Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Internet Pop-Ups Need Help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 BMW Ownage

BMW Ownage

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 February 2011 - 07:02 PM

Hello to everyone here at the bleeping computer community, I am new and consider myself somewhat decent with computers...still learning...but I have had a bad run in somewhere with malware or something else that is malicious. I keep getting these internet pop ups of the false antivirus. It wants me to click ok so it can start downloading. When I saw this I went to the task manager and killed all internet explore applications running so they would not transfer. However, I guess something has still gotten through. I've tried running malware bytes and I am currently using avast and neither of the two detected any problems. And yes I have run these in safe mode when it will actually boot into safe mode. If anybody here could help me it would be much appreciated. Thank you.

BC AdBot (Login to Remove)

 


#2 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 February 2011 - 07:26 PM

Also if I happen to be in the wrong forum, sorry!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:07 PM

Posted 28 February 2011 - 07:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 February 2011 - 08:15 PM

Alright just got your advice and no I have not resolved the problem yet. I am working on downloading these things. Thanks

#5 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 February 2011 - 08:24 PM

Here is the first log as requested:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by BMW Ownage at 19:19:56.87 on Mon 02/28/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.3921 [GMT -6:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Droid Explorer\SDK\tools\adb.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
F:\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\BMW Ownage\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\BMW Ownage\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] F:\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-12 273488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-6-23 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-12 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-12 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-19 40384]
R2 DroidExplorerService;DroidExplorer Service;C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [2010-8-21 253440]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-16 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-23 7680512]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-3-12 84512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-12 291328]
S1 SASDIFSV;SASDIFSV;F:\SUPERAntiSpyware\sasdifsv.sys [2011-2-28 12872]
S1 SASKUTIL;SASKUTIL;F:\SUPERAntiSpyware\SASKUTIL.SYS [2011-2-28 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-1-11 36328]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-25 151040]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-19 5435904]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-1-11 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-1-11 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-1-11 159208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-10 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-02-28 23:29:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-28 23:29:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-28 23:00:52 -------- d-----w- C:\Users\BMWOWN~1\AppData\Roaming\SUPERAntiSpyware.com
2011-02-28 23:00:52 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-02-28 22:33:31 -------- d-----w- C:\Windows\pss
2011-02-26 18:33:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-26 18:33:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-26 18:33:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-26 18:33:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-26 18:33:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-26 18:33:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-26 18:33:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-25 22:26:31 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C9277EC2-9D49-4BBC-9143-83B7A6618EA0}\mpengine.dll
2011-02-23 23:47:10 -------- d-----r- C:\Program Files (x86)\Skype
2011-02-23 22:11:00 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-23 22:11:00 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-22 22:56:34 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-22 22:56:33 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-22 22:56:33 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-22 22:56:33 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-17 03:49:25 -------- d-----w- C:\Users\BMW Ownage\phishing stuff
2011-02-12 01:41:07 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eaf05fc91cbca551c\DSETUP.dll
2011-02-12 01:41:07 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eaf05fc91cbca551c\DXSETUP.exe
2011-02-12 01:41:07 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eaf05fc91cbca551c\dsetup32.dll
2011-02-12 01:41:00 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e51a4cf81cbca551a\DSETUP.dll
2011-02-12 01:41:00 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e51a4cf81cbca551a\DXSETUP.exe
2011-02-12 01:41:00 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e51a4cf81cbca551a\dsetup32.dll
2011-02-12 01:40:15 -------- d-----w- C:\Users\BMWOWN~1\AppData\Local\Windows Live
2011-02-11 02:32:25 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-10 21:46:53 -------- d-sh--w- C:\found.000
2011-02-10 20:53:37 -------- d-s---w- C:\brent
2011-02-10 18:33:37 -------- d-----w- C:\Users\BMWOWN~1\AppData\Roaming\Malwarebytes
2011-02-10 18:33:25 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-08 04:29:50 -------- d-----w- C:\Users\BMWOWN~1\AppData\Roaming\Xfire
2011-02-08 04:29:48 -------- d-----w- C:\PROGRA~3\Xfire
2011-02-08 04:29:47 -------- d-----w- C:\Program Files (x86)\Xfire
2011-01-30 20:57:00 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

==================== Find3M ====================

2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript(81).dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 19:20:35.86 ===============

#6 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 February 2011 - 08:29 PM

I am running 64bit version of windows 7, I am confused on the steps I should take to make the GMER log.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:07 PM

Posted 28 February 2011 - 10:49 PM

Hello,

No need to worry about Gmer. You cant run it on a 64bit machine. we will start the cleanup process now.

