Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got it, and its kicking my butt


  • This topic is locked This topic is locked
17 replies to this topic

#1 Chadsanderson

Chadsanderson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 02 June 2010 - 09:01 PM

I was infected with antispyware software and was able to get that removed. I was unable to remove some kind of malware that has infected IE. It redirects and opens windows constantly. I have ran malwarebytes and spybot with no succes. It has effected all web brousers and speed has slowed to a crawl. I would appreciate any advice you can give.

Thanks

dds produced about ten pages of this, I'm just posting a small sample, I assume the first line is a clue.

 !L!This program cannot be run in DOS mode.

$ PE L +I  2 n Z   @     0  f          .code     PEC2FO .rsrc    $R Pd5 d% 3PECompact2 VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF (C&{;yU2)[)g*uŊ0ʫ䜁M呎s
PKڟ}Cb{/p=_IѶ_' ֐`VSJYgĹ|_KwD ;6ИoOGS̷c7KgB-6Xfv-pĝ]PmUu ;&ƲoY-00
+=C<%#ɚxu C1y4jST)<H]nwPmq*?>?244 i)mK᪆+:@C
N>t-dDS[.^ݏ|@ِtP\R-TqLAu\hcD4fi]6nl
o@AFGo*=ܔ|Hϗ~'VR
`m۟IͬK1Ux>ARC)^M.!5 ?S& vjulB礪`2vb'
J:%Æ5,
h23g/C\.2wiL%g𞁇ji]f˓@U?@.H0߽$UwGBݜԣb]jڞe
)l Lz?j,Bћw`UE[ԃPFW'
Ӛ𜤊h2QNY2ע:ڏ"5_:fyfƈɘ2V" Gx ys{[ "}g+Zqp=sA
0 Nİ"fC0:m4g3 %۹ά͢
<WqW0Y],AlBw$
]agH(aIyց>(D P5Z{qR9*.r)791;rT5X{ ; 1
಴X̠0fTq{ 00|-_
۾%h;s?8PVz^Po?&%fKx_IPzPHi@l0Y!)ߵl=*M3| kY6m&鼦 qO͖hCܾ1=K1
T 5BIk>yI~v +:`
60-npvpT^ }}LJqScs!
FcZ4qkh/g↎5i/>!J$^`S$(]4*\Vɶq9DK3v:32XEղB7Žbk.K{ ɱ滝v8]e




ark.txt:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-27 16:32:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chad\LOCALS~1\Temp\pxtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xBAC94814]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1460] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[3112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[3112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[3112] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[3112] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[3112] ole32.dll!CoCreateInstance 7750057E 3 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[3112] ole32.dll!CoCreateInstance + 4 77500582 1 Byte [89]
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3520] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A59AD01


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 02 June 2010 - 09:57 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.
If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

download this one

http://download.bleepingcomputer.com/sUBs/dds.com and give me the reports

if I am not mistaken you have autocad on this computer?

Gringo

Edited by gringo_pr, 02 June 2010 - 09:58 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Chadsanderson

Chadsanderson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 03 June 2010 - 09:26 AM

yes I do have autocad on this computer, used very rarely though.
And Thank you for your help


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chad at 8:16:23.18 on Thu 06/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.852 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EssentialFax\essfaxcontrol.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Chad\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chad\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [cdloader] "c:\documents and settings\chad\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [TVTunerLib] c:\program files\common files\sony shared\tvtunerlib\TVTLInstTool.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [MFPMonitor] c:\windows\twain_32\dell\mfp1125\monitor\Stsmon.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Essential Fax Print Controller] "c:\program files\essentialfax\essfaxcontrol.exe"
mRun: [HP Lamp] "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2006\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.0.67 HP000D9D12F5C4

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-25 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-25 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-25 242896]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-7-14 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-29 308064]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [2009-4-12 7552]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-4-18 28672]
S2 gupdate1ca1000aa5b9fba;Google Update Service (gupdate1ca1000aa5b9fba);c:\program files\google\update\GoogleUpdate.exe [2009-7-28 133104]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2009-3-4 36080]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2009-1-19 163328]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-05-27 22:16:38 0 ----a-w- c:\documents and settings\chad\defogger_reenable
2010-05-23 05:14:22 165 ----a-w- c:\windows\system32\spupdsvc.inf
2010-05-21 17:47:10 0 d-----w- c:\docume~1\chad\applic~1\Malwarebytes
2010-05-21 17:46:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 17:46:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 17:46:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 17:46:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-15 06:11:31 0 d-----w- c:\program files\iPod
2010-05-12 03:19:22 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-05-12 02:14:06 0 d-----w- c:\program files\MagicISO
2010-05-07 19:26:58 0 d-----w- c:\program files\common files\supportsoft
2010-05-07 19:23:31 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-05-07 18:44:32 95 ----a-w- c:\windows\QBChanUtil_Trigger.ini
2010-05-07 18:44:31 0 d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10
2010-05-07 18:44:22 0 d-----w- c:\docume~1\alluse~1\applic~1\COMMON FILES

==================== Find3M ====================

2010-06-02 15:58:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-08 19:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 19:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-15 02:35:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 10:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-01-22 22:40:08 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012220090123\index.dat

============= FINISH: 8:18:54.10 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 03 June 2010 - 10:07 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Chadsanderson

Chadsanderson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 03 June 2010 - 11:08 PM

Hello,

1.
ComboFix 10-06-02.04 - Chad 06/03/2010 11:30:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1531 [GMT -6:00]
Running from: c:\documents and settings\Chad\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Chad\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Chad\Application Data\inst.exe
c:\windows\setup.exe
c:\windows\system32\bszip.dll
c:\windows\system32\Vb40032.dll

