Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
"Hello Dave."
The current symptoms that remain are that malwarebytes and dr.web terminate when they are used to scan while not in safe mode, and afterwards will not open without reinstallation.
After running the programs below, windows defender no longer identifies sirefef.b however it still repeatedly detects sirefef.o and still cannot fix it.
I have run all of these programs repeatedly in both safe mode and in the normal startup mode.
rkill,
tdsskiller,
antizeroaccess,
malwarebytes,
drweb (free and full)
stopzilla,
I have also run defogger in the normal startup mode.
Below I will go through the results of each program as I remember. Once again, before running the programs, windows defender detected sirefef.b and sirefef.o. Now it detects sirefef.o only.
Rkill has not logged anything similar to the other programs when run.
Tdsskiller used to find malicious software, then it found two things that it was comfortable skipping, and now tdsskiller finds one suspicous object that it recommends skipping. It is mcdbus and is located at c:\Windows\system32\DRIVERS\mcdbus.sys.
In safe mode, antizeroaccess found many threats but was unable to fix them because it said that the driver was not loaded. In the normal boot mode, antizeroaccess was able to load the driver and fix many problems. Now when antizeroaccess is run it does not detect any problems but "errors occur." I don't know what these errors are, or why they occur. The only reason that I can think of that may be a cause of these errors is because I had scratched my hard drive to the extent that the computer would always freeze at the user selection screen. A friend helped me to confine the data so that it was not read. I'm very unsure of how exactly he fixed that issue, or if it's the reason antizeroaccess is reporting errors.
I was able to uninstall malwarebytes (which I did because of the aforementioned issue, which also happened to avg - my original antivirus) reinstall malwarebytes in safemode, and malwarebytes successfully scanned in safe mode. Malwarebytes quarantined three obscure items that I don't believe had anything to do with the virus (because they have been on my computer for months, whereas the sirefef virus instantly took effect a few days ago when I downloaded a keygen - of course for a program which I had full rights to but lost the key for).
Dr.Web free identified malicious software and suggested that I should get a free trial of dr.web to do a full scan. I downloaded and installed the dr.web full free trial in safemode, however at the last second it abruptly uninstalled at the end of the installation. In normal boot mode (apologies if there's a clearer term for this mode), Dr.Web full installed properly and began its immediate automatic scan. I don't know if this is supposed to be a quick scan but I don't think so. The scan took less than a minute, scanned twenty items, and didn't find anything. I clicked on full scan and it failed, similarly to malwarebytes. Now when I open dr.web and scan, it instantly fails.
Stopzilla setup, which I renamed as instructed to iexplorer.exe, downloaded the update and stopped every time it was opened in safe mode. In the normal boot mode, stopzilla downloaded its update and began to install but randomly stopped and told me to restart. I restarted and it opened again and resumed before again stopping and telling me to restart.
At this point, the symptoms of redirecting websites, fraudulently requesting that I allow windows firewall to unblock some feature of nearly every program I open, having to manually close and restart explorer.exe every time I boot up, and the virus randomly restarting my computer are probably entirely gone.
One last potentially interesting piece of information is that I spotted the virus on the task manager at one point although I could not end it or open its location. It appeared as 4244293154:371150571.exe (I may have missed a character when writing this down. Windows defender has a 1 inserted as the 4th character from the end.) This shows up under the details of the windows defender's analysis of Sirefef.O and is located at C:\Windows\4244293154:3711501571.exe
Any consideration or suggestions would be greatly appreciated.
Thanks,
-Dave
In creating the gmer file, the program closed when I clicked on scan, similarly to the antivirus/antimalware programs. Now when I click on the application it cannot be opened and the message is exactly the same when I click on an installed malwarebytes. It reads: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." This message appears even when the program is run as an administrator.