1.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

3.
Download Bootkit Remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose [/b]Select All[/b].
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

4.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Things to include in your next reply::
TDSSkiller log
Bootkit Remover log
MBRCheck log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 February 2011 - 11:25 PM

TDSS:

2011/02/28 22:16:43.0025 5436 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/28 22:16:43.0303 5436 ================================================================================
2011/02/28 22:16:43.0303 5436 SystemInfo:
2011/02/28 22:16:43.0303 5436
2011/02/28 22:16:43.0303 5436 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/28 22:16:43.0303 5436 Product type: Workstation
2011/02/28 22:16:43.0303 5436 ComputerName: BMWOWNAGE-PC
2011/02/28 22:16:43.0304 5436 UserName: BMW Ownage
2011/02/28 22:16:43.0304 5436 Windows directory: C:\Windows
2011/02/28 22:16:43.0304 5436 System windows directory: C:\Windows
2011/02/28 22:16:43.0304 5436 Running under WOW64
2011/02/28 22:16:43.0304 5436 Processor architecture: Intel x64
2011/02/28 22:16:43.0304 5436 Number of processors: 8
2011/02/28 22:16:43.0304 5436 Page size: 0x1000
2011/02/28 22:16:43.0304 5436 Boot type: Normal boot
2011/02/28 22:16:43.0304 5436 ================================================================================
2011/02/28 22:16:43.0636 5436 Initialize success
2011/02/28 22:16:50.0488 2576 ================================================================================
2011/02/28 22:16:50.0488 2576 Scan started
2011/02/28 22:16:50.0488 2576 Mode: Manual;
2011/02/28 22:16:50.0488 2576 ================================================================================
2011/02/28 22:16:50.0852 2576 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/28 22:16:50.0908 2576 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/02/28 22:16:50.0949 2576 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/28 22:16:50.0999 2576 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/28 22:16:51.0049 2576 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/28 22:16:51.0135 2576 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/28 22:16:51.0184 2576 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/28 22:16:51.0276 2576 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/28 22:16:51.0346 2576 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/02/28 22:16:51.0396 2576 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/28 22:16:51.0437 2576 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/28 22:16:51.0476 2576 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/28 22:16:51.0513 2576 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/28 22:16:51.0563 2576 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/28 22:16:51.0608 2576 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/28 22:16:51.0644 2576 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/28 22:16:51.0682 2576 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/28 22:16:51.0727 2576 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
2011/02/28 22:16:51.0784 2576 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/28 22:16:51.0844 2576 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/28 22:16:51.0875 2576 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/28 22:16:51.0920 2576 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/28 22:16:51.0955 2576 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/28 22:16:52.0004 2576 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
2011/02/28 22:16:52.0044 2576 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
2011/02/28 22:16:52.0069 2576 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
2011/02/28 22:16:52.0098 2576 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/28 22:16:52.0142 2576 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/28 22:16:52.0211 2576 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/28 22:16:52.0264 2576 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/28 22:16:52.0307 2576 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/28 22:16:52.0359 2576 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/28 22:16:52.0413 2576 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/28 22:16:52.0450 2576 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/28 22:16:52.0480 2576 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/28 22:16:52.0541 2576 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/28 22:16:52.0578 2576 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/28 22:16:52.0609 2576 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/28 22:16:52.0628 2576 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/28 22:16:52.0652 2576 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/28 22:16:52.0700 2576 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/28 22:16:52.0739 2576 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/28 22:16:52.0776 2576 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/28 22:16:52.0817 2576 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/28 22:16:52.0887 2576 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/28 22:16:52.0909 2576 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/28 22:16:52.0948 2576 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/28 22:16:53.0021 2576 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/28 22:16:53.0063 2576 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/28 22:16:53.0097 2576 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/28 22:16:53.0160 2576 DCamUSBEMPIA (b1c55a95006d621d04fe4a23f86c0a54) C:\Windows\system32\DRIVERS\emDevice64.sys
2011/02/28 22:16:53.0226 2576 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/28 22:16:53.0279 2576 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/28 22:16:53.0313 2576 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/28 22:16:53.0357 2576 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/28 22:16:53.0413 2576 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/28 22:16:53.0517 2576 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/28 22:16:53.0638 2576 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/28 22:16:53.0697 2576 emAudio (8543bb84cd5872cd1619183f5cbbe3f9) C:\Windows\system32\drivers\emAudio64.sys
2011/02/28 22:16:53.0729 2576 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
2011/02/28 22:16:53.0764 2576 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/28 22:16:53.0818 2576 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/28 22:16:53.0846 2576 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/28 22:16:53.0882 2576 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/28 22:16:53.0925 2576 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/28 22:16:53.0962 2576 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/28 22:16:54.0008 2576 FiltUSBEMPIA (73fbb50c4d92adc30a9d57a269489a0b) C:\Windows\system32\DRIVERS\emFilter64.sys