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 15:25 . 2010-02-26 23:516870864---ha-w-c:\documents and settings\Chad\Application Data\mjusbsp\in00000\setup.exe
2010-06-03 15:24 . 2010-02-26 23:45743872---ha-w-c:\documents and settings\Chad\Application Data\mjusbsp\ar00000\install.exe
2010-06-02 16:03 . 2010-06-02 16:0329512----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 16:03 . 2010-06-02 16:03242896----a-w-c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 15:54 . 2010-06-02 16:05113859047----a-w-c:\documents and settings\All Users\Application Data\Thermwood\eCabinet Systems\eCabUpdate.exe
2010-05-27 13:45 . 2010-05-27 13:45--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-05-25 16:31 . 2010-05-25 16:31503808----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28bc454f-n\msvcp71.dll
2010-05-25 16:31 . 2010-05-25 16:3161440----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d7730eb-n\decora-sse.dll
2010-05-25 16:31 . 2010-05-25 16:31499712----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28bc454f-n\jmc.dll
2010-05-25 16:31 . 2010-05-25 16:31348160----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28bc454f-n\msvcr71.dll
2010-05-25 16:31 . 2010-05-25 16:3112800----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d7730eb-n\decora-d3d.dll
2010-05-23 04:19 . 2010-05-23 04:19--------d-----w-c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-21 17:47 . 2010-05-21 17:47--------d-----w-c:\documents and settings\Chad\Application Data\Malwarebytes
2010-05-21 17:46 . 2010-04-29 21:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 17:46 . 2010-05-21 17:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-05-21 17:46 . 2010-05-21 17:46--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-21 17:46 . 2010-04-29 21:3920952----a-w-c:\windows\system32\drivers\mbam.sys
2010-05-21 17:11 . 2010-05-21 19:41--------d-----w-c:\documents and settings\Chad\Local Settings\Application Data\btlyptcti
2010-05-15 06:11 . 2010-05-15 06:11--------d-----w-c:\program files\iPod
2010-05-15 05:15 . 2010-05-15 05:1573000----a-w-c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-14 21:52 . 2010-05-27 05:23--------d-----w-c:\documents and settings\Chad\Local Settings\Application Data\Temp
2010-05-13 16:43 . 2010-05-13 16:43869664----a-w-c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2010-05-13 16:43 . 2010-05-13 16:43499712----a-w-c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2010-05-13 16:43 . 2010-05-13 16:43348160----a-w-c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2010-05-12 03:31 . 2010-05-12 03:31--------d-----w-c:\documents and settings\LocalService\Local Settings\Application Data\Intuit
2010-05-12 03:19 . 2010-05-12 03:19--------d-----w-c:\documents and settings\All Users\Application Data\ALM
2010-05-12 02:14 . 2010-05-12 02:14--------d-----w-c:\program files\MagicISO
2010-05-07 19:55 . 2010-05-07 19:55--------d-----w-c:\documents and settings\Chad\Local Settings\Application Data\Intuit_Inc
2010-05-07 19:32 . 2010-06-03 02:493243----a-w-c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-05-07 19:28 . 2010-05-07 19:28--------d-----w-c:\documents and settings\Chad\Local Settings\Application Data\Intuit
2010-05-07 19:26 . 2010-05-07 19:26--------d-----w-c:\program files\Common Files\supportsoft
2010-05-07 19:23 . 2009-01-20 20:333833856----a-w-c:\windows\system32\cdintf300.dll
2010-05-07 18:44 . 2010-05-07 19:30--------d-----w-c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2010-05-07 18:44 . 2010-05-07 18:44--------d-----w-c:\documents and settings\All Users\Application Data\COMMON FILES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 17:27 . 2010-03-16 20:28--------d-----w-c:\program files\Common Files\Akamai
2010-06-03 16:40 . 2009-11-30 00:21--------d-----w-c:\documents and settings\All Users\Application Data\avg9
2010-06-03 15:26 . 2010-04-13 02:34--------d-----w-c:\documents and settings\Chad\Application Data\mjusbsp
2010-05-27 15:29 . 2007-02-22 23:59--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 05:19 . 2007-02-22 23:59--------d-----w-c:\program files\Spybot - Search & Destroy
2010-05-26 01:42 . 2009-04-27 01:46--------d-----w-c:\program files\Magic Video Converter
2010-05-24 04:52 . 2005-07-15 01:19--------d-----w-c:\program files\Microsoft SQL Server
2010-05-18 20:21 . 2010-04-19 19:33--------d-----w-c:\documents and settings\All Users\Application Data\ScanSoft
2010-05-15 06:15 . 2010-04-27 19:35--------d-----w-c:\program files\iTunes
2010-05-15 06:11 . 2007-09-19 03:58--------d-----w-c:\program files\Common Files\Apple
2010-05-15 05:22 . 2010-04-27 19:19--------d-----w-c:\program files\Bonjour
2010-05-15 05:03 . 2005-07-15 01:01--------d-----w-c:\program files\Google
2010-05-12 03:31 . 2005-07-23 00:53--------d-----w-c:\documents and settings\All Users\Application Data\Intuit
2010-05-12 03:15 . 2005-07-15 01:00--------d-----w-c:\program files\Common Files\Adobe
2010-05-07 19:00 . 2005-07-23 00:54--------d-----w-c:\program files\Common Files\Intuit
2010-05-07 16:30 . 2010-04-13 17:240----a-w-c:\windows\brdfxspd.dat
2010-05-06 02:56 . 2005-07-15 19:51113832-c--a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-04 04:01 . 2010-05-04 04:01--------d-----w-c:\program files\Adobe Media Player
