37:02.0250 4092 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
12:37:02.0296 4092 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
12:37:02.0296 4092 MRESP50 - detected UnsignedFile.Multi.Generic (1)
12:37:02.0312 4092 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:37:02.0421 4092 MRxDAV - ok
12:37:02.0500 4092 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:37:02.0562 4092 MRxSmb - ok
12:37:02.0578 4092 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:37:02.0671 4092 MSDTC - ok
12:37:02.0671 4092 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:37:02.0765 4092 Msfs - ok
12:37:02.0765 4092 MSIServer - ok
12:37:02.0781 4092 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:37:02.0875 4092 MSKSSRV - ok
12:37:02.0875 4092 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:37:02.0984 4092 MSPCLOCK - ok
12:37:03.0000 4092 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:37:03.0125 4092 MSPQM - ok
12:37:03.0203 4092 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:37:03.0718 4092 mssmbios - ok
12:37:03.0781 4092 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:37:03.0875 4092 MSTEE - ok
12:37:04.0156 4092 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
12:37:04.0234 4092 Mup - ok
12:37:04.0250 4092 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:37:04.0359 4092 NABTSFEC - ok
12:37:04.0562 4092 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:37:04.0687 4092 napagent - ok
12:37:05.0046 4092 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:37:05.0140 4092 NDIS - ok
12:37:05.0203 4092 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:37:05.0296 4092 NdisIP - ok
12:37:05.0328 4092 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:37:05.0453 4092 NdisTapi - ok
12:37:05.0500 4092 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:37:05.0593 4092 Ndisuio - ok
12:37:05.0640 4092 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:37:05.0765 4092 NdisWan - ok
12:37:05.0828 4092 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:37:05.0875 4092 NDProxy - ok
12:37:05.0906 4092 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
12:37:05.0968 4092 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:37:05.0968 4092 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:37:06.0000 4092 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:37:06.0125 4092 NetBIOS - ok
12:37:06.0234 4092 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:37:06.0375 4092 NetBT - ok
12:37:06.0421 4092 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:37:06.0562 4092 NetDDE - ok
12:37:06.0562 4092 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:37:06.0671 4092 NetDDEdsdm - ok
12:37:06.0718 4092 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:37:06.0843 4092 Netlogon - ok
12:37:06.0875 4092 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:37:07.0000 4092 Netman - ok
12:37:07.0125 4092 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:37:07.0140 4092 NetTcpPortSharing - ok
12:37:07.0218 4092 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:37:07.0359 4092 NIC1394 - ok
12:37:07.0484 4092 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:37:07.0500 4092 Nla - ok
12:37:07.0531 4092 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
12:37:07.0640 4092 nm - ok
12:37:07.0687 4092 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
12:37:07.0687 4092 NPF ( UnsignedFile.Multi.Generic ) - warning
12:37:07.0687 4092 NPF - detected UnsignedFile.Multi.Generic (1)
12:37:07.0703 4092 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:37:07.0968 4092 Npfs - ok
12:37:08.0000 4092 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:37:08.0140 4092 Ntfs - ok
12:37:08.0234 4092 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:37:08.0328 4092 NtLmSsp - ok
12:37:08.0375 4092 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:37:08.0500 4092 NtmsSvc - ok
12:37:08.0562 4092 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:37:08.0671 4092 Null - ok
12:37:08.0687 4092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:37:08.0812 4092 NwlnkFlt - ok
12:37:08.0828 4092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:37:08.0937 4092 NwlnkFwd - ok
12:37:08.0953 4092 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:37:09.0078 4092 ohci1394 - ok
12:37:09.0093 4092 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:37:09.0218 4092 Parport - ok
12:37:09.0218 4092 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:37:09.0328 4092 PartMgr - ok
12:37:09.0343 4092 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:37:09.0453 4092 ParVdm - ok
12:37:09.0453 4092 PCAMPR5 - ok
12:37:09.0656 4092 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files\Common Files\Motive\pcCMService.exe
12:37:09.0734 4092 pcCMService ( UnsignedFile.Multi.Generic ) - warning
12:37:09.0734 4092 pcCMService - detected UnsignedFile.Multi.Generic (1)
12:37:09.0765 4092 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:37:09.0890 4092 PCI - ok
12:37:09.0890 4092 PCIDump - ok
12:37:09.0890 4092 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:37:10.0000 4092 PCIIde - ok
12:37:10.0015 4092 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:37:10.0125 4092 Pcmcia - ok
12:37:10.0171 4092 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files\Common Files\Motive\pcServiceHost.exe
12:37:10.0187 4092 pcServiceHost ( UnsignedFile.Multi.Generic ) - warning
12:37:10.0187 4092 pcServiceHost - detected UnsignedFile.Multi.Generic (1)
12:37:10.0187 4092 PDCOMP - ok
12:37:10.0187 4092 PDFRAME - ok
12:37:10.0187 4092 PDRELI - ok
12:37:10.0187 4092 PDRFRAME - ok
12:37:10.0187 4092 perc2 - ok
12:37:10.0203 4092 perc2hib - ok
12:37:10.0218 4092 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:37:10.0234 4092 PlugPlay - ok
12:37:10.0281 4092 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
12:37:10.0296 4092 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:37:10.0296 4092 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:37:10.0312 4092 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:37:10.0406 4092 PolicyAgent - ok
12:37:10.0437 4092 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:37:10.0531 4092 PptpMiniport - ok
12:37:10.0531 4092 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:37:10.0640 4092 ProtectedStorage - ok
12:37:10.0656 4092 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:37:10.0781 4092 PSched - ok
12:37:10.0796 4092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:37:10.0890 4092 Ptilink - ok
12:37:10.0906 4092 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:37:10.0921 4092 PxHelp20 - ok
12:37:10.0921 4092 ql1080 - ok
12:37:10.0921 4092 Ql10wnt - ok
12:37:10.0921 4092 ql12160 - ok
12:37:10.0921 4092 ql1240 - ok
12:37:10.0921 4092 ql1280 - ok
12:37:10.0953 4092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:37:11.0046 4092 RasAcd - ok
12:37:11.0078 4092 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:37:11.0187 4092 RasAuto - ok
12:37:11.0203 4092 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:37:11.0296 4092 Rasl2tp - ok
12:37:11.0328 4092 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:37:11.0421 4092 RasMan - ok
12:37:11.0437 4092 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:37:11.0562 4092 RasPppoe - ok
12:37:11.0578 4092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:37:11.0656 4092 Raspti - ok
12:37:11.0687 4092 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:37:11.0781 4092 Rdbss - ok
12:37:11.0781 4092 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:37:11.0875 4092 RDPCDD - ok
12:37:11.0906 4092 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:37:12.0000 4092 rdpdr - ok
12:37:12.0015 4092 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
12:37:12.0109 4092 RDPWD - ok
12:37:12.0140 4092 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:37:12.0234 4092 RDSessMgr - ok
12:37:12.0250 4092 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:37:12.0343 4092 redbook - ok
12:37:12.0375 4092 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:37:12.0468 4092 RemoteAccess - ok
12:37:12.0500 4092 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:37:12.0593 4092 RemoteRegistry - ok
12:37:12.0656 4092 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
12:37:12.0687 4092 rpcapd ( UnsignedFile.Multi.Generic ) - warning
12:37:12.0687 4092 rpcapd - detected UnsignedFile.Multi.Generic (1)
12:37:12.0718 4092 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:37:12.0796 4092 RpcLocator - ok
12:37:12.0843 4092 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:37:12.0859 4092 RpcSs - ok
12:37:12.0859 4092 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:37:12.0968 4092 RSVP - ok
12:37:12.0984 4092 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:37:13.0046 4092 RTL8023xp - ok
12:37:13.0062 4092 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:37:13.0156 4092 SamSs - ok
12:37:13.0203 4092 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:37:13.0203 4092 SASDIFSV - ok
12:37:13.0218 4092 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:37:13.0218 4092 SASKUTIL - ok
12:37:13.0234 4092 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:37:13.0328 4092 SCardSvr - ok
12:37:13.0375 4092 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:37:13.0453 4092 Schedule - ok
12:37:13.0484 4092 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:37:13.0531 4092 Secdrv - ok
12:37:13.0562 4092 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:37:13.0656 4092 seclogon - ok
12:37:13.0687 4092 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
12:37:13.0765 4092 SENS - ok
12:37:13.0781 4092 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:37:13.0875 4092 Serial - ok
12:37:13.0921 4092 setup_9.0.0.722_11.05.2011_11-43drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\1395808.sys
12:37:13.0937 4092 setup_9.0.0.722_11.05.2011_11-43drv - ok
12:37:13.0953 4092 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:37:14.0046 4092 Sfloppy - ok
12:37:14.0109 4092 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:37:14.0187 4092 SharedAccess - ok
12:37:14.0234 4092 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:37:14.0250 4092 ShellHWDetection - ok
12:37:14.0281 4092 silabenm (8f3f406f7212a929d22751218305a13a) C:\WINDOWS\system32\DRIVERS\silabenm.sys
12:37:14.0281 4092 silabenm - ok
12:37:14.0296 4092 silabser (0c6876192fb8a1e26edbf4903b5c052c) C:\WINDOWS\system32\DRIVERS\silabser.sys
12:37:14.0296 4092 silabser - ok
12:37:14.0296 4092 Simbad - ok
12:37:14.0390 4092 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
12:37:14.0406 4092 SkypeUpdate - ok
12:37:14.0437 4092 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:37:14.0515 4092 SLIP - ok
12:37:14.0531 4092 Sparrow - ok
12:37:14.0562 4092 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:37:14.0640 4092 splitter - ok
12:37:14.0687 4092 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:37:14.0703 4092 Spooler - ok
12:37:14.0765 4092 sptd (6797fa15ddc3beedda91592869c46212) C:\WINDOWS\System32\Drivers\sptd.sys
12:37:14.0812 4092 sptd ( UnsignedFile.Multi.Generic ) - warning
12:37:14.0812 4092 sptd - detected UnsignedFile.Multi.Generic (1)
12:37:14.0843 4092 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:37:14.0890 4092 Sr - ok
12:37:14.0921 4092 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:37:14.0968 4092 srservice - ok
12:37:15.0015 4092 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:37:15.0062 4092 Srv - ok
12:37:15.0078 4092 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:37:15.0125 4092 SSDPSRV - ok
12:37:15.0171 4092 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:37:15.0265 4092 stisvc - ok
12:37:15.0265 4092 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:37:15.0359 4092 streamip - ok
12:37:15.0375 4092 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:37:15.0468 4092 swenum - ok
12:37:15.0484 4092 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:37:15.0578 4092 swmidi - ok
12:37:15.0578 4092 SwPrv - ok
12:37:15.0578 4092 symc810 - ok
12:37:15.0593 4092 symc8xx - ok
12:37:15.0593 4092 sym_hi - ok
12:37:15.0593 4092 sym_u3 - ok
12:37:15.0609 4092 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:37:15.0703 4092 sysaudio - ok
12:37:15.0734 4092 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:37:15.0828 4092 SysmonLog - ok
12:37:15.0859 4092 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:37:15.0953 4092 TapiSrv - ok
12:37:15.0984 4092 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:37:16.0000 4092 Tcpip - ok
12:37:16.0046 4092 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:37:16.0125 4092 TDPIPE - ok
12:37:16.0140 4092 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:37:16.0218 4092 TDTCP - ok
12:37:16.0250 4092 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:37:16.0343 4092 TermDD - ok
12:37:16.0375 4092 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:37:16.0468 4092 TermService - ok
12:37:16.0515 4092 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:37:16.0531 4092 Themes - ok
12:37:16.0562 4092 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:37:16.0609 4092 TlntSvr - ok
12:37:16.0609 4092 TosIde - ok
12:37:16.0625 4092 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:37:16.0718 4092 TrkWks - ok
12:37:16.0750 4092 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:37:16.0828 4092 Udfs - ok
12:37:16.0843 4092 ultra - ok
12:37:16.0968 4092 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:37:16.0984 4092 UMVPFSrv - ok
12:37:17.0031 4092 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:37:17.0125 4092 Update - ok
12:37:17.0140 4092 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:37:17.0203 4092 upnphost - ok
12:37:17.0218 4092 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:37:17.0296 4092 UPS - ok
12:37:17.0328 4092 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:37:17.0375 4092 USBAAPL - ok
12:37:17.0406 4092 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:37:17.0500 4092 usbaudio - ok
12:37:17.0531 4092 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:37:17.0625 4092 usbccgp - ok
12:37:17.0656 4092 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:37:17.0734 4092 usbehci - ok
12:37:17.0734 4092 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:37:17.0812 4092 usbhub - ok
12:37:17.0843 4092 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:37:17.0937 4092 usbprint - ok
12:37:17.0968 4092 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:37:18.0046 4092 usbscan - ok
12:37:18.0078 4092 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:37:18.0171 4092 USBSTOR - ok
12:37:18.0187 4092 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:37:18.0296 4092 usbuhci - ok
12:37:18.0328 4092 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:37:18.0421 4092 usbvideo - ok
12:37:18.0468 4092 VBoxDrv (780f3e9d539249a7858d4d2d7fa75405) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
12:37:18.0484 4092 VBoxDrv - ok
12:37:18.0500 4092 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
12:37:18.0500 4092 VBoxNetAdp - ok
12:37:18.0515 4092 VBoxNetFlt (9b571ae5e214b40ca0d6480771e99a0d) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
12:37:18.0531 4092 VBoxNetFlt - ok
12:37:18.0531 4092 VBoxUSBMon (ef5ab4110f0e50711666d6d5c9511698) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
12:37:18.0546 4092 VBoxUSBMon - ok
12:37:18.0546 4092 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:37:18.0640 4092 VgaSave - ok
12:37:18.0640 4092 ViaIde - ok
12:37:18.0671 4092 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
12:37:18.0687 4092 vmm - ok
12:37:18.0703 4092 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:37:18.0796 4092 VolSnap - ok
12:37:18.0812 4092 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
12:37:18.0828 4092 VPCNetS2 - ok
12:37:18.0843 4092 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:37:18.0906 4092 VSS - ok
12:37:18.0937 4092 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:37:19.0046 4092 W32Time - ok
12:37:19.0062 4092 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:37:19.0156 4092 Wanarp - ok
12:37:19.0203 4092 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:37:19.0218 4092 Wdf01000 - ok
12:37:19.0218 4092 WDICA - ok
12:37:19.0265 4092 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:37:19.0328 4092 wdmaud - ok
12:37:19.0359 4092 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:37:19.0453 4092 WebClient - ok
12:37:19.0531 4092 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:37:19.0625 4092 winmgmt - ok
12:37:19.0687 4092 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
12:37:19.0703 4092 WinVNC4 - ok
12:37:19.0750 4092 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
12:37:19.0781 4092 WmdmPmSN - ok
12:37:19.0843 4092 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:37:19.0875 4092 Wmi - ok
12:37:19.0875 4092 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:37:19.0968 4092 WmiApSrv - ok
12:37:20.0062 4092 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:37:20.0093 4092 WMPNetworkSvc - ok
12:37:20.0140 4092 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:37:20.0218 4092 wscsvc - ok
12:37:20.0281 4092 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:37:20.0375 4092 WSTCODEC - ok
12:37:20.0390 4092 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:37:20.0406 4092 WudfPf - ok
12:37:20.0421 4092 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:37:20.0437 4092 WudfRd - ok
12:37:20.0437 4092 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:37:20.0484 4092 WudfSvc - ok
12:37:20.0531 4092 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:37:20.0625 4092 WZCSVC - ok
12:37:20.0687 4092 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:37:20.0796 4092 xmlprov - ok
12:37:20.0828 4092 ZD1211U(WLAN) (7597e0c770bd8ce1beb552b0a756bdb7) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
12:37:20.0843 4092 ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - warning
12:37:20.0843 4092 ZD1211U(WLAN) - detected UnsignedFile.Multi.Generic (1)
12:37:20.0859 4092 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS
12:37:20.0859 4092 ZDBRGSYS ( UnsignedFile.Multi.Generic ) - warning
12:37:20.0859 4092 ZDBRGSYS - detected UnsignedFile.Multi.Generic (1)
12:37:20.0875 4092 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
12:37:20.0890 4092 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - warning
12:37:20.0890 4092 ZDPNDIS5 - detected UnsignedFile.Multi.Generic (1)
12:37:20.0890 4092 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:37:20.0921 4092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:37:20.0921 4092 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:37:20.0921 4092 Boot (0x1200) (a239b2d0b42108888cad8e80b7cbc49a) \Device\Harddisk0\DR0\Partition0
12:37:20.0921 4092 \Device\Harddisk0\DR0\Partition0 - ok
12:37:20.0921 4092 ============================================================
12:37:20.0921 4092 Scan finished
12:37:20.0921 4092 ============================================================
12:37:21.0031 3500 Detected object count: 18
12:37:21.0031 3500 Actual detected object count: 18
12:37:53.0375 3500 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 atitray ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 atitray ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 dKeySync ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 dKeySync ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0375 3500 NPF ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0375 3500 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 rpcapd ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 rpcapd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 sptd ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 sptd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 ZDBRGSYS ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 ZDBRGSYS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0390 3500 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:53.0390 3500 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:53.0968 3500 \Device\Harddisk0\DR0\# - copied to quarantine
12:37:53.0984 3500 \Device\Harddisk0\DR0 - copied to quarantine
12:37:54.0000 3500 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:37:54.0000 3500 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:37:54.0015 3500 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:37:54.0015 3500 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:37:54.0031 3500 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:37:54.0046 3500 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:37:54.0109 3500 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:37:54.0109 3500 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:37:54.0109 3500 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:37:54.0125 3500 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:37:54.0125 3500 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:37:54.0125 3500 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:37:54.0125 3500 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:37:54.0125 3500 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:37:54.0125 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:37:54.0125 3500 \Device\Harddisk0\DR0 - ok
12:37:59.0687 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:38:02.0296 1104 Deinitialize success