2011/02/28 22:16:54.0036 2576 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/28 22:16:54.0068 2576 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/28 22:16:54.0119 2576 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/28 22:16:54.0142 2576 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/28 22:16:54.0197 2576 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/28 22:16:54.0225 2576 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/28 22:16:54.0304 2576 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/28 22:16:54.0326 2576 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/28 22:16:54.0359 2576 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/28 22:16:54.0394 2576 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/28 22:16:54.0422 2576 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/28 22:16:54.0456 2576 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/28 22:16:54.0489 2576 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/28 22:16:54.0536 2576 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/28 22:16:54.0618 2576 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/02/28 22:16:54.0656 2576 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/02/28 22:16:54.0696 2576 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/28 22:16:54.0749 2576 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/28 22:16:54.0791 2576 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/28 22:16:54.0826 2576 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/28 22:16:54.0868 2576 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/28 22:16:54.0894 2576 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/28 22:16:55.0036 2576 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/02/28 22:16:55.0168 2576 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/28 22:16:55.0239 2576 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
2011/02/28 22:16:55.0272 2576 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/28 22:16:55.0304 2576 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/28 22:16:55.0338 2576 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/28 22:16:55.0372 2576 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/28 22:16:55.0398 2576 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/28 22:16:55.0459 2576 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/28 22:16:55.0479 2576 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/28 22:16:55.0510 2576 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/28 22:16:55.0535 2576 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
2011/02/28 22:16:55.0569 2576 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/28 22:16:55.0591 2576 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/28 22:16:55.0621 2576 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/28 22:16:55.0662 2576 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/28 22:16:55.0687 2576 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/28 22:16:55.0756 2576 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/28 22:16:55.0821 2576 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/28 22:16:55.0846 2576 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/28 22:16:55.0868 2576 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/28 22:16:55.0906 2576 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/28 22:16:55.0949 2576 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/28 22:16:56.0009 2576 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2011/02/28 22:16:56.0050 2576 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/28 22:16:56.0074 2576 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/28 22:16:56.0102 2576 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/28 22:16:56.0126 2576 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/28 22:16:56.0173 2576 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/28 22:16:56.0205 2576 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/28 22:16:56.0227 2576 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/28 22:16:56.0263 2576 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/28 22:16:56.0290 2576 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/28 22:16:56.0321 2576 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/28 22:16:56.0358 2576 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/28 22:16:56.0395 2576 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/28 22:16:56.0431 2576 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/28 22:16:56.0471 2576 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/28 22:16:56.0491 2576 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/28 22:16:56.0524 2576 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/28 22:16:56.0562 2576 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/28 22:16:56.0582 2576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/28 22:16:56.0641 2576 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/28 22:16:56.0677 2576 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/28 22:16:56.0698 2576 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/28 22:16:56.0728 2576 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/28 22:16:56.0762 2576 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/28 22:16:56.0789 2576 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/28 22:16:56.0819 2576 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/28 22:16:56.0859 2576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/28 22:16:56.0903 2576 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/28 22:16:56.0951 2576 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/28 22:16:57.0011 2576 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/28 22:16:57.0044 2576 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/28 22:16:57.0078 2576 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/28 22:16:57.0104 2576 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/28 22:16:57.0129 2576 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/28 22:16:57.0156 2576 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/28 22:16:57.0197 2576 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/28 22:16:57.0394 2576 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/02/28 22:16:57.0611 2576 netw5v64 (d68de412a3243f8d57ddb814aa509813) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/02/28 22:16:57.0736 2576 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/28 22:16:57.0766 2576 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/28 22:16:57.0810 2576 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/28 22:16:57.0870 2576 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/28 22:16:57.0935 2576 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/28 22:16:57.0976 2576 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/02/28 22:16:58.0212 2576 nvlddmkm (d1db65fdda7af4853ef0994bb111d778) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/28 22:16:58.0315 2576 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/28 22:16:58.0354 2576 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/28 22:16:58.0400 2576 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/28 22:16:58.0428 2576 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/28 22:16:58.0464 2576 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/28 