2010-05-04 03:55 . 2010-05-04 03:55--------d-----w-c:\program files\Common Files\Adobe AIR
2010-04-29 23:01 . 2010-04-29 23:0152963----a-w-c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-29 22:59 . 2010-04-29 22:5954073----a-w-c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-29 22:59 . 2009-04-27 03:49--------d-----w-c:\program files\Common Files\DivX Shared
2010-04-29 22:59 . 2010-04-29 22:5956969----a-w-c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-29 22:59 . 2010-04-29 22:57--------d-----w-c:\documents and settings\All Users\Application Data\DivX
2010-04-29 22:59 . 2009-04-27 03:49--------d-----w-c:\program files\DivX
2010-04-29 22:51 . 2010-04-29 22:51--------d-----w-c:\program files\Common Files\Blizzard Entertainment
2010-04-29 15:52 . 2010-04-29 15:52--------d-----w-c:\documents and settings\Chad\Application Data\PC-FAX TX
2010-04-27 19:38 . 2010-04-27 19:35--------d-----w-c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-27 19:29 . 2010-04-27 19:28--------d-----w-c:\program files\QuickTime
2010-04-27 19:11 . 2009-05-10 05:25--------d-----w-c:\program files\Safari
2010-04-27 19:02 . 2010-04-27 19:0279144----a-w-c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-26 21:30 . 2009-03-02 23:58--------d-----w-c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 19:47 . 2010-04-13 17:2665----a-w-c:\windows\system32\bd7340.dat
2010-04-19 19:39 . 2010-04-19 19:39--------d-----w-c:\documents and settings\Chad\Application Data\InstallShield
2010-04-19 19:37 . 2010-04-19 19:3710134----a-r-c:\documents and settings\Chad\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2010-04-19 19:37 . 2010-04-19 19:37--------d-----w-c:\program files\Nuance
2010-04-19 19:34 . 2010-04-19 19:33--------d-----w-c:\program files\Common Files\ScanSoft Shared
2010-04-19 19:33 . 2010-04-19 19:33--------d-----w-c:\program files\ScanSoft
2010-04-18 23:50 . 2010-04-18 23:50--------d-----w-c:\program files\LibUSB-Win32
2010-04-18 22:57 . 2009-04-10 15:30--------d-----w-c:\documents and settings\NetworkService\Application Data\Sony Corporation
2010-04-13 17:25 . 2010-04-13 17:24--------d-----w-c:\program files\Brother
2010-04-13 17:24 . 2005-07-14 23:08--------d--h--w-c:\program files\InstallShield Installation Information
2010-04-13 17:22 . 2010-04-13 17:22--------d-----w-c:\documents and settings\All Users\Application Data\Brother
2010-04-08 19:20 . 2010-04-08 19:2091424----a-w-c:\windows\system32\dnssd.dll
2010-04-08 19:20 . 2010-04-08 19:20107808----a-w-c:\windows\system32\dns-sd.exe
2010-04-08 03:09 . 2009-05-31 21:00664----a-w-c:\windows\system32\d3d9caps.dat
2010-04-05 16:33 . 2005-07-14 23:56--------d-----w-c:\program files\Common Files\Java
2010-04-05 16:33 . 2010-04-05 16:33503808----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7edcab63-n\msvcp71.dll
2010-04-05 16:33 . 2010-04-05 16:33499712----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7edcab63-n\jmc.dll
2010-04-05 16:33 . 2010-04-05 16:33348160----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7edcab63-n\msvcr71.dll
2010-04-05 16:33 . 2010-04-05 16:3361440----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37a429c4-n\decora-sse.dll
2010-04-05 16:33 . 2010-04-05 16:3312800----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37a429c4-n\decora-d3d.dll
2010-04-05 16:33 . 2005-07-14 23:56--------d-----w-c:\program files\Java
2010-03-30 04:03 . 2009-11-22 04:3479488----a-w-c:\documents and settings\Chad\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2005-07-14 22:29420352----a-w-c:\windows\system32\vbscript.dll
2010-03-09 10:28 . 2009-02-15 22:42411368----a-w-c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-08 68856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"cdloader"="c:\documents and settings\Chad\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"TVTunerLib"="c:\program files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-17 245760]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 29696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"MFPMonitor"="c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-04-24 2002944]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Essential Fax Print Controller"="c:\program files\EssentialFax\essfaxcontrol.exe" [2009-01-12 94208]
"HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:4273728----a-w-c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Chad\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/14/2005 4:29 PM 14336]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [4/12/2009 6:17 PM 7552]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [4/18/2010 5:50 PM 28672]
S2 gupdate1ca1000aa5b9fba;Google Update Service (gupdate1ca1000aa5b9fba);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 9:57 PM 133104]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [3/4/2009 6:06 PM 36080]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [1/19/2009 10:30 PM 163328]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-18 03:54]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 03:57]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 03:57]