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mike :: ---------- [administrator]

7/22/2012 12:41:55 PM
mbam-log-2012-07-22 (12-41-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210059
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 22nd, 2012, 1:09 pm

Hi

Run TDSSKiller again, only slightly differently this time. We want to delete the TDLFS file system. Also let me know how the computer is running now.


TDSSKiller

  • Double click TDSSKiller.exe to run it.
  • Click Change parameters
  • Under Additional Options check Detect TDLFS file system
  • Ensure Verify file digital signatures is unchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If TDLFS file system is detected, the default action will be Skip, Change to Delete & then click Continue

    DO NOT change the default actions other than for the TDLFS file system.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 22nd, 2012, 1:16 pm

Here is the TDSS log file. This time around it only detected one suspicious object, which it skipped. Let me reboot my computer to see if the ads still play in the background, I found that if I open up the task manager and end a svchost.exe process the ads stop playing.

13:13:16.0250 1340 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
13:13:16.0562 1340 ============================================================
13:13:16.0562 1340 Current date / time: 2012/07/22 13:13:16.0562
13:13:16.0562 1340 SystemInfo:
13:13:16.0562 1340
13:13:16.0562 1340 OS Version: 5.1.2600 ServicePack: 3.0
13:13:16.0562 1340 Product type: Workstation
13:13:16.0562 1340 ComputerName: ----------
13:13:16.0562 1340 UserName: mike
13:13:16.0562 1340 Windows directory: C:\WINDOWS
13:13:16.0562 1340 System windows directory: C:\WINDOWS
13:13:16.0562 1340 Processor architecture: Intel x86
13:13:16.0562 1340 Number of processors: 4
13:13:16.0562 1340 Page size: 0x1000
13:13:16.0562 1340 Boot type: Normal boot
13:13:16.0562 1340 ============================================================
13:13:18.0578 1340 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:13:18.0593 1340 ============================================================
13:13:18.0593 1340 \Device\Harddisk0\DR0:
13:13:18.0593 1340 MBR partitions:
13:13:18.0593 1340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
13:13:18.0593 1340 ============================================================
13:13:18.0625 1340 C: <-> \Device\Harddisk0\DR0\Partition0
13:13:18.0625 1340 ============================================================
13:13:18.0625 1340 Initialize success
13:13:18.0625 1340 ============================================================
13:13:32.0921 1632 ============================================================
13:13:32.0921 1632 Scan started
13:13:32.0921 1632 Mode: Manual; TDLFS;
13:13:32.0921 1632 ============================================================
13:13:33.0500 1632 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:13:33.0500 1632 !SASCORE - ok
13:13:33.0625 1632 13958081 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\13958081.sys
13:13:33.0625 1632 13958081 - ok
13:13:33.0656 1632 13958082 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\13958082.sys
13:13:33.0671 1632 13958082 - ok
13:13:33.0671 1632 Abiosdsk - ok
13:13:33.0671 1632 abp480n5 - ok
13:13:33.0703 1632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:13:33.0703 1632 ACPI - ok
13:13:33.0734 1632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:13:33.0734 1632 ACPIEC - ok
13:13:33.0796 1632 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:13:33.0796 1632 AdobeFlashPlayerUpdateSvc - ok
13:13:33.0796 1632 adpu160m - ok
13:13:33.0843 1632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:13:33.0843 1632 aec - ok
13:13:33.0875 1632 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
13:13:33.0875 1632 AFD - ok
13:13:33.0890 1632 Aha154x - ok
13:13:33.0890 1632 aic78u2 - ok
13:13:33.0890 1632 aic78xx - ok
13:13:33.0921 1632 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:13:33.0921 1632 Alerter - ok
13:13:33.0937 1632 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:13:33.0937 1632 ALG - ok
13:13:33.0953 1632 AliIde - ok
13:13:33.0953 1632 ALLOW-IO - ok
13:13:33.0953 1632 amsint - ok
13:13:34.0000 1632 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:13:34.0000 1632 Apple Mobile Device - ok
13:13:34.0031 1632 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:13:34.0031 1632 AppMgmt - ok
13:13:34.0031 1632 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:13:34.0031 1632 Arp1394 - ok
13:13:34.0046 1632 asc - ok
13:13:34.0046 1632 asc3350p - ok
13:13:34.0046 1632 asc3550 - ok
13:13:34.0109 1632 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:13:34.0109 1632 aspnet_state - ok
13:13:34.0125 1632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:13:34.0125 1632 AsyncMac - ok
13:13:34.0140 1632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:13:34.0140 1632 atapi - ok
13:13:34.0140 1632 Atdisk - ok
13:13:34.0187 1632 Ati HotKey Poller (d5406ad4263487bd6c6b2d7735b095bc) C:\WINDOWS\system32\Ati2evxx.exe
13:13:34.0187 1632 Ati HotKey Poller - ok
13:13:34.0250 1632 ATI Smart (c9bf3114b6fdb46e01ca55d0336cde88) C:\WINDOWS\system32\ati2sgag.exe
13:13:34.0265 1632 ATI Smart - ok
13:13:34.0406 1632 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:13:34.0421 1632 ati2mtag - ok
13:13:34.0500 1632 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
13:13:34.0500 1632 ATITool - ok
13:13:34.0531 1632 atitray (f46afb51f1a1cb8c7ecd85533ca839fe) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
13:13:34.0531 1632 atitray - ok
13:13:34.0531 1632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:13:34.0546 1632 Atmarpc - ok
13:13:34.0562 1632 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:13:34.0562 1632 AudioSrv - ok
13:13:34.0593 1632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:13:34.0593 1632 audstub - ok
13:13:34.0875 1632 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
13:13:34.0890 1632 AVGIDSAgent - ok
13:13:34.0968 1632 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
13:13:34.0968 1632 AVGIDSDriver - ok
13:13:34.0984 1632 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
13:13:34.0984 1632 AVGIDSFilter - ok
13:13:35.0000 1632 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
13:13:35.0000 1632 AVGIDSHX - ok
13:13:35.0015 1632 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
13:13:35.0015 1632 AVGIDSShim - ok
13:13:35.0046 1632 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:13:35.0046 1632 Avgldx86 - ok
13:13:35.0062 1632 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:13:35.0062 1632 Avgmfx86 - ok
13:13:35.0062 1632 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:13:35.0062 1632 Avgrkx86 - ok
13:13:35.0093 1632 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:13:35.0093 1632 Avgtdix - ok
13:13:35.0109 1632 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:13:35.0109 1632 avgwd - ok
13:13:35.0125 1632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:13:35.0125 1632 Beep - ok
13:13:35.0171 1632 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:13:35.0187 1632 BITS - ok
13:13:35.0234 1632 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:13:35.0234 1632 Bonjour Service - ok
13:13:35.0281 1632 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:13:35.0281 1632 Browser - ok
13:13:35.0296 1632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:13:35.0312 1632 cbidf2k - ok
13:13:35.0343 1632 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:13:35.0343 1632 CCDECODE - ok
13:13:35.0343 1632 cd20xrnt - ok
13:13:35.0359 1632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:13:35.0359 1632 Cdaudio - ok
13:13:35.0375 1632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:13:35.0375 1632 Cdfs - ok
13:13:35.0390 1632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:13:35.0390 1632 Cdrom - ok
13:13:35.0390 1632 Changer - ok
13:13:35.0406 1632 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:13:35.0406 1632 CiSvc - ok
13:13:35.0421 1632 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:13:35.0437 1632 ClipSrv - ok
13:13:35.0453 1632 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:35.0453 1632 clr_optimization_v2.0.50727_32 - ok
13:13:35.0453 1632 CmdIde - ok
13:13:35.0468 1632 COMSysApp - ok
13:13:35.0468 1632 Cpqarray - ok
13:13:35.0484 1632 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:13:35.0500 1632 CryptSvc - ok
13:13:35.0500 1632 dac2w2k - ok
13:13:35.0500 1632 dac960nt - ok
13:13:35.0562 1632 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
13:13:35.0562 1632 DAUpdaterSvc - ok
13:13:35.0625 1632 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:13:35.0625 1632 DcomLaunch - ok
13:13:35.0671 1632 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:13:35.0671 1632 Dhcp - ok
13:13:35.0687 1632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:13:35.0687 1632 Disk - ok
13:13:35.0734 1632 dKeySync (aeeee0bdb4d83596fbcf1810f6eacbdc) C:\dKEYUSBCradle\SyncService.exe
13:13:35.0750 1632 dKeySync - ok
13:13:35.0750 1632 dmadmin - ok
13:13:35.0796 1632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:13:35.0812 1632 dmboot - ok
13:13:35.0828 1632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:13:35.0843 1632 dmio - ok
13:13:35.0843 1632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:13:35.0843 1632 dmload - ok
13:13:35.0859 1632 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:13:35.0859 1632 dmserver - ok
13:13:35.0890 1632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:13:35.0890 1632 DMusic - ok
13:13:35.0921 1632 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:13:35.0921 1632 Dnscache - ok
13:13:35.0953 1632 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:13:35.0953 1632 Dot3svc - ok
13:13:35.0953 1632 dpti2o - ok
13:13:35.0968 1632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:13:35.0968 1632 drmkaud - ok
13:13:36.0000 1632 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
13:13:36.0000 1632 dtscsi - ok
13:13:36.0031 1632 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:13:36.0031 1632 EapHost - ok
13:13:36.0046 1632 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:13:36.0046 1632 ERSvc - ok
13:13:36.0093 1632 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:13:36.0109 1632 Eventlog - ok
13:13:36.0156 1632 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:13:36.0156 1632 EventSystem - ok
13:13:36.0171 1632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:13:36.0171 1632 Fastfat - ok
13:13:36.0187 1632 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:13:36.0187 1632 FastUserSwitchingCompatibility - ok
13:13:36.0203 1632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:13:36.0203 1632 Fdc - ok
13:13:36.0234 1632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:13:36.0234 1632 Fips - ok
13:13:36.0234 1632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:13:36.0234 1632 Flpydisk - ok
13:13:36.0281 1632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:13:36.0281 1632 FltMgr - ok
13:13:36.0375 1632 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:36.0390 1632 FontCache3.0.0.0 - ok
13:13:36.0406 1632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:13:36.0406 1632 Fs_Rec - ok
13:13:36.0421 1632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:13:36.0421 1632 Ftdisk - ok
13:13:36.0453 1632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:13:36.0453 1632 GEARAspiWDM - ok
13:13:36.0468 1632 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
13:13:36.0468 1632 giveio - ok
13:13:36.0500 1632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:13:36.0500 1632 Gpc - ok
13:13:36.0515 1632 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:13:36.0515 1632 HDAudBus - ok
13:13:36.0562 1632 helpsvc - ok
13:13:36.0578 1632 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:13:36.0578 1632 HidServ - ok