22:16:58.0488 2576 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/28 22:16:58.0534 2576 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/28 22:16:58.0560 2576 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/28 22:16:58.0589 2576 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/28 22:16:58.0618 2576 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/28 22:16:58.0647 2576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/28 22:16:58.0754 2576 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/28 22:16:58.0788 2576 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/28 22:16:58.0832 2576 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/28 22:16:58.0893 2576 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/28 22:16:58.0940 2576 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/28 22:16:58.0965 2576 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/28 22:16:58.0990 2576 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/28 22:16:59.0035 2576 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/28 22:16:59.0068 2576 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/28 22:16:59.0105 2576 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/28 22:16:59.0143 2576 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/28 22:16:59.0176 2576 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/28 22:16:59.0214 2576 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/28 22:16:59.0241 2576 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/28 22:16:59.0265 2576 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/28 22:16:59.0289 2576 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/28 22:16:59.0316 2576 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/28 22:16:59.0353 2576 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/28 22:16:59.0431 2576 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/28 22:16:59.0467 2576 RTL8167 (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/28 22:16:59.0566 2576 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/28 22:16:59.0617 2576 ScanUSBEMPIA (eecbbf7d76300e5558d316983961ffc1) C:\Windows\system32\DRIVERS\emScan64.sys
2011/02/28 22:16:59.0645 2576 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/28 22:16:59.0682 2576 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/28 22:16:59.0711 2576 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/28 22:16:59.0755 2576 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/28 22:16:59.0789 2576 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/28 22:16:59.0834 2576 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/28 22:16:59.0877 2576 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/28 22:16:59.0898 2576 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/28 22:16:59.0916 2576 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/28 22:16:59.0944 2576 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/28 22:16:59.0978 2576 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/28 22:16:59.0999 2576 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/28 22:17:00.0033 2576 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/28 22:17:00.0067 2576 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/28 22:17:00.0131 2576 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/28 22:17:00.0169 2576 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/28 22:17:00.0217 2576 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/02/28 22:17:00.0266 2576 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/02/28 22:17:00.0319 2576 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/02/28 22:17:00.0361 2576 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/28 22:17:00.0412 2576 ssadbus (866f8212ef7e75bac8bca03331e30cb4) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/02/28 22:17:00.0439 2576 ssadmdfl (73e2ba39e7eb024dc686412e2e924a74) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/02/28 22:17:00.0466 2576 ssadmdm (74b032d6c1e36ae2f790752fde8ce055) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/02/28 22:17:00.0534 2576 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/28 22:17:00.0586 2576 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/02/28 22:17:00.0623 2576 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/28 22:17:00.0679 2576 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/28 22:17:00.0772 2576 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/28 22:17:00.0864 2576 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/28 22:17:00.0917 2576 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/28 22:17:00.0953 2576 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/28 22:17:00.0982 2576 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/28 22:17:01.0016 2576 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/28 22:17:01.0046 2576 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/28 22:17:01.0098 2576 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/28 22:17:01.0131 2576 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/28 22:17:01.0180 2576 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/28 22:17:01.0207 2576 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/28 22:17:01.0250 2576 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/28 22:17:01.0285 2576 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/28 22:17:01.0306 2576 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/28 22:17:01.0360 2576 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/28 22:17:01.0409 2576 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/28 22:17:01.0432 2576 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/28 22:17:01.0462 2576 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/28 22:17:01.0485 2576 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/28 22:17:01.0514 2576 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/28 22:17:01.0559 2576 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/28 22:17:01.0596 2576 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/28 22:17:01.0637 2576 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/28 22:17:01.0661 2576 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/28 22:17:01.0711 2576 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/02/28 22:17:01.0758 2576 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/28 22:17:01.0807 2576 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/28 22:17:01.0843 2576 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/28 22:17:01.0868 2576 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/28 22:17:01.0896 2576 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/28 22:17:01.0920 2576 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/28 22:17:01.0959 2576 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/28 22:17:01.0994 2576 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/28 22:17:02.0016 2576 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/28 22:17:02.0048 2576 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/28 22:17:02.0078 2576 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/28 22:17:02.0123 2576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/28 22:17