2005-10-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-07-14 00:12]

2005-10-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-07-14 00:12]

2005-10-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-07-14 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 11:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5AAD01]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba6f3852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xba5ffbb0
PacketIndicateHandler -> NDIS.sys @ 0xba5eea0d
SendHandler -> NDIS.sys @ 0xba602b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-03 11:59:36
ComboFix-quarantined-files.txt 2010-06-03 17:59

Pre-Run: 11,416,166,400 bytes free
Post-Run: 13,328,453,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /PAE

- - End Of File - - 4A177D80F89F06201E8E7F54BE777775

2. Every thing ran fine.


3.Seams a little better, but still get redirected and new window popups. Right now as I type it takes about a half second for each letter to apear. Every time I attempt to post this I get a warning about cross scripting. Well I take all back, I had send this from another computer. Can't bring up the website any more.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 03 June 2010 - 11:15 PM

Hello

Now I need you to do this and let me have the log

TDSSKiller:
  • Please Download TDSSKiller.zip and save it on your desktop.
  • extract (unzip) its contents to your Desktop.
  • double-click the TDSSKiller Folder on your desktop.
  • right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below.
CODE
"%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
  • a log file should be created on your C: drive named something like TDSSKiller 2.1.1 Dec 20 2009 02:40:02
  • To find the log click Start then Computer then Vista ( C:).
  • Please post the contents of that log in your next reply

let me know how the computer is doing

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Chadsanderson

Chadsanderson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 03 June 2010 - 11:42 PM

22:32:58:062 2852 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
22:32:58:062 2852 ================================================================================
22:32:58:062 2852 SystemInfo:

22:32:58:062 2852 OS Version: 5.1.2600 ServicePack: 3.0
22:32:58:062 2852 Product type: Workstation
22:32:58:062 2852 ComputerName: SONY
22:32:58:062 2852 UserName: Chad
22:32:58:062 2852 Windows directory: C:\WINDOWS
22:32:58:062 2852 Processor architecture: Intel x86
22:32:58:062 2852 Number of processors: 1
22:32:58:078 2852 Page size: 0x1000
22:32:58:078 2852 Boot type: Normal boot
22:32:58:078 2852 ================================================================================
22:32:58:468 2852 Initialize success
22:32:58:468 2852
22:32:58:468 2852 Scanning Services ...
22:32:59:218 2852 Raw services enum returned 415 services
22:32:59:218 2852
22:32:59:218 2852 Scanning Drivers ...
22:33:00:765 2852 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
22:33:00:843 2852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:00:875 2852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:33:00:937 2852 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
22:33:00:984 2852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:33:01:062 2852 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:33:01:171 2852 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:33:01:265 2852 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:33:01:328 2852 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:33:01:406 2852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:01:484 2852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:33:01:562 2852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:01:703 2852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:01:734 2852 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
22:33:01:765 2852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:33:01:828 2852 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
22:33:01:859 2852 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:33:01:890 2852 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:33:02:359 2852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:02:453 2852 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:33:02:546 2852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:02:609 2852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:02:703 2852 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:02:750 2852 CH341SER (0d5c83f8dac15cbe0765d1247d2c8f17) C:\WINDOWS\system32\Drivers\CH341SER.SYS
22:33:02:843 2852 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:33:02:875 2852 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:33:03:031 2852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:03:109 2852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:33:03:156 2852 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
22:33:03:250 2852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:33:03:328 2852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:33:03:359 2852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:33:03:421 2852 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:33:03:453 2852 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:33:03:484 2852 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
22:33:03:515 2852 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:33:03:562 2852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:03:687 2852 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:33:03:718 2852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:03:765 2852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:33:03:843 2852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:33:03:859 2852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:33:03:921 2852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:33:03:937 2852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:03:968 2852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:04:093 2852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:33:04:156 2852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:04:218 2852 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
22:33:04:296 2852 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:33:04:312 2852 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:33:04:406 2852 hpusbfd (fea040582be5db58a8fafe3948736526) C:\WINDOWS\system32\DRIVERS\hpusbfd.sys
22:33:04:437 2852 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:33:04:468 2852 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:33:04:593 2852 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:33:04:640 2852 HSFHWAZL (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:33:04:765 2852 HSF_DPV (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:33:04:968 2852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:05:062 2852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:05:203 2852 ialm (c8b13676374ae2418b653b10d2edda0e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:33:05:265 2852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:05:703 2852 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:33:05:921 2852 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:33:05:937 2852 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:33:06:000 2852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:33:06:046 2852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:06:078 2852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:06:125 2852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:06:203 2852 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:06:296 2852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:06:343 2852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:06:375 2852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:06:406 2852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:06:468 2852 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
22:33:06:578 2852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:33:06:875 2852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:06:906 2852 L8042Kbd (032b0247cabf54094ca7819d14e8036d) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
22:33:07:000 2852 LEX_AS_NIC_SERVICE_YNOS (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
22:33:07:093 2852 LHidKe (5fbb5a009889c7374e4b6b3aecabce35) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
22:33:07:406 2852 LHidUsbK (a80261665e8b3ab3167a4593099f73c8) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
22:33:07:453 2852 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\WINDOWS\system32\drivers\libusb0.sys
22:33:07:562 2852 LMouKE (98e6dc123f52780a6b03cf9747cb1fc7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
22:33:07:890 2852 LUsbKbd (4f8a248a8ee1d0add8bae9196a284fea) C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
22:33:08:046 2852 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
22:33:08:156 2852 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:33:08:218 2852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:08:343 2852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:33:08:640 2852 Mouclass (180223faaa8ce1ed702692f49e0b3e8e) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:08:640 2852 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: 180223faaa8ce1ed702692f49e0b3e8e, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
22:33:08:640 2852 File "C:\WINDOWS\system32\DRIVERS\mouclass.sys" infected by TDSS rootkit ... 22:33:12:609 2852 Backup copy found, using it..
22:33:12:609 2852 will be cured on next reboot
22:33:12:781 2852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:33:12:859 2852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:12:953 2852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:13:046 2852 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:33:13:078 2852 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
22:33:13:125 2852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:33:13:218 2852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:33:13:265 2852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:33:13:328 2852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:33:13:390 2852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:33:13:437 2852 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:33:13:468 2852 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:33:13:531 2852 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:33:13:578 2852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:33:13:718 2852 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:33:13:734 2852 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:33:13:796 2852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:33:13:828 2852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:33:13:859 2852 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:33:13:906 2852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:33:13:953 2852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:33:14:015 2852 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:33:14:125 2852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:33:14:234 2852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:33:14:312 2852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:33:14:625 2852 nv (0a71bc580c55dc6fec466d8533569e66) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:33:14:968 2852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:33:15:000 2852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:33:15:078 2852 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:33:15:140 2852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:33:15:218 2852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:33:15:281 2852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:33:15:328 2852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:33:15:359 2852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:33:15:406 2852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

never prompted for reboot,
computer is still the same

Edited by Chadsanderson, 03 June 2010 - 11:50 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 03 June 2010 - 11:52 PM

did the computer reboot?

and that is not the complete file can you resend it to me?

let me look for a replacement file

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
CODE
:filefind
mouclass.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Chadsanderson

Chadsanderson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 04 June 2010 - 12:21 AM

It never rebooted, or prompted to reboot.