13:13:36.0593 1632 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:13:36.0593 1632 HidUsb - ok
13:13:36.0625 1632 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:13:36.0625 1632 hkmsvc - ok
13:13:36.0625 1632 hpn - ok
13:13:36.0687 1632 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:13:36.0687 1632 hpqcxs08 - ok
13:13:36.0734 1632 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:13:36.0734 1632 hpqddsvc - ok
13:13:36.0765 1632 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:13:36.0765 1632 HPZid412 - ok
13:13:36.0796 1632 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:13:36.0796 1632 HPZipr12 - ok
13:13:36.0812 1632 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:13:36.0812 1632 HPZius12 - ok
13:13:36.0843 1632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:13:36.0859 1632 HTTP - ok
13:13:36.0875 1632 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:13:36.0890 1632 HTTPFilter - ok
13:13:36.0890 1632 i2omgmt - ok
13:13:36.0890 1632 i2omp - ok
13:13:36.0921 1632 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:13:36.0921 1632 i8042prt - ok
13:13:36.0984 1632 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:36.0984 1632 idsvc - ok
13:13:36.0984 1632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:13:36.0984 1632 Imapi - ok
13:13:37.0000 1632 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:13:37.0015 1632 ImapiService - ok
13:13:37.0015 1632 ini910u - ok
13:13:37.0250 1632 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:13:37.0281 1632 IntcAzAudAddService - ok
13:13:37.0390 1632 IntelIde - ok
13:13:37.0406 1632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:13:37.0406 1632 intelppm - ok
13:13:37.0421 1632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:13:37.0421 1632 Ip6Fw - ok
13:13:37.0453 1632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:13:37.0453 1632 IpFilterDriver - ok
13:13:37.0453 1632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:13:37.0453 1632 IpInIp - ok
13:13:37.0468 1632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:13:37.0484 1632 IpNat - ok
13:13:37.0546 1632 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:13:37.0562 1632 iPod Service - ok
13:13:37.0562 1632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:13:37.0562 1632 IPSec - ok
13:13:37.0593 1632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:13:37.0593 1632 IRENUM - ok
13:13:37.0609 1632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:13:37.0609 1632 isapnp - ok
13:13:37.0609 1632 itlperf - ok
13:13:37.0687 1632 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
13:13:37.0703 1632 JavaQuickStarterService - ok
13:13:37.0703 1632 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys
13:13:37.0703 1632 JRAID - ok
13:13:37.0734 1632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:13:37.0734 1632 Kbdclass - ok
13:13:37.0765 1632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:13:37.0765 1632 kbdhid - ok
13:13:37.0781 1632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:13:37.0796 1632 kmixer - ok
13:13:37.0812 1632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:13:37.0812 1632 KSecDD - ok
13:13:37.0843 1632 L8042Kbd (dc61f15187372d164769c841655e58f3) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:13:37.0843 1632 L8042Kbd - ok
13:13:37.0875 1632 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
13:13:37.0875 1632 L8042mou - ok
13:13:37.0906 1632 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:13:37.0906 1632 LanmanServer - ok
13:13:37.0968 1632 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:13:37.0968 1632 lanmanworkstation - ok
13:13:37.0984 1632 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
13:13:37.0984 1632 LBeepKE - ok
13:13:37.0984 1632 lbrtfdc - ok
13:13:38.0078 1632 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
13:13:38.0078 1632 LBTServ - ok
13:13:38.0078 1632 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
13:13:38.0093 1632 LHidFilt - ok
13:13:38.0093 1632 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:13:38.0093 1632 LmHosts - ok
13:13:38.0109 1632 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
13:13:38.0109 1632 LMouFilt - ok
13:13:38.0140 1632 LMouKE (58597a99792461e89bb5c44e17508d70) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:13:38.0140 1632 LMouKE - ok
13:13:38.0171 1632 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:13:38.0171 1632 LVRS - ok
13:13:38.0421 1632 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:13:38.0453 1632 LVUVC - ok
13:13:38.0531 1632 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:13:38.0546 1632 Messenger - ok
13:13:38.0562 1632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:13:38.0562 1632 mnmdd - ok
13:13:38.0562 1632 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:13:38.0562 1632 mnmsrvc - ok
13:13:38.0578 1632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:13:38.0578 1632 Modem - ok
13:13:38.0609 1632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:13:38.0609 1632 Mouclass - ok
13:13:38.0609 1632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:13:38.0609 1632 mouhid - ok
13:13:38.0609 1632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:13:38.0609 1632 MountMgr - ok
13:13:38.0687 1632 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:13:38.0687 1632 MozillaMaintenance - ok
13:13:38.0687 1632 mraid35x - ok
13:13:38.0765 1632 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:13:38.0765 1632 MREMP50 - ok
13:13:38.0765 1632 MREMPR5 - ok
13:13:38.0765 1632 MRENDIS5 - ok
13:13:38.0781 1632 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:13:38.0781 1632 MRESP50 - ok
13:13:38.0796 1632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:13:38.0796 1632 MRxDAV - ok
13:13:38.0843 1632 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:13:38.0843 1632 MRxSmb - ok
13:13:38.0875 1632 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:13:38.0875 1632 MSDTC - ok
13:13:38.0890 1632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:13:38.0890 1632 Msfs - ok
13:13:38.0890 1632 MSIServer - ok
13:13:38.0921 1632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:13:38.0921 1632 MSKSSRV - ok
13:13:38.0937 1632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:13:38.0937 1632 MSPCLOCK - ok
13:13:38.0937 1632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:13:38.0953 1632 MSPQM - ok
13:13:38.0953 1632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:13:38.0953 1632 mssmbios - ok
13:13:38.0984 1632 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:13:38.0984 1632 MSTEE - ok
13:13:38.0984 1632 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:13:39.0000 1632 Mup - ok
13:13:39.0015 1632 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:13:39.0015 1632 NABTSFEC - ok
13:13:39.0031 1632 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:13:39.0046 1632 napagent - ok
13:13:39.0062 1632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:13:39.0062 1632 NDIS - ok
13:13:39.0093 1632 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:13:39.0093 1632 NdisIP - ok
13:13:39.0109 1632 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:13:39.0109 1632 NdisTapi - ok
13:13:39.0125 1632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:13:39.0125 1632 Ndisuio - ok
13:13:39.0140 1632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:13:39.0140 1632 NdisWan - ok
13:13:39.0156 1632 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:13:39.0156 1632 NDProxy - ok
13:13:39.0171 1632 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
13:13:39.0187 1632 Net Driver HPZ12 - ok
13:13:39.0187 1632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:13:39.0187 1632 NetBIOS - ok
13:13:39.0218 1632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:13:39.0218 1632 NetBT - ok
13:13:39.0250 1632 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:13:39.0250 1632 NetDDE - ok
13:13:39.0250 1632 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:13:39.0265 1632 NetDDEdsdm - ok
13:13:39.0281 1632 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:13:39.0296 1632 Netlogon - ok
13:13:39.0296 1632 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:13:39.0312 1632 Netman - ok
13:13:39.0406 1632 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:13:39.0406 1632 NetTcpPortSharing - ok
13:13:39.0406 1632 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:13:39.0406 1632 NIC1394 - ok
13:13:39.0453 1632 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:13:39.0453 1632 Nla - ok
13:13:39.0484 1632 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:13:39.0484 1632 nm - ok
13:13:39.0500 1632 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
13:13:39.0500 1632 NPF - ok
13:13:39.0500 1632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:13:39.0500 1632 Npfs - ok
13:13:39.0546 1632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:13:39.0546 1632 Ntfs - ok
13:13:39.0546 1632 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:13:39.0546 1632 NtLmSsp - ok
13:13:39.0593 1632 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:13:39.0593 1632 NtmsSvc - ok
13:13:39.0640 1632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:13:39.0640 1632 Null - ok
13:13:39.0656 1632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:13:39.0656 1632 NwlnkFlt - ok
13:13:39.0671 1632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:13:39.0671 1632 NwlnkFwd - ok
13:13:39.0687 1632 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:13:39.0687 1632 ohci1394 - ok
13:13:39.0703 1632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:13:39.0703 1632 Parport - ok
13:13:39.0703 1632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:13:39.0703 1632 PartMgr - ok
13:13:39.0734 1632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:13:39.0734 1632 ParVdm - ok
13:13:39.0734 1632 PCAMPR5 - ok
13:13:39.0796 1632 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files\Common Files\Motive\pcCMService.exe
13:13:39.0796 1632 pcCMService - ok
13:13:39.0828 1632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:13:39.0828 1632 PCI - ok
13:13:39.0828 1632 PCIDump - ok
13:13:39.0843 1632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:13:39.0843 1632 PCIIde - ok
13:13:39.0859 1632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:13:39.0859 1632 Pcmcia - ok
13:13:39.0906 1632 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files\Common Files\Motive\pcServiceHost.exe
13:13:39.0906 1632 pcServiceHost - ok
13:13:39.0906 1632 PDCOMP - ok
13:13:39.0921 1632 PDFRAME - ok
13:13:39.0921 1632 PDRELI - ok
13:13:39.0921 1632 PDRFRAME - ok
13:13:39.0921 1632 perc2 - ok
13:13:39.0921 1632 perc2hib - ok
13:13:39.0937 1632 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:13:39.0953 1632 PlugPlay - ok
13:13:39.0984 1632 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
13:13:39.0984 1632 Pml Driver HPZ12 - ok
13:13:40.0000 1632 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:13:40.0000 1632 PolicyAgent - ok
13:13:40.0015 1632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:13:40.0015 1632 PptpMiniport - ok
13:13:40.0015 1632 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:13:40.0015 1632 ProtectedStorage - ok
13:13:40.0031 1632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:13:40.0031 1632 PSched - ok
13:13:40.0046 1632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:13:40.0062 1632 Ptilink - ok
13:13:40.0078 1632 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:13:40.0078 1632 PxHelp20 - ok
13:13:40.0078 1632 ql1080 - ok
13:13:40.0078 1632 Ql10wnt - ok
13:13:40.0078 1632 ql12160 - ok
13:13:40.0078 1632 ql1240 - ok
13:13:40.0078 1632 ql1280 - ok
13:13:40.0093 1632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:13:40.0093 1632 RasAcd - ok
13:13:40.0125 1632 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:13:40.0125 1632 RasAuto - ok