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by sean at 5:58:14 on 2011-11-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2002.756 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\4244293154:3711501571.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DrWeb\dwservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\sean\Downloads\tdsskiller.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
uWinlogon: Shell=c:\users\sean\appdata\local\22c6fafc\X
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [PMCallCenter] "c:\program files\prettymay call center for skype\PMCallCenter.exe"
uRun: [Facebook Update] "c:\users\sean\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe
mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [<NO NAME>]
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [331BigDog] c:\windows\VM331_STI.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\sean\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - c:\users\sean\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\sean\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5D11C7BC-648F-4176-A7AA-6A29DBEA07EE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5D11C7BC-648F-4176-A7AA-6A29DBEA07EE}\34F4D402055726C6963602143636563737 : DhcpNameServer = 10.16.200.23 10.16.200.49
TCP: Interfaces\{5D11C7BC-648F-4176-A7AA-6A29DBEA07EE}\54E45425749584146554E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5D11C7BC-648F-4176-A7AA-6A29DBEA07EE}\E4568747B65697 : DhcpNameServer = 199.88.85.7
TCP: Interfaces\{82888EF3-3CCA-4B0B-A18A-008D00FB375A} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sean\appdata\roaming\mozilla\firefox\profiles\sbnlq9v5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?.src=ym&.intl=us
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sean\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 373e7582-7809-4941-8ac3-7d8d83ddc675
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\atservice.exe [2011-11-1 1172728]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-1 366152]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2011-4-15 65536]
R2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\csr\bluetooth feature pack 5.0\VFPRadioSupportService.exe [2009-8-20 111488]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [2003-6-20 11392]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2010-2-15 5632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-1 22216]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-2-5 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-3-12 41560]
R3 vm331avs;VC0334 USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [2010-2-15 972032]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
R4 DrWebAVService;Dr.Web Control Service;c:\program files\drweb\dwservice.exe --loglevel=inf --logfile="c:\programdata\doctor web\logs\dwservice.log" --> c:\program files\drweb\dwservice.exe --loglevel=inf --logfile=c:\programdata\doctor web\logs\dwservice.log [?]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-1 41272]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]
S1 puqgaxmk;puqgaxmk;c:\windows\system32\drivers\puqgaxmk.sys [2011-11-1 41680]
S1 sipstrho;sipstrho;c:\windows\system32\drivers\sipstrho.sys [2011-11-1 41680]
S1 ysckhvof;ysckhvof;c:\windows\system32\drivers\ysckhvof.sys [2011-11-1 41680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-9-8 94880]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 372736]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\drivers\HPMo4DE3.sys [2011-6-24 20992]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\drivers\HPub4DE3.sys [2011-6-24 13824]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-24 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-24 52224]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-2 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown ogxjeknd;ogxjeknd; [x]
SUnknown rtjmdqqy;rtjmdqqy; [x]
.
=============== Created Last 30 ================
.
2011-11-01 11:50:50 41680 ----a-w- c:\windows\system32\drivers\ysckhvof.sys
2011-11-01 11:50:50 41680 ----a-w- c:\windows\system32\drivers\sipstrho.sys
2011-11-01 11:47:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-01 11:46:29 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f28a70e0-0e94-4dd7-a910-51b592b4571b}\offreg.dll
2011-11-01 11:32:17 -------- d-----w- c:\users\sean\Doctor Web
2011-11-01 11:29:01 -------- d-----w- c:\program files\common files\Doctor Web
2011-11-01 11:28:26 -------- d-----w- c:\program files\DrWeb
2011-11-01 11:23:44 41680 ----a-w- c:\windows\system32\drivers\puqgaxmk.sys
2011-11-01 11:22:02 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f28a70e0-0e94-4dd7-a910-51b592b4571b}\mpengine.dll
2011-11-01 10:38:31 -------- d-----w- c:\programdata\STOPzilla!
2011-11-01 10:38:31 -------- d-----w- c:\program files\STOPzilla!
2011-11-01 10:38:31 -------- d-----w- c:\program files\common files\iS3
2011-11-01 10:35:33 -------- d-----w- c:\programdata\Doctor Web
2011-11-01 10:18:42 17328 ----a-w- c:\windows\system32\agrsmsvc.exe
2011-11-01 10:12:29 -------- d-----w- c:\users\sean\appdata\local\Downloaded Installations
2011-11-01 09:53:48 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-01 09:49:37 -------- d-----w- c:\users\sean\DoctorWeb
2011-11-01 09:33:17 48016 --sha-w- c:\windows\system32\c_29354.nl_
2011-11-01 09:33:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-01 09:21:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-01 09:15:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-01 06:59:39 -------- d-----w- c:\users\sean\appdata\roaming\Malwarebytes
2011-11-01 06:59:30 -------- d-----w- c:\programdata\Malwarebytes
2011-10-29 01:17:36 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-10-29 01:17:36 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-10-29 01:17:36 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-10-29 01:17:36 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-10-29 01:17:36 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-10-29 01:17:34 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-10-29 01:17:34 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-10-29 01:17:34 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-10-29 01:17:34 456144 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-10-29 01:17:34 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-10-29 01:17:34 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-10-29 01:17:34 103888 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-10-27 10:03:28 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-27 09:12:35 227328 ----a-w- c:\users\sean\taskmgr.exe
2011-10-27 09:12:34 -------- d-sh--w- c:\users\sean\appdata\local\22c6fafc
2011-10-27 08:57:30 -------- d-----w- c:\programdata\Video Strip Poker Supreme
.
==================== Find3M ====================
.
2011-11-01 11:17:12 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2011-11-01 10:18:42 36352 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-11-01 10:15:09 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-10-09 06:09:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 19:21:00 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2011-09-26 19:21:00 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2011-09-07 03:40:44 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-25 02:31:03 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-08-17 00:48:30 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2011-03-30 01:04:54 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 6:02:17.50 ===============
This post has been edited by guitarsavvy: 01 November 2011 - 08:17 AM
Back to top