I rebooted and it seams allot better, haven't had any pop ups or redirects yet.

I have attatched the TDSSkiller file that was located on the c: drive.

I pasted below the TDSS text file that was located on the desktop:

22:37:03:750 5336 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
22:37:03:750 5336 ================================================================================
22:37:03:750 5336 SystemInfo:

22:37:03:750 5336 OS Version: 5.1.2600 ServicePack: 3.0
22:37:03:750 5336 Product type: Workstation
22:37:03:750 5336 ComputerName: SONY
22:37:03:750 5336 UserName: Chad
22:37:03:750 5336 Windows directory: C:\WINDOWS
22:37:03:750 5336 Processor architecture: Intel x86
22:37:03:750 5336 Number of processors: 1
22:37:03:750 5336 Page size: 0x1000
22:37:03:750 5336 Boot type: Normal boot
22:37:03:750 5336 ================================================================================
22:37:03:828 5336 Initialize success
22:37:03:828 5336
22:37:03:828 5336 Scanning Services ...
22:37:04:562 5336 Raw services enum returned 415 services
22:37:04:578 5336
22:37:04:593 5336 Scanning Drivers ...
22:37:05:828 5336 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
22:37:05:921 5336 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:37:05:953 5336 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:37:06:015 5336 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
22:37:06:062 5336 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:37:06:109 5336 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:37:06:187 5336 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:37:06:375 5336 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:37:06:437 5336 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:37:06:500 5336 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:37:06:593 5336 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:37:06:640 5336 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:37:06:703 5336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:37:06:796 5336 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
22:37:06:859 5336 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:37:06:921 5336 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
22:37:06:937 5336 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:37:06:968 5336 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:37:07:359 5336 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:37:07:421 5336 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:37:07:562 5336 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:37:07:593 5336 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:37:07:656 5336 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:37:07:703 5336 CH341SER (0d5c83f8dac15cbe0765d1247d2c8f17) C:\WINDOWS\system32\Drivers\CH341SER.SYS
22:37:07:812 5336 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:37:07:843 5336 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:37:07:906 5336 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:37:08:015 5336 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:37:08:046 5336 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
22:37:08:093 5336 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:37:08:218 5336 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:37:08:250 5336 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:37:08:328 5336 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:37:08:390 5336 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:37:08:406 5336 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
22:37:08:437 5336 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:37:08:500 5336 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:37:08:578 5336 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:37:08:671 5336 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:37:08:687 5336 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:37:08:718 5336 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:37:08:750 5336 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:37:08:828 5336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:37:08:859 5336 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:37:08:906 5336 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:37:08:968 5336 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:37:09:046 5336 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:37:09:093 5336 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
22:37:09:171 5336 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:37:09:187 5336 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:37:09:265 5336 hpusbfd (fea040582be5db58a8fafe3948736526) C:\WINDOWS\system32\DRIVERS\hpusbfd.sys
22:37:09:328 5336 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:37:09:406 5336 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:37:09:421 5336 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:37:09:578 5336 HSFHWAZL (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:37:09:671 5336 HSF_DPV (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:37:09:781 5336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:37:09:859 5336 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:37:10:031 5336 ialm (c8b13676374ae2418b653b10d2edda0e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:37:10:078 5336 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:37:10:343 5336 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:37:10:531 5336 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:37:10:593 5336 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:37:10:656 5336 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:37:10:703 5336 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:37:10:734 5336 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:37:10:781 5336 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:37:10:812 5336 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:37:10:953 5336 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:37:11:000 5336 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:37:11:015 5336 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:37:11:031 5336 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:37:11:093 5336 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
22:37:11:156 5336 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:37:11:218 5336 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:37:11:359 5336 L8042Kbd (032b0247cabf54094ca7819d14e8036d) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
22:37:11:468 5336 LEX_AS_NIC_SERVICE_YNOS (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
22:37:11:500 5336 LHidKe (5fbb5a009889c7374e4b6b3aecabce35) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
22:37:11:515 5336 LHidUsbK (a80261665e8b3ab3167a4593099f73c8) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
22:37:11:562 5336 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\WINDOWS\system32\drivers\libusb0.sys
22:37:11:593 5336 LMouKE (98e6dc123f52780a6b03cf9747cb1fc7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
22:37:11:625 5336 LUsbKbd (4f8a248a8ee1d0add8bae9196a284fea) C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
22:37:11:703 5336 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
22:37:11:812 5336 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:37:11:875 5336 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:37:11:921 5336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:37:11:984 5336 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\drivers\tsk8C.tmp
22:37:11:984 5336 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk8C.tmp. md5: 35c9e97194c8cfb8430125f8dbc34d04
22:37:12:031 5336 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:37:12:093 5336 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:37:12:140 5336 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:37:12:312 5336 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:37:12:359 5336 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
22:37:12:406 5336 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:37:12:437 5336 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:37:12:500 5336 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:37:12:531 5336 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:37:12:578 5336 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:37:12:671 5336 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:37:12:718 5336 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:37:12:781 5336 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:37:12:828 5336 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:37:12:859 5336 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:37:12:906 5336 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:37:12:937 5336 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:37:12:984 5336 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:37:13:015 5336 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:37:13:125 5336 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:37:13:171 5336 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:37:13:218 5336 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:37:13:265 5336 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:37:13:375 5336 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:37:13:500 5336 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:37:13:812 5336 nv (0a71bc580c55dc6fec466d8533569e66) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:37:14:015 5336 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:37:14:031 5336 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:37:14:078 5336 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:37:14:125 5336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:37:14:187 5336 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:37:14:218 5336 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:37:14:265 5336 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:37:14:296 5336 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:37:14:343 5336 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:37:14:531 5336 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:37:14:671 5336 PID_0920 (a937c4e37c0c1003ce5fca1e5e103fdc) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
22:37:14:734 5336 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:37:14:765 5336 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:37:14:828 5336 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:37:14:890 5336 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:37:15:078 5336 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:37:15:093 5336 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:37:15:125 5336 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:37:15:171 5336 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:37:15:203 5336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:37:15:234 5336 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:37:15:312 5336 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:37:15:375 5336 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:37:15:562 5336 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:37:15:625 5336 s24trans (208491a652c79871737edfe629de2c45) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:37:15:671 5336 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:37:15:734 5336 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
22:37:15:796 5336 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:37:15:828 5336 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:37:15:890 5336 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:37:16:046 5336 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
22:37:16:125 5336 Sntnlusb (8d4a96868ae13c3cf8425b383b59d802) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
22:37:16:187 5336 SONYTVC (b20ae555d3db76037dc8d9a8dfbe4149) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys
22:37:16:265 5336 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:37:16:328 5336 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:37:16:453 5336 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
22:37:16:609 5336 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:37:16:656 5336 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:37:16:687 5336 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:37:16:718 5336 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:37:16:843 5336 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:37:16:921 5336 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:37:17:031 5336 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:37:17:046 5336 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:37:17:093 5336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:37:17:156 5336 tifmsony (bd9b64b745b7ee6c45b70f93703864a2) C:\WINDOWS\system32\drivers\tifmsony.sys
22:37:17:250 5336 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:37:17:375 5336 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:37:17:500 5336 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:37:17:562 5336 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:37:17:593 5336 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:37:17:625 5336 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:37:17:671 5336 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:37:17:718 5336 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:37:17:750 5336 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:37:17:843 5336 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
22:37:17:953 5336 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:37:17:984 5336 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:37:18:031 5336 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:37:18:093 5336 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:37:18:171 5336 vsbus (3995d1e95f3c621467da4bce868cdc90) C:\WINDOWS\system32\DRIVERS\vsb.sys
22:37:18:218 5336 vserial (3feb02f2eebaa3f099e279c258ef786e) C:\WINDOWS\system32\DRIVERS\vserial.sys
22:37:18:484 5336 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:37:18:718 5336 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:37:18:750 5336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:37:18:859 5336 winachsf (ab7646d4cb9bb83d29d21ef7e00a0d15) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:37:18:906 5336 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:37:18:968 5336 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:37:19:109 5336 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:37:19:109 5336
22:37:19:109 5336 Completed
22:37:19:109 5336
22:37:19:109 5336 Results:
22:37:19:109 5336 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:37:19:109 5336 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:37:19:109 5336
22:37:19:125 5336 KLMD(ARK) unloaded successfully