13:13:40.0140 1632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:13:40.0140 1632 Rasl2tp - ok
13:13:40.0171 1632 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:13:40.0171 1632 RasMan - ok
13:13:40.0171 1632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:13:40.0171 1632 RasPppoe - ok
13:13:40.0171 1632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:13:40.0187 1632 Raspti - ok
13:13:40.0203 1632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:13:40.0203 1632 Rdbss - ok
13:13:40.0203 1632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:13:40.0203 1632 RDPCDD - ok
13:13:40.0234 1632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:13:40.0250 1632 rdpdr - ok
13:13:40.0250 1632 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:13:40.0265 1632 RDPWD - ok
13:13:40.0281 1632 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:13:40.0281 1632 RDSessMgr - ok
13:13:40.0296 1632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:13:40.0296 1632 redbook - ok
13:13:40.0328 1632 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:13:40.0328 1632 RemoteAccess - ok
13:13:40.0359 1632 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:13:40.0359 1632 RemoteRegistry - ok
13:13:40.0421 1632 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
13:13:40.0421 1632 rpcapd - ok
13:13:40.0437 1632 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:13:40.0437 1632 RpcLocator - ok
13:13:40.0468 1632 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:13:40.0468 1632 RpcSs - ok
13:13:40.0484 1632 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:13:40.0484 1632 RSVP - ok
13:13:40.0500 1632 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:13:40.0500 1632 RTL8023xp - ok
13:13:40.0500 1632 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:13:40.0500 1632 SamSs - ok
13:13:40.0531 1632 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:13:40.0531 1632 SASDIFSV - ok
13:13:40.0546 1632 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:13:40.0546 1632 SASKUTIL - ok
13:13:40.0578 1632 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:13:40.0578 1632 SCardSvr - ok
13:13:40.0609 1632 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:13:40.0609 1632 Schedule - ok
13:13:40.0640 1632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:13:40.0640 1632 Secdrv - ok
13:13:40.0656 1632 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:13:40.0656 1632 seclogon - ok
13:13:40.0671 1632 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
13:13:40.0671 1632 SENS - ok
13:13:40.0703 1632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:13:40.0703 1632 Serial - ok
13:13:40.0750 1632 setup_9.0.0.722_11.05.2011_11-43drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\1395808.sys
13:13:40.0750 1632 setup_9.0.0.722_11.05.2011_11-43drv - ok
13:13:40.0781 1632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:13:40.0781 1632 Sfloppy - ok
13:13:40.0843 1632 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:13:40.0843 1632 SharedAccess - ok
13:13:40.0875 1632 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:13:40.0890 1632 ShellHWDetection - ok
13:13:40.0921 1632 silabenm (8f3f406f7212a929d22751218305a13a) C:\WINDOWS\system32\DRIVERS\silabenm.sys
13:13:40.0921 1632 silabenm - ok
13:13:40.0921 1632 silabser (0c6876192fb8a1e26edbf4903b5c052c) C:\WINDOWS\system32\DRIVERS\silabser.sys
13:13:40.0937 1632 silabser - ok
13:13:40.0937 1632 Simbad - ok
13:13:41.0015 1632 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
13:13:41.0015 1632 SkypeUpdate - ok
13:13:41.0046 1632 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:13:41.0062 1632 SLIP - ok
13:13:41.0062 1632 Sparrow - ok
13:13:41.0078 1632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:13:41.0078 1632 splitter - ok
13:13:41.0109 1632 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:13:41.0109 1632 Spooler - ok
13:13:41.0171 1632 sptd (6797fa15ddc3beedda91592869c46212) C:\WINDOWS\System32\Drivers\sptd.sys
13:13:41.0171 1632 sptd - ok
13:13:41.0187 1632 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:13:41.0187 1632 Sr - ok
13:13:41.0218 1632 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:13:41.0234 1632 srservice - ok
13:13:41.0265 1632 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:13:41.0281 1632 Srv - ok
13:13:41.0296 1632 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:13:41.0296 1632 SSDPSRV - ok
13:13:41.0328 1632 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:13:41.0343 1632 stisvc - ok
13:13:41.0375 1632 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:13:41.0375 1632 streamip - ok
13:13:41.0390 1632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:13:41.0390 1632 swenum - ok
13:13:41.0421 1632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:13:41.0437 1632 swmidi - ok
13:13:41.0437 1632 SwPrv - ok
13:13:41.0437 1632 symc810 - ok
13:13:41.0437 1632 symc8xx - ok
13:13:41.0437 1632 sym_hi - ok
13:13:41.0437 1632 sym_u3 - ok
13:13:41.0453 1632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:13:41.0453 1632 sysaudio - ok
13:13:41.0484 1632 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:13:41.0484 1632 SysmonLog - ok
13:13:41.0500 1632 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:13:41.0500 1632 TapiSrv - ok
13:13:41.0531 1632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:13:41.0531 1632 Tcpip - ok
13:13:41.0546 1632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:13:41.0546 1632 TDPIPE - ok
13:13:41.0562 1632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:13:41.0562 1632 TDTCP - ok
13:13:41.0578 1632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:13:41.0578 1632 TermDD - ok
13:13:41.0609 1632 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:13:41.0609 1632 TermService - ok
13:13:41.0656 1632 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:13:41.0656 1632 Themes - ok
13:13:41.0671 1632 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:13:41.0687 1632 TlntSvr - ok
13:13:41.0687 1632 TosIde - ok
13:13:41.0718 1632 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:13:41.0718 1632 TrkWks - ok
13:13:41.0734 1632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:13:41.0734 1632 Udfs - ok
13:13:41.0734 1632 ultra - ok
13:13:41.0812 1632 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:13:41.0812 1632 UMVPFSrv - ok
13:13:41.0843 1632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:13:41.0843 1632 Update - ok
13:13:41.0875 1632 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:13:41.0875 1632 upnphost - ok
13:13:41.0875 1632 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:13:41.0890 1632 UPS - ok
13:13:41.0921 1632 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:13:41.0921 1632 USBAAPL - ok
13:13:41.0953 1632 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:13:41.0953 1632 usbaudio - ok
13:13:41.0984 1632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:13:41.0984 1632 usbccgp - ok
13:13:41.0984 1632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:13:42.0000 1632 usbehci - ok
13:13:42.0000 1632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:13:42.0000 1632 usbhub - ok
13:13:42.0031 1632 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:13:42.0031 1632 usbprint - ok
13:13:42.0062 1632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:13:42.0062 1632 usbscan - ok
13:13:42.0078 1632 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:13:42.0078 1632 USBSTOR - ok
13:13:42.0109 1632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:13:42.0109 1632 usbuhci - ok
13:13:42.0140 1632 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:13:42.0140 1632 usbvideo - ok
13:13:42.0187 1632 VBoxDrv (780f3e9d539249a7858d4d2d7fa75405) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
13:13:42.0187 1632 VBoxDrv - ok
13:13:42.0203 1632 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
13:13:42.0203 1632 VBoxNetAdp - ok
13:13:42.0203 1632 VBoxNetFlt (9b571ae5e214b40ca0d6480771e99a0d) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
13:13:42.0203 1632 VBoxNetFlt - ok
13:13:42.0218 1632 VBoxUSBMon (ef5ab4110f0e50711666d6d5c9511698) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
13:13:42.0218 1632 VBoxUSBMon - ok
13:13:42.0218 1632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:13:42.0218 1632 VgaSave - ok
13:13:42.0234 1632 ViaIde - ok
13:13:42.0250 1632 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
13:13:42.0250 1632 vmm - ok
13:13:42.0281 1632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:13:42.0281 1632 VolSnap - ok
13:13:42.0312 1632 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
13:13:42.0312 1632 VPCNetS2 - ok
13:13:42.0328 1632 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:13:42.0343 1632 VSS - ok
13:13:42.0359 1632 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:13:42.0359 1632 W32Time - ok
13:13:42.0375 1632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:13:42.0375 1632 Wanarp - ok
13:13:42.0437 1632 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:13:42.0437 1632 Wdf01000 - ok
13:13:42.0437 1632 WDICA - ok
13:13:42.0468 1632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:13:42.0468 1632 wdmaud - ok
13:13:42.0484 1632 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:13:42.0500 1632 WebClient - ok
13:13:42.0578 1632 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:13:42.0593 1632 winmgmt - ok
13:13:42.0640 1632 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
13:13:42.0640 1632 WinVNC4 - ok
13:13:42.0671 1632 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
13:13:42.0671 1632 WmdmPmSN - ok
13:13:42.0718 1632 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:13:42.0734 1632 Wmi - ok
13:13:42.0750 1632 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:13:42.0750 1632 WmiApSrv - ok
13:13:42.0859 1632 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:13:42.0859 1632 WMPNetworkSvc - ok
13:13:42.0890 1632 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:13:42.0890 1632 wscsvc - ok
13:13:42.0937 1632 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:13:42.0937 1632 WSTCODEC - ok
13:13:42.0937 1632 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:13:42.0953 1632 WudfPf - ok
13:13:42.0953 1632 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:13:42.0953 1632 WudfRd - ok
13:13:42.0953 1632 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:13:42.0968 1632 WudfSvc - ok
13:13:43.0000 1632 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:13:43.0015 1632 WZCSVC - ok
13:13:43.0031 1632 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:13:43.0046 1632 xmlprov - ok
13:13:43.0078 1632 ZD1211U(WLAN) (7597e0c770bd8ce1beb552b0a756bdb7) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
13:13:43.0078 1632 ZD1211U(WLAN) - ok
13:13:43.0093 1632 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS
13:13:43.0093 1632 ZDBRGSYS - ok
13:13:43.0109 1632 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
13:13:43.0125 1632 ZDPNDIS5 - ok
13:13:43.0140 1632 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:13:43.0437 1632 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:13:43.0437 1632 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:13:43.0453 1632 Boot (0x1200) (a239b2d0b42108888cad8e80b7cbc49a) \Device\Harddisk0\DR0\Partition0
13:13:43.0468 1632 \Device\Harddisk0\DR0\Partition0 - ok
13:13:43.0468 1632 ============================================================
13:13:43.0468 1632 Scan finished
13:13:43.0468 1632 ============================================================
13:13:43.0468 2528 Detected object count: 1
13:13:43.0468 2528 Actual detected object count: 1
13:13:59.0890 2528 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:13:59.0890 2528 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:14:03.0484 1180 Deinitialize success
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 22nd, 2012, 1:30 pm

Google redirects are gone, and I think the ads in the background are gone too. Is there anything you guys can do about my system restore?
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 22nd, 2012, 1:33 pm

Hi

MikeLin007 wrote:Here is the TDSS log file. This time around it only detected one suspicious object, which it skipped.

Yes, that's this bit, the bit that we were looking to delete.

13:13:43.0468 2528 Detected object count: 1
13:13:43.0468 2528 Actual detected object count: 1
13:13:59.0890 2528 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:13:59.0890 2528 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:14:03.0484 1180 Deinitialize success


Run it again, but change the default action for the detection above to Delete.


TDSSKiller

  • Double click TDSSKiller.exe to run it.
  • Click Change parameters
  • Under Additional Options check Detect TDLFS file system
  • Ensure Verify file digital signatures is unchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If TDLFS file system is detected, the default action will be Skip, Change to Delete & then click Continue

    DO NOT change the default actions other than for the TDLFS file system.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 22nd, 2012, 1:37 pm

Thanks for the quick reply! Here is the TDSS log file:

13:35:25.0718 2192 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
13:35:26.0140 2192 ============================================================
13:35:26.0140 2192 Current date / time: 2012/07/22 13:35:26.0140
13:35:26.0140 2192 SystemInfo:
13:35:26.0140 2192
13:35:26.0140 2192 OS Version: 5.1.2600 ServicePack: 3.0
13:35:26.0140 2192 Product type: Workstation
13:35:26.0140 2192 ComputerName: ----------
13:35:26.0140 2192 UserName: mike
13:35:26.0140 2192 Windows directory: C:\WINDOWS
13:35:26.0140 2192 System windows directory: C:\WINDOWS
13:35:26.0140 2192 Processor architecture: Intel x86
13:35:26.0140 2192 Number of processors: 4
13:35:26.0140 2192 Page size: 0x1000
13:35:26.0140 2192 Boot type: Normal boot
13:35:26.0140 2192 ============================================================
13:35:27.0515 2192 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:35:27.0515 2192 ============================================================
13:35:27.0515 2192 \Device\Harddisk0\DR0:
13:35:27.0515 2192 MBR partitions:
13:35:27.0515 2192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
13:35:27.0515 2192 ============================================================
13:35:27.0546 2192 C: <-> \Device\Harddisk0\DR0\Partition0
13:35:27.0546 2192 ============================================================
13:35:27.0546 2192 Initialize success
13:35:27.0546 2192 ============================================================
13:35:40.0203 4448 ============================================================
13:35:40.0203 4448 Scan started
13:35:40.0203 4448 Mode: Manual; TDLFS;
13:35:40.0203 4448 ============================================================
13:35:40.0421 4448 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:35:40.0421 4448 !SASCORE - ok
13:35:40.0546 4448 13958081 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\13958081.sys
13:35:40.0562 4448 13958081 - ok
13:35:40.0593 4448 13958082 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\13958082.sys
13:35:40.0593 4448 13958082 - ok
13:35:40.0593 4448 Abiosdsk - ok
13:35:40.0593 4448 abp480n5 - ok
13:35:40.0609 4448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:35:40.0609 4448 ACPI - ok
13:35:40.0640 4448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:35:40.0640 4448 ACPIEC - ok
13:35:40.0703 4448 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:35:40.0703 4448 AdobeFlashPlayerUpdateSvc - ok
13:35:40.0703 4448 adpu160m - ok
13:35:40.0750 4448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:35:40.0750 4448 aec - ok
13:35:40.0781 4448 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
13:35:40.0796 4448 AFD - ok
13:35:40.0796 4448 Aha154x - ok
13:35:40.0796 4448 aic78u2 - ok
13:35:40.0796 4448 aic78xx - ok
13:35:40.0828 4448 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:35:40.0828 4448 Alerter - ok
13:35:40.0843 4448 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:35:40.0843 4448 ALG - ok
13:35:40.0859 4448 AliIde - ok
13:35:40.0859 4448 ALLOW-IO - ok
13:35:40.0859 4448 amsint - ok
13:35:40.0906 4448 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:35:40.0906 4448 Apple Mobile Device - ok
13:35:40.0937 4448 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:35:40.0937 4448 AppMgmt - ok
13:35:40.0937 4448 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:35:40.0953 4448 Arp1394 - ok
13:35:40.0953 4448 asc - ok
13:35:40.0953 4448 asc3350p - ok
13:35:40.0953 4448 asc3550 - ok
13:35:41.0015 4448 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:35:41.0031 4448 aspnet_state - ok
13:35:41.0046 4448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:35:41.0062 4448 AsyncMac - ok
13:35:41.0078 4448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:35:41.0078 4448 atapi - ok
13:35:41.0078 4448 Atdisk - ok
13:35:41.0156 4448 Ati HotKey Poller (d5406ad4263487bd6c6b2d7735b095bc) C:\WINDOWS\system32\Ati2evxx.exe
13:35:41.0156 4448 Ati HotKey Poller - ok
13:35:41.0218 4448 ATI Smart (c9bf3114b6fdb46e01ca55d0336cde88) C:\WINDOWS\system32\ati2sgag.exe
13:35:41.0218 4448 ATI Smart - ok
13:35:41.0375 4448 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:35:41.0390 4448 ati2mtag - ok
13:35:41.0484 4448 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
13:35:41.0484 4448 ATITool - ok
13:35:41.0531 4448 atitray (f46afb51f1a1cb8c7ecd85533ca839fe) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
13:35:41.0531 4448 atitray - ok
13:35:41.0531 4448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:35:41.0546 4448 Atmarpc - ok
13:35:41.0562 4448 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:35:41.0562 4448 AudioSrv - ok
13:35:41.0593 4448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:35:41.0593 4448 audstub - ok
13:35:41.0875 4448 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
13:35:41.0906 4448 AVGIDSAgent - ok
13:35:41.0984 4448 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
13:35:41.0984 4448 AVGIDSDriver - ok
13:35:41.0984 4448 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
13:35:42.0000 4448 AVGIDSFilter - ok
13:35:42.0015 4448 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
13:35:42.0015 4448 AVGIDSHX - ok
13:35:42.0031 4448 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
13:35:42.0031 4448 AVGIDSShim - ok
13:35:42.0046 4448 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:35:42.0062 4448 Avgldx86 - ok
13:35:42.0062 4448 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:35:42.0062 4448 Avgmfx86 - ok
13:35:42.0062 4448 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:35:42.0062 4448 Avgrkx86 - ok
13:35:42.0078 4448 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:35:42.0093 4448 Avgtdix - ok
13:35:42.0125 4448 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:35:42.0140 4448 avgwd - ok
13:35:42.0140 4448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:35:42.0140 4448 Beep - ok
13:35:42.0171 4448 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:35:42.0265 4448 BITS - ok
13:35:42.0312 4448 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:35:42.0328 4448 Bonjour Service - ok
13:35:42.0359 4448 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:35:42.0359 4448 Browser - ok
13:35:42.0390 4448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:35:42.0390 4448 cbidf2k - ok
13:35:42.0421 4448 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:35:42.0421 4448 CCDECODE - ok
13:35:42.0421 4448 cd20xrnt - ok
13:35:42.0437 4448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:35:42.0437 4448 Cdaudio - ok
13:35:42.0453 4448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:35:42.0453 4448 Cdfs - ok
13:35:42.0468 4448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:35:42.0468 4448 Cdrom - ok
13:35:42.0468 4448 Changer - ok
13:35:42.0484 4448 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:35:42.0484 4448 CiSvc - ok
13:35:42.0500 4448 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:35:42.0500 4448 ClipSrv - ok
13:35:42.0531 4448 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:35:42.0531 4448 clr_optimization_v2.0.50727_32 - ok
13:35:42.0531 4448 CmdIde - ok
13:35:42.0531 4448 COMSysApp - ok
13:35:42.0546 4448 Cpqarray - ok
13:35:42.0578 4448 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:35:42.0578 4448 CryptSvc - ok
13:35:42.0578 4448 dac2w2k - ok
13:35:42.0578 4448 dac960nt - ok
13:35:42.0640 4448 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
13:35:42.0640 4448 DAUpdaterSvc - ok
13:35:42.0687 4448 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:35:42.0703 4448 DcomLaunch - ok
13:35:42.0750 4448 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:35:42.0750 4448 Dhcp - ok
13:35:42.0750 4448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:35:42.0750 4448 Disk - ok
13:35:42.0812 4448 dKeySync (aeeee0bdb4d83596fbcf1810f6eacbdc) C:\dKEYUSBCradle\SyncService.exe
13:35:42.0812 4448 dKeySync - ok
13:35:42.0812 4448 dmadmin - ok
13:35:42.0859 4448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:35:42.0875 4448 dmboot - ok
13:35:42.0906 4448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:35:42.0906 4448 dmio - ok
13:35:42.0906 4448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:35:42.0906 4448 dmload - ok
13:35:42.0921 4448 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:35:42.0921 4448 dmserver - ok
13:35:42.0953 4448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:35:42.0953 4448 DMusic - ok
13:35:42.0984 4448 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:35:43.0000 4448 Dnscache - ok
13:35:43.0015 4448 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:35:43.0015 4448 Dot3svc - ok
13:35:43.0031 4448 dpti2o - ok
13:35:43.0031 4448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:35:43.0031 4448 drmkaud - ok
13:35:43.0078 4448 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
13:35:43.0078 4448 dtscsi - ok
13:35:43.0093 4448 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:35:43.0109 4448 EapHost - ok
13:35:43.0125 4448 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:35:43.0125 4448 ERSvc - ok
13:35:43.0171 4448 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:35:43.0171 4448 Eventlog - ok
13:35:43.0234 4448 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:35:43.0234 4448 EventSystem - ok
13:35:43.0234 4448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:35:43.0250 4448 Fastfat - ok
13:35:43.0265 4448 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:35:43.0281 4448 FastUserSwitchingCompatibility - ok
13:35:43.0296 4448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:35:43.0296 4448 Fdc - ok
13:35:43.0312 4448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:35:43.0312 4448 Fips - ok
13:35:43.0312 4448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:35:43.0312 4448 Flpydisk - ok
13:35:43.0359 4448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:35:43.0359 4448 FltMgr - ok
13:35:43.0437 4448 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:35:43.0437 4448 FontCache3.0.0.0 - ok
13:35:43.0453 4448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:35:43.0453 4448 Fs_Rec - ok
13:35:43.0468 4448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:35:43.0468 4448 Ftdisk - ok
13:35:43.0500 4448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:35:43.0500 4448 GEARAspiWDM - ok
13:35:43.0515 4448 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
13:35:43.0531 4448 giveio - ok
13:35:43.0546 4448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:35:43.0546 4448 Gpc - ok
13:35:43.0562 4448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:35:43.0562 4448 HDAudBus - ok
13:35:43.0578 4448 helpsvc - ok
13:35:43.0593 4448 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:35:43.0593 4448 HidServ - ok
13:35:43.0609 4448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:35:43.0609 4448 HidUsb - ok
13:35:43.0640 4448 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:35:43.0640 4448 hkmsvc - ok