Here is the look text file:



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:08 on 03/06/2010 by Chad (Administrator - Elevation successful)

========== filefind ==========

Searching for "mouclass.sys"
C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys -----c 23040 bytes [20:12 22/01/2009] [05:58 04/08/2004] 34E1F0031153E491910E12551400192C
C:\WINDOWS\ServicePackFiles\i386\mouclass.sys -----c 23040 bytes [18:39 13/04/2008] [18:39 13/04/2008] 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\system32\drivers\mouclass.sys --a--- 23040 bytes [22:58 03/08/2004] [18:39 13/04/2008] 180223FAAA8CE1ED702692F49E0B3E8E
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\mouclass.sys --a--c 23040 bytes [05:59 26/10/2005] [04:58 04/08/2004] 34E1F0031153E491910E12551400192C
C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386\mouclass.sys --a--c 23040 bytes [00:46 26/11/2005] [04:58 04/08/2004] 34E1F0031153E491910E12551400192C

-=End Of File=



Chad



Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 04 June 2010 - 02:17 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
DDS::
Internet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Chadsanderson

Chadsanderson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 04 June 2010 - 05:20 PM

ComboFix 10-06-03.01 - Chad 06/04/2010 8:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1372 [GMT -6:00]
Running from: c:\documents and settings\Chad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chad\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-04 05:11 . 2010-06-04 05:11 6486 ----a-w- C:\TDSSKiller.2.3.2.0_03.06.2010_22.32.58_log.zip
2010-06-03 15:25 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Chad\Application Data\mjusbsp\in00000\setup.exe
2010-06-03 15:24 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Chad\Application Data\mjusbsp\ar00000\install.exe
2010-06-02 16:03 . 2010-06-02 16:03 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 16:03 . 2010-06-02 16:03 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 15:54 . 2010-06-02 16:05 113859047 ----a-w- c:\documents and settings\All Users\Application Data\Thermwood\eCabinet Systems\eCabUpdate.exe
2010-05-27 13:45 . 2010-05-27 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-05-25 16:31 . 2010-05-25 16:31 503808 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28bc454f-n\msvcp71.dll
2010-05-25 16:31 . 2010-05-25 16:31 61440 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d7730eb-n\decora-sse.dll
2010-05-25 16:31 . 2010-05-25 16:31 499712 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28bc454f-n\jmc.dll
2010-05-25 16:31 . 2010-05-25 16:31 348160 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-28bc454f-n\msvcr71.dll
2010-05-25 16:31 . 2010-05-25 16:31 12800 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7d7730eb-n\decora-d3d.dll
2010-05-23 04:19 . 2010-05-23 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-21 17:47 . 2010-05-21 17:47 -------- d-----w- c:\documents and settings\Chad\Application Data\Malwarebytes
2010-05-21 17:46 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 17:46 . 2010-05-21 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 17:46 . 2010-05-21 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-21 17:46 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 17:11 . 2010-05-21 19:41 -------- d-----w- c:\documents and settings\Chad\Local Settings\Application Data\btlyptcti
2010-05-15 06:11 . 2010-05-15 06:11 -------- d-----w- c:\program files\iPod
2010-05-15 05:15 . 2010-05-15 05:15 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-14 21:52 . 2010-05-27 05:23 -------- d-----w- c:\documents and settings\Chad\Local Settings\Application Data\Temp
2010-05-13 16:43 . 2010-05-13 16:43 869664 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2010-05-13 16:43 . 2010-05-13 16:43 499712 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll
2010-05-13 16:43 . 2010-05-13 16:43 348160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll
2010-05-12 03:31 . 2010-05-12 03:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Intuit
2010-05-12 03:19 . 2010-05-12 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2010-05-12 02:14 . 2010-05-12 02:14 -------- d-----w- c:\program files\MagicISO
2010-05-07 19:55 . 2010-05-07 19:55 -------- d-----w- c:\documents and settings\Chad\Local Settings\Application Data\Intuit_Inc
2010-05-07 19:32 . 2010-06-03 02:49 3243 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-05-07 19:28 . 2010-05-07 19:28 -------- d-----w- c:\documents and settings\Chad\Local Settings\Application Data\Intuit
2010-05-07 19:26 . 2010-05-07 19:26 -------- d-----w- c:\program files\Common Files\supportsoft
2010-05-07 19:23 . 2009-01-20 20:33 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-05-07 18:44 . 2010-05-07 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2010-05-07 18:44 . 2010-05-07 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\COMMON FILES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 14:50 . 2010-03-16 20:28 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-04 04:33 . 2010-06-04 04:33 23040 ----a-w- c:\windows\system32\drivers\tsk8C.tmp
2010-06-03 16:40 . 2009-11-30 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-03 15:26 . 2010-04-13 02:34 -------- d-----w- c:\documents and settings\Chad\Application Data\mjusbsp
2010-05-27 15:29 . 2007-02-22 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 05:19 . 2007-02-22 23:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-26 01:42 . 2009-04-27 01:46 -------- d-----w- c:\program files\Magic Video Converter
2010-05-24 04:52 . 2005-07-15 01:19 -------- d-----w- c:\program files\Microsoft SQL Server
2010-05-18 20:21 . 2010-04-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-05-15 06:15 . 2010-04-27 19:35 -------- d-----w- c:\program files\iTunes
2010-05-15 06:11 . 2007-09-19 03:58 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 05:22 . 2010-04-27 19:19 -------- d-----w- c:\program files\Bonjour