13:35:43.0640 4448 hpn - ok
13:35:43.0765 4448 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:35:43.0781 4448 hpqcxs08 - ok
13:35:43.0812 4448 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:35:43.0812 4448 hpqddsvc - ok
13:35:43.0843 4448 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:35:43.0843 4448 HPZid412 - ok
13:35:43.0875 4448 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:35:43.0875 4448 HPZipr12 - ok
13:35:43.0890 4448 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:35:43.0890 4448 HPZius12 - ok
13:35:43.0937 4448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:35:43.0937 4448 HTTP - ok
13:35:43.0968 4448 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:35:43.0968 4448 HTTPFilter - ok
13:35:43.0968 4448 i2omgmt - ok
13:35:43.0968 4448 i2omp - ok
13:35:43.0984 4448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:35:44.0000 4448 i8042prt - ok
13:35:44.0046 4448 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:35:44.0062 4448 idsvc - ok
13:35:44.0078 4448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:35:44.0078 4448 Imapi - ok
13:35:44.0093 4448 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:35:44.0093 4448 ImapiService - ok
13:35:44.0093 4448 ini910u - ok
13:35:44.0328 4448 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:35:44.0359 4448 IntcAzAudAddService - ok
13:35:44.0453 4448 IntelIde - ok
13:35:44.0468 4448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:35:44.0468 4448 intelppm - ok
13:35:44.0484 4448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:35:44.0484 4448 Ip6Fw - ok
13:35:44.0515 4448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:35:44.0515 4448 IpFilterDriver - ok
13:35:44.0515 4448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:35:44.0515 4448 IpInIp - ok
13:35:44.0531 4448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:35:44.0531 4448 IpNat - ok
13:35:44.0625 4448 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:35:44.0625 4448 iPod Service - ok
13:35:44.0625 4448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:35:44.0625 4448 IPSec - ok
13:35:44.0656 4448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:35:44.0656 4448 IRENUM - ok
13:35:44.0671 4448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:35:44.0671 4448 isapnp - ok
13:35:44.0687 4448 itlperf - ok
13:35:44.0765 4448 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
13:35:44.0765 4448 JavaQuickStarterService - ok
13:35:44.0765 4448 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys
13:35:44.0765 4448 JRAID - ok
13:35:44.0812 4448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:35:44.0812 4448 Kbdclass - ok
13:35:44.0828 4448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:35:44.0828 4448 kbdhid - ok
13:35:44.0859 4448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:35:44.0859 4448 kmixer - ok
13:35:44.0875 4448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:35:44.0890 4448 KSecDD - ok
13:35:44.0906 4448 L8042Kbd (dc61f15187372d164769c841655e58f3) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:35:44.0906 4448 L8042Kbd - ok
13:35:44.0937 4448 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
13:35:44.0937 4448 L8042mou - ok
13:35:44.0968 4448 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:35:44.0968 4448 LanmanServer - ok
13:35:45.0031 4448 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:35:45.0031 4448 lanmanworkstation - ok
13:35:45.0046 4448 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
13:35:45.0046 4448 LBeepKE - ok
13:35:45.0046 4448 lbrtfdc - ok
13:35:45.0125 4448 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
13:35:45.0125 4448 LBTServ - ok
13:35:45.0140 4448 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
13:35:45.0140 4448 LHidFilt - ok
13:35:45.0140 4448 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:35:45.0156 4448 LmHosts - ok
13:35:45.0156 4448 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
13:35:45.0156 4448 LMouFilt - ok
13:35:45.0187 4448 LMouKE (58597a99792461e89bb5c44e17508d70) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
13:35:45.0187 4448 LMouKE - ok
13:35:45.0218 4448 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:35:45.0234 4448 LVRS - ok
13:35:45.0500 4448 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:35:45.0546 4448 LVUVC - ok
13:35:45.0640 4448 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:35:45.0640 4448 Messenger - ok
13:35:45.0671 4448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:35:45.0671 4448 mnmdd - ok
13:35:45.0671 4448 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:35:45.0687 4448 mnmsrvc - ok
13:35:45.0703 4448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:35:45.0703 4448 Modem - ok
13:35:45.0718 4448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:35:45.0734 4448 Mouclass - ok
13:35:45.0734 4448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:35:45.0734 4448 mouhid - ok
13:35:45.0734 4448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:35:45.0734 4448 MountMgr - ok
13:35:45.0781 4448 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:35:45.0796 4448 MozillaMaintenance - ok
13:35:45.0796 4448 mraid35x - ok
13:35:45.0843 4448 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:35:45.0843 4448 MREMP50 - ok
13:35:45.0843 4448 MREMPR5 - ok
13:35:45.0843 4448 MRENDIS5 - ok
13:35:45.0859 4448 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:35:45.0875 4448 MRESP50 - ok
13:35:45.0890 4448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:35:45.0890 4448 MRxDAV - ok
13:35:45.0921 4448 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:35:45.0937 4448 MRxSmb - ok
13:35:45.0953 4448 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:35:45.0968 4448 MSDTC - ok
13:35:45.0968 4448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:35:45.0968 4448 Msfs - ok
13:35:45.0968 4448 MSIServer - ok
13:35:46.0015 4448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:35:46.0015 4448 MSKSSRV - ok
13:35:46.0015 4448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:35:46.0015 4448 MSPCLOCK - ok
13:35:46.0031 4448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:35:46.0031 4448 MSPQM - ok
13:35:46.0031 4448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:35:46.0031 4448 mssmbios - ok
13:35:46.0062 4448 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:35:46.0062 4448 MSTEE - ok
13:35:46.0062 4448 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:35:46.0062 4448 Mup - ok
13:35:46.0109 4448 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:35:46.0109 4448 NABTSFEC - ok
13:35:46.0140 4448 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:35:46.0140 4448 napagent - ok
13:35:46.0171 4448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:35:46.0171 4448 NDIS - ok
13:35:46.0203 4448 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:35:46.0203 4448 NdisIP - ok
13:35:46.0234 4448 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:35:46.0234 4448 NdisTapi - ok
13:35:46.0234 4448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:35:46.0250 4448 Ndisuio - ok
13:35:46.0250 4448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:35:46.0250 4448 NdisWan - ok
13:35:46.0265 4448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:35:46.0265 4448 NDProxy - ok
13:35:46.0296 4448 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
13:35:46.0296 4448 Net Driver HPZ12 - ok
13:35:46.0296 4448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:35:46.0296 4448 NetBIOS - ok
13:35:46.0328 4448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:35:46.0328 4448 NetBT - ok
13:35:46.0359 4448 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:35:46.0359 4448 NetDDE - ok
13:35:46.0359 4448 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:35:46.0359 4448 NetDDEdsdm - ok
13:35:46.0406 4448 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:46.0406 4448 Netlogon - ok
13:35:46.0421 4448 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:35:46.0421 4448 Netman - ok
13:35:46.0515 4448 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:35:46.0546 4448 NetTcpPortSharing - ok
13:35:46.0546 4448 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:35:46.0546 4448 NIC1394 - ok
13:35:46.0593 4448 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:35:46.0609 4448 Nla - ok
13:35:46.0625 4448 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:35:46.0625 4448 nm - ok
13:35:46.0640 4448 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
13:35:46.0656 4448 NPF - ok
13:35:46.0656 4448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:35:46.0656 4448 Npfs - ok
13:35:46.0687 4448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:35:46.0703 4448 Ntfs - ok
13:35:46.0703 4448 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:46.0703 4448 NtLmSsp - ok
13:35:46.0734 4448 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:35:46.0750 4448 NtmsSvc - ok
13:35:46.0812 4448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:35:46.0812 4448 Null - ok
13:35:46.0843 4448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:35:46.0843 4448 NwlnkFlt - ok
13:35:46.0843 4448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:35:46.0843 4448 NwlnkFwd - ok
13:35:46.0859 4448 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:35:46.0859 4448 ohci1394 - ok
13:35:46.0875 4448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:35:46.0875 4448 Parport - ok
13:35:46.0890 4448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:35:46.0890 4448 PartMgr - ok
13:35:46.0906 4448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:35:46.0906 4448 ParVdm - ok
13:35:46.0921 4448 PCAMPR5 - ok
13:35:46.0984 4448 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files\Common Files\Motive\pcCMService.exe
13:35:46.0984 4448 pcCMService - ok
13:35:47.0015 4448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:35:47.0015 4448 PCI - ok
13:35:47.0015 4448 PCIDump - ok
13:35:47.0015 4448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:35:47.0015 4448 PCIIde - ok
13:35:47.0031 4448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:35:47.0046 4448 Pcmcia - ok
13:35:47.0078 4448 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files\Common Files\Motive\pcServiceHost.exe
13:35:47.0078 4448 pcServiceHost - ok
13:35:47.0093 4448 PDCOMP - ok
13:35:47.0093 4448 PDFRAME - ok
13:35:47.0093 4448 PDRELI - ok
13:35:47.0093 4448 PDRFRAME - ok
13:35:47.0093 4448 perc2 - ok
13:35:47.0093 4448 perc2hib - ok
13:35:47.0125 4448 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:35:47.0125 4448 PlugPlay - ok
13:35:47.0171 4448 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
13:35:47.0171 4448 Pml Driver HPZ12 - ok
13:35:47.0171 4448 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:47.0171 4448 PolicyAgent - ok
13:35:47.0187 4448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:35:47.0187 4448 PptpMiniport - ok
13:35:47.0187 4448 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:47.0187 4448 ProtectedStorage - ok
13:35:47.0187 4448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:35:47.0203 4448 PSched - ok
13:35:47.0234 4448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:35:47.0234 4448 Ptilink - ok
13:35:47.0265 4448 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:35:47.0265 4448 PxHelp20 - ok
13:35:47.0265 4448 ql1080 - ok
13:35:47.0265 4448 Ql10wnt - ok
13:35:47.0265 4448 ql12160 - ok
13:35:47.0265 4448 ql1240 - ok
13:35:47.0265 4448 ql1280 - ok
13:35:47.0281 4448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:35:47.0281 4448 RasAcd - ok
13:35:47.0312 4448 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:35:47.0312 4448 RasAuto - ok
13:35:47.0328 4448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:35:47.0328 4448 Rasl2tp - ok
13:35:47.0359 4448 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:35:47.0359 4448 RasMan - ok
13:35:47.0359 4448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:35:47.0375 4448 RasPppoe - ok
13:35:47.0375 4448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:35:47.0375 4448 Raspti - ok
13:35:47.0390 4448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:35:47.0406 4448 Rdbss - ok
13:35:47.0406 4448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:35:47.0421 4448 RDPCDD - ok
13:35:47.0468 4448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:35:47.0484 4448 rdpdr - ok
13:35:47.0500 4448 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:35:47.0500 4448 RDPWD - ok
13:35:47.0531 4448 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:35:47.0531 4448 RDSessMgr - ok
13:35:47.0546 4448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:35:47.0546 4448 redbook - ok
13:35:47.0578 4448 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:35:47.0578 4448 RemoteAccess - ok
13:35:47.0609 4448 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:35:47.0609 4448 RemoteRegistry - ok
13:35:47.0671 4448 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
13:35:47.0671 4448 rpcapd - ok
13:35:47.0687 4448 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:35:47.0687 4448 RpcLocator - ok
13:35:47.0734 4448 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:35:47.0734 4448 RpcSs - ok
13:35:47.0750 4448 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:35:47.0750 4448 RSVP - ok
13:35:47.0781 4448 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:35:47.0781 4448 RTL8023xp - ok
13:35:47.0781 4448 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:47.0781 4448 SamSs - ok
13:35:47.0812 4448 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:35:47.0812 4448 SASDIFSV - ok
13:35:47.0828 4448 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:35:47.0828 4448 SASKUTIL - ok
13:35:47.0843 4448 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:35:47.0843 4448 SCardSvr - ok
13:35:47.0890 4448 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:35:47.0906 4448 Schedule - ok
13:35:47.0921 4448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:35:47.0921 4448 Secdrv - ok
13:35:47.0953 4448 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:35:47.0953 4448 seclogon - ok
13:35:47.0968 4448 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
13:35:47.0968 4448 SENS - ok
13:35:47.0984 4448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:35:48.0000 4448 Serial - ok
13:35:48.0031 4448 setup_9.0.0.722_11.05.2011_11-43drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\1395808.sys
13:35:48.0031 4448 setup_9.0.0.722_11.05.2011_11-43drv - ok
13:35:48.0046 4448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:35:48.0046 4448 Sfloppy - ok
13:35:48.0109 4448 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:35:48.0109 4448 SharedAccess - ok
13:35:48.0140 4448 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:35:48.0156 4448 ShellHWDetection - ok
13:35:48.0187 4448 silabenm (8f3f406f7212a929d22751218305a13a) C:\WINDOWS\system32\DRIVERS\silabenm.sys
13:35:48.0187 4448 silabenm - ok
13:35:48.0187 4448 silabser (0c6876192fb8a1e26edbf4903b5c052c) C:\WINDOWS\system32\DRIVERS\silabser.sys
13:35:48.0203 4448 silabser - ok
13:35:48.0203 4448 Simbad - ok
13:35:48.0281 4448 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
13:35:48.0281 4448 SkypeUpdate - ok
13:35:48.0312 4448 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:35:48.0312 4448 SLIP - ok
13:35:48.0328 4448 Sparrow - ok
13:35:48.0343 4448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:35:48.0343 4448 splitter - ok
13:35:48.0375 4448 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:35:48.0390 4448 Spooler - ok
13:35:48.0437 4448 sptd (6797fa15ddc3beedda91592869c46212) C:\WINDOWS\System32\Drivers\sptd.sys
13:35:48.0453 4448 sptd - ok
13:35:48.0468 4448 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:35:48.0468 4448 Sr - ok
13:35:48.0500 4448 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:35:48.0500 4448 srservice - ok
13:35:48.0546 4448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:35:48.0546 4448 Srv - ok
13:35:48.0578 4448 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:35:48.0578 4448 SSDPSRV - ok
13:35:48.0625 4448 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:35:48.0625 4448 stisvc - ok
13:35:48.0671 4448 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:35:48.0671 4448 streamip - ok
13:35:48.0703 4448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:35:48.0703 4448 swenum - ok
13:35:48.0718 4448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:35:48.0718 4448 swmidi - ok
13:35:48.0718 4448 SwPrv - ok
13:35:48.0718 4448 symc810 - ok
13:35:48.0718 4448 symc8xx - ok
13:35:48.0734 4448 sym_hi - ok
13:35:48.0734 4448 sym_u3 - ok
13:35:48.0750 4448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:35:48.0750 4448 sysaudio - ok
13:35:48.0765 4448 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:35:48.0781 4448 SysmonLog - ok
13:35:48.0781 4448 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:35:48.0796 4448 TapiSrv - ok
13:35:48.0859 4448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:35:48.0859 4448 Tcpip - ok
13:35:48.0890 4448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:35:48.0890 4448 TDPIPE - ok
13:35:48.0906 4448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:35:48.0906 4448 TDTCP - ok
13:35:48.0906 4448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:35:48.0906 4448 TermDD - ok
13:35:48.0937 4448 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:35:48.0937 4448 TermService - ok
13:35:48.0984 4448 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:35:48.0984 4448 Themes - ok
13:35:49.0015 4448 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:35:49.0015 4448 TlntSvr - ok
13:35:49.0015 4448 TosIde - ok
13:35:49.0046 4448 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:35:49.0046 4448 TrkWks - ok
13:35:49.0062 4448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:35:49.0062 4448 Udfs - ok
13:35:49.0078 4448 ultra - ok
13:35:49.0140 4448 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
13:35:49.0140 4448 UMVPFSrv - ok
13:35:49.0171 4448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:35:49.0171 4448 Update - ok
13:35:49.0203 4448 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:35:49.0203 4448 upnphost - ok
13:35:49.0218 4448 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:35:49.0218 4448 UPS - ok
13:35:49.0250 4448 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:35:49.0250 4448 USBAAPL - ok
13:35:49.0281 4448 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:35:49.0281 4448 usbaudio - ok
13:35:49.0312 4448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:35:49.0312 4448 usbccgp - ok
13:35:49.0359 4448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:35:49.0359 4448 usbehci - ok
13:35:49.0359 4448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:35:49.0359 4448 usbhub - ok
13:35:49.0390 4448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:35:49.0390 4448 usbprint - ok
13:35:49.0421 4448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:35:49.0421 4448 usbscan - ok
13:35:49.0453 4448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:35:49.0453 4448 USBSTOR - ok
13:35:49.0484 4448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:35:49.0500 4448 usbuhci - ok
13:35:49.0531 4448 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:35:49.0531 4448 usbvideo - ok
13:35:49.0578 4448 VBoxDrv (780f3e9d539249a7858d4d2d7fa75405) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
13:35:49.0578 4448 VBoxDrv - ok
13:35:49.0593 4448 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
13:35:49.0593 4448 VBoxNetAdp - ok
13:35:49.0625 4448 VBoxNetFlt (9b571ae5e214b40ca0d6480771e99a0d) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
13:35:49.0625 4448 VBoxNetFlt - ok
13:35:49.0625 4448 VBoxUSBMon (ef5ab4110f0e50711666d6d5c9511698) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
13:35:49.0625 4448 VBoxUSBMon - ok
13:35:49.0640 4448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:35:49.0640 4448 VgaSave - ok
13:35:49.0640 4448 ViaIde - ok
13:35:49.0671 4448 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
13:35:49.0671 4448 vmm - ok
13:35:49.0703 4448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:35:49.0703 4448 VolSnap - ok
13:35:49.0734 4448 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
13:35:49.0734 4448 VPCNetS2 - ok
13:35:49.0750 4448 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:35:49.0765 4448 VSS - ok
13:35:49.0781 4448 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:35:49.0796 4448 W32Time - ok
13:35:49.0796 4448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:35:49.0796 4448 Wanarp - ok
13:35:49.0843 4448 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:35:49.0859 4448 Wdf01000 - ok
13:35:49.0859 4448 WDICA - ok
13:35:49.0890 4448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:35:49.0890 4448 wdmaud - ok
13:35:49.0906 4448 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:35:49.0921 4448 WebClient - ok
13:35:50.0000 4448 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:35:50.0015 4448 winmgmt - ok
13:35:50.0062 4448 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
13:35:50.0062 4448 WinVNC4 - ok
13:35:50.0093 4448 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
13:35:50.0093 4448 WmdmPmSN - ok
13:35:50.0156 4448 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:35:50.0156 4448 Wmi - ok
13:35:50.0171 4448 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:35:50.0171 4448 WmiApSrv - ok
13:35:50.0281 4448 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:35:50.0296 4448 WMPNetworkSvc - ok
13:35:50.0312 4448 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:35:50.0328 4448 wscsvc - ok
13:35:50.0375 4448 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:35:50.0375 4448 WSTCODEC - ok
13:35:50.0375 4448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:35:50.0390 4448 WudfPf - ok
13:35:50.0390 4448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:35:50.0390 4448 WudfRd - ok
13:35:50.0390 4448 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:35:50.0421 4448 WudfSvc - ok
13:35:50.0453 4448 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:35:50.0468 4448 WZCSVC - ok
13:35:50.0500 4448 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:35:50.0515 4448 xmlprov - ok
13:35:50.0562 4448 ZD1211U(WLAN) (7597e0c770bd8ce1beb552b0a756bdb7) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
13:35:50.0562 4448 ZD1211U(WLAN) - ok
13:35:50.0578 4448 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS
13:35:50.0578 4448 ZDBRGSYS - ok
13:35:50.0593 4448 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
13:35:50.0593 4448 ZDPNDIS5 - ok
13:35:50.0609 4448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:35:50.0953 4448 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:35:50.0953 4448 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:35:50.0953 4448 Boot (0x1200) (a239b2d0b42108888cad8e80b7cbc49a) \Device\Harddisk0\DR0\Partition0
13:35:50.0984 4448 \Device\Harddisk0\DR0\Partition0 - ok
13:35:50.0984 4448 ============================================================
13:35:50.0984 4448 Scan finished
13:35:50.0984 4448 ============================================================
13:35:50.0984 5876 Detected object count: 1
13:35:50.0984 5876 Actual detected object count: 1
13:36:03.0406 5876 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:36:03.0406 5876 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:36:03.0421 5876 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:36:03.0421 5876 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:36:03.0421 5876 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:36:03.0437 5876 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:36:03.0437 5876 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:36:03.0500 5876 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:36:03.0500 5876 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:36:03.0500 5876 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:36:03.0500 5876 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:36:03.0515 5876 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:36:03.0515 5876 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:36:03.0515 5876 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:36:03.0515 5876 \Device\Harddisk0\DR0\TDLFS - deleted
13:36:03.0515 5876 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 22nd, 2012, 1:43 pm