2010-05-15 05:03 . 2005-07-15 01:01 -------- d-----w- c:\program files\Google
2010-05-12 03:31 . 2005-07-23 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2010-05-12 03:15 . 2005-07-15 01:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 19:00 . 2005-07-23 00:54 -------- d-----w- c:\program files\Common Files\Intuit
2010-05-07 16:30 . 2010-04-13 17:24 0 ----a-w- c:\windows\brdfxspd.dat
2010-05-06 02:56 . 2005-07-15 19:51 113832 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-04 04:01 . 2010-05-04 04:01 -------- d-----w- c:\program files\Adobe Media Player
2010-05-04 03:55 . 2010-05-04 03:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-29 23:01 . 2010-04-29 23:01 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-29 22:59 . 2010-04-29 22:59 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-29 22:59 . 2009-04-27 03:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-29 22:59 . 2010-04-29 22:59 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-29 22:59 . 2010-04-29 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-29 22:59 . 2009-04-27 03:49 -------- d-----w- c:\program files\DivX
2010-04-29 22:51 . 2010-04-29 22:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-29 15:52 . 2010-04-29 15:52 -------- d-----w- c:\documents and settings\Chad\Application Data\PC-FAX TX
2010-04-27 19:38 . 2010-04-27 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-27 19:29 . 2010-04-27 19:28 -------- d-----w- c:\program files\QuickTime
2010-04-27 19:11 . 2009-05-10 05:25 -------- d-----w- c:\program files\Safari
2010-04-27 19:02 . 2010-04-27 19:02 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-26 21:30 . 2009-03-02 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-19 19:47 . 2010-04-13 17:26 65 ----a-w- c:\windows\system32\bd7340.dat
2010-04-19 19:39 . 2010-04-19 19:39 -------- d-----w- c:\documents and settings\Chad\Application Data\InstallShield
2010-04-19 19:37 . 2010-04-19 19:37 10134 ----a-r- c:\documents and settings\Chad\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2010-04-19 19:37 . 2010-04-19 19:37 -------- d-----w- c:\program files\Nuance
2010-04-19 19:34 . 2010-04-19 19:33 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-04-19 19:33 . 2010-04-19 19:33 -------- d-----w- c:\program files\ScanSoft
2010-04-18 23:50 . 2010-04-18 23:50 -------- d-----w- c:\program files\LibUSB-Win32
2010-04-18 22:57 . 2009-04-10 15:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Sony Corporation
2010-04-13 17:25 . 2010-04-13 17:24 -------- d-----w- c:\program files\Brother
2010-04-13 17:24 . 2005-07-14 23:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 17:22 . 2010-04-13 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2010-04-08 19:20 . 2010-04-08 19:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 19:20 . 2010-04-08 19:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 03:09 . 2009-05-31 21:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-05 16:33 . 2005-07-14 23:56 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 16:33 . 2010-04-05 16:33 503808 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7edcab63-n\msvcp71.dll
2010-04-05 16:33 . 2010-04-05 16:33 499712 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7edcab63-n\jmc.dll
2010-04-05 16:33 . 2010-04-05 16:33 348160 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7edcab63-n\msvcr71.dll
2010-04-05 16:33 . 2010-04-05 16:33 61440 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37a429c4-n\decora-sse.dll
2010-04-05 16:33 . 2010-04-05 16:33 12800 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37a429c4-n\decora-d3d.dll
2010-04-05 16:33 . 2005-07-14 23:56 -------- d-----w- c:\program files\Java
2010-03-30 04:03 . 2009-11-22 04:34 79488 ----a-w- c:\documents and settings\Chad\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2005-07-14 22:29 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 10:28 . 2009-02-15 22:42 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-03_17.50.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-04 04:53 . 2010-06-04 04:53 16384 c:\windows\Temp\Perflib_Perfdata_9a0.dat
+ 2010-06-04 04:53 . 2010-06-04 04:53 16384 c:\windows\Temp\Perflib_Perfdata_944.dat
+ 2010-06-04 04:53 . 2010-06-04 04:53 16384 c:\windows\Temp\Perflib_Perfdata_904.dat
+ 2010-06-04 04:53 . 2010-06-04 04:53 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-08 68856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"cdloader"="c:\documents and settings\Chad\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"TVTunerLib"="c:\program files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-17 245760]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 29696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"MFPMonitor"="c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-04-24 2002944]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Essential Fax Print Controller"="c:\program files\EssentialFax\essfaxcontrol.exe" [2009-01-12 94208]
"HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Nitro PDF\\PrimoPDF\\PrimoPDF.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Chad\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1802:TCP"= 1802:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/14/2005 4:29 PM 14336]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 1:00 AM 316992]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [4/12/2009 6:17 PM 7552]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [4/18/2010 5:50 PM 28672]
S2 gupdate1ca1000aa5b9fba;Google Update Service (gupdate1ca1000aa5b9fba);c:\program files\Google\Update\GoogleUpdate.exe [7/28/2009 9:57 PM 133104]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [3/4/2009 6:06 PM 36080]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [1/19/2009 10:30 PM 163328]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-18 03:54]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 03:57]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 03:57]

2005-10-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-07-14 00:12]

2005-10-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-07-14 00:12]

2005-10-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-07-14 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 08:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\drivers\tsk8C.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3504)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-06-04 08:54:07
ComboFix-quarantined-files.txt 2010-06-04 14:53
ComboFix2.txt 2010-06-03 17:59

Pre-Run: 13,387,124,736 bytes free
Post-Run: 13,351,718,912 bytes free

- - End Of File - - C997C6CA901CB0468DCA955C436291FD



Combofix asked to do and update and I selected yes, other then that everything ran fine. Computer seams to be running fine.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 04 June 2010 - 05:37 PM

Hello

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 9.3.1
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6


    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 07 June 2010 - 03:15 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Chadsanderson

Chadsanderson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 07 June 2010 - 10:43 AM

Gringo,

It took me a couple of days to get everything done on the last list. I was unable unistall adobe Reader 9, it says "the istallation source is unavailable for this product.". I did update it to the most current version and tried uninstalling again with the same result. After running the TFC my mouse and touchpad stopped working, the drivers were currupt and I unistalled the drivers and then did a reboot and the mouse works good now. Everything else was completed. Computer runs better than ever.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2010 5:35:04 PM
mbam-log-2010-06-06 (17-35-04).txt

Scan type: Quick scan
Objects scanned: 142557
Time elapsed: 11 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b00897e8a3f71e46ae1317fa5507154a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-07 07:01:17
# local_time=2010-06-07 01:01:17 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 16245322 16245322 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=248933
# found=8
# cleaned=0
# scan_time=25469
C:\Documents and Settings\Chad\My Documents\Incoming\Magic DVD Copier v4.7 + Key [App][www.zonatorrent.com].rar probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Chad\My Documents\Incoming\magic dvd copier\Magic DVD Copier v4.7 + Key [App][www.zonatorrent.com]\keygen.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Chad\My Documents\My Downloads\DriverUpdaterPro.exe probably a variant of Win32/Spy.Banker trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Chad\My Documents\My Downloads\jZipV1c.exe a variant of Win32/Adware.Toolbar.Shopper.AA application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mouclass.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{25BEE38A-9975-41A4-8855-150195B4BA83}\RP550\A0100553.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{25BEE38A-9975-41A4-8855-150195B4BA83}\RP554\A0102412.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{25BEE38A-9975-41A4-8855-150195B4BA83}\RP554\A0102423.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I




Thanks
chad





#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 07 June 2010 - 12:41 PM

Greetings

Eset found some things that we need to remove, Run this batch file and it will be done

delete files
  • Copy all text in the quote box (below)...to Notepad.
    QUOTE
    @echo off
    del /f /s /q "C:\Documents and Settings\Chad\My Documents\Incoming\Magic DVD Copier v4.7 + Key [App][www.zonatorrent.com].rar"
    del /f /s /q "C:\Documents and Settings\Chad\My Documents\Incoming\magic dvd copier\Magic DVD Copier v4.7 + Key [App][www.zonatorrent.com]\keygen.exe"
    del /f /s /q "C:\Documents and Settings\Chad\My Documents\My Downloads\DriverUpdaterPro.exe"
    del /f /s /q "C:\Documents and Settings\Chad\My Documents\My Downloads\jZipV1c.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

    It should look like this: <--vista
    It should look like this: <--XP
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Very well done!! This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.

The Online scan is now only reporting backups created during the course of this fix, and items located in C:\System Volume Information\, which is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache shortly.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users