Hi

Thanks.

ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How to disable your security applications
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 22nd, 2012, 3:14 pm

Here is the ComboFix logs. There was a power outage during my first run, so I had to restart the process. During the first run, the program detected an infected system file and had to restart and run a deeper scan. The second time I ran it, it did not require a restart.

ComboFix 12-07-21.01 - mike 07/22/2012 14:56:48.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2814 [GMT -4:00]
Running from: c:\documents and settings\mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP\65F321A9.TMP
c:\documents and settings\mike\Desktop\Setup.exe
.
-- Previous Run --
.
c:\windows\system32\drivers\ntfs.sys . . . is infected!!
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 17:20 . 2012-07-22 17:22 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\Google
2012-07-22 16:37 . 2012-07-22 17:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 16:20 . 2012-07-21 16:20 -------- d-----w- c:\windows\Hewlett-Packard
2012-07-21 16:12 . 2012-07-21 16:12 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\HP
2012-07-21 00:58 . 2012-07-21 00:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2012-07-19 22:48 . 2012-07-19 22:48 -------- d-----w- c:\documents and settings\mike\Application Data\Motive
2012-07-19 22:47 . 2012-07-19 22:47 -------- d-----w- c:\program files\ATT-SST
2012-07-19 22:45 . 2012-07-19 22:47 -------- d-----w- c:\program files\Common Files\Motive
2012-07-19 22:44 . 2012-07-19 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2012-07-16 05:04 . 2012-07-16 05:04 -------- d--h--w- c:\windows\PIF
2012-07-13 14:19 . 2012-07-13 14:19 -------- d-----w- c:\program files\Common Files\Skype
2012-07-07 05:13 . 2012-07-07 05:13 -------- d-----w- c:\documents and settings\mike\Application Data\DDMSettings
2012-07-05 06:19 . 2012-07-05 06:19 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\visi_coupon
2012-07-05 06:11 . 2012-07-07 06:22 -------- d-----w- c:\documents and settings\mike\Application Data\Yahoo!
2012-07-05 06:10 . 2012-07-16 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-07-05 06:07 . 2012-07-16 03:40 -------- d-----w- c:\program files\Yahoo!
2012-07-04 15:01 . 2012-07-04 15:01 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\Logitech® Webcam Software
2012-07-04 14:56 . 2012-07-04 14:56 -------- d-----w- c:\documents and settings\mike\Application Data\Leadertech
2012-07-04 14:56 . 2012-07-04 14:56 53248 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-04 14:55 . 2012-07-04 14:55 -------- d-----w- c:\program files\Common Files\LWS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 23:07 . 2012-05-16 04:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 23:07 . 2011-05-24 04:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-06-14 05:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 19:19 . 2009-05-15 06:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-05-15 06:55 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-14 12:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-05-15 06:55 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-05-30 20:34 . 2010-03-14 22:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-30 20:34 . 2010-03-14 22:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-16 06:05 . 2011-12-04 10:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-30 296056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 1939968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DisplayKEY eSYNC Info.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DisplayKEY eSYNC Info.lnk
backup=c:\windows\pss\DisplayKEY eSYNC Info.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IEEE 802.11g USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\IEEE 802.11g USB Wireless LAN Utility.lnk
backup=c:\windows\pss\IEEE 802.11g USB Wireless LAN Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPointII.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mike^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\mike\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mike^Start Menu^Programs^Startup^setup_9.0.0.722_11.05.2011_11-43.lnk]
path=c:\documents and settings\mike\Start Menu\Programs\Startup\setup_9.0.0.722_11.05.2011_11-43.lnk
backup=c:\windows\pss\setup_9.0.0.722_11.05.2011_11-43.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
2007-05-22 09:04 521128 ----a-w- c:\program files\Ray Adams\ATI Tray Tools\atitray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 18:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 08:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-07 04:22 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-07-02 21:51 3905408 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Pitney Bowes\\PBship\\PBSHIP.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\StarCraft\\StarCraft.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.380\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.381\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.404\\Agent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.440\\Agent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Might & Magic Heroes VI\\Might & Magic Heroes VI.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\magicka\\Magicka.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WC3TCP
"6112:UDP"= 6112:UDP:WC3UDP
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"5900:TCP"= 5900:TCP:vnc
"5900:UDP"= 5900:UDP:vnc 5900
.
R0 13958082;13958082 Boot Guard Driver;c:\windows\system32\drivers\13958082.sys [5/12/2011 8:34 AM 37392]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 7:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 7:03 PM 31952]
R1 13958081;13958081;c:\windows\system32\drivers\13958081.sys [5/12/2011 8:34 AM 128016]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [5/22/2007 5:04 AM 18088]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 9:41 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 3:59 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 setup_9.0.0.722_11.05.2011_11-43drv;setup_9.0.0.722_11.05.2011_11-43drv;c:\windows\system32\drivers\1395808.sys [5/12/2011 8:34 AM 315408]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [8/28/2009 7:56 PM 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [8/28/2009 7:55 PM 41424]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 1:54 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 7:53 AM 193288]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/30/2009 4:56 AM 10384]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [7/19/2012 6:45 PM 361472]
R2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [7/19/2012 6:47 PM 342016]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe [1/18/2012 2:44 AM 450848]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 4:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 4:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 4:32 PM 17232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/28/2009 7:56 PM 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [8/5/2009 7:20 PM 99472]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [6/13/2012 3:47 AM 5161080]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/16/2012 12:28 AM 250056]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/16/2009 1:58 AM 25832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 1:55 AM 113120]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]
S3 silabenm;GE Supra DisplayKey USB Cradle Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [3/10/2011 2:22 PM 24584]
S3 silabser;GE Supra DisplayKey USB Cradle Driver;c:\windows\system32\drivers\silabser.sys [3/10/2011 2:22 PM 69256]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [5/23/2009 4:16 AM 247296]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [5/23/2009 4:16 AM 19200]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/22/2009 9:35 AM 642560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 23:07]
.
2012-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1390067357-299502267-1003Core.job
- c:\documents and settings\mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-22 17:20]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1390067357-299502267-1003UA.job
- c:\documents and settings\mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-22 17:20]
.
2012-07-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
2012-07-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1390067357-299502267-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
2012-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1390067357-299502267-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-05-01 01:21]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
AddRemove-Stamps.com - c:\documents and settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD}\stamps.exe
AddRemove-Stamps.com support for Microsoft Word 2000-2007 - c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-07-22 15:09:11
ComboFix-quarantined-files.txt 2012-07-22 19:09
.
Pre-Run: 372,718,833,664 bytes free
Post-Run: 372,673,298,432 bytes free
.
- - End Of File - - FF06F2245CF993083BBDB1C8F39D9941
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 22nd, 2012, 3:23 pm

Hi

SystemLook

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    ntfs.*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Google Redirect Virus + Ads playing in background

Unread postby MikeLin007 » July 22nd, 2012, 3:32 pm

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:31 on 22/07/2012 by mike
Administrator - Elevation successful

========== filefind ==========

Searching for "ntfs.*"
C:\cmdcons\NTFS.SYS --a---- 574592 bytes [03:15 04/08/2004] [03:15 04/08/2004] B78BE402C3F63DD55521F73876951CDD
C:\WINDOWS\ERDNT\cache\ntfs.sys --a---- 574976 bytes [19:08 22/07/2012] [07:45 14/04/2008] 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\drivers\ntfs.sys --a---- 574976 bytes [07:45 14/04/2008] [07:45 14/04/2008] 78A08DD6A8D65E697C18E1DB01C5CDCA

-= EOF =-
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Google Redirect Virus + Ads playing in background

Unread postby melboy » July 22nd, 2012, 5:01 pm

Hi

That looks like a false positive. There's a VirusTotal report here for that file. The file checks out ok.

https://www.virustotal.com/file/e0e6f3e ... /analysis/


TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.


  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Click the Run ESET Online scanner button
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 280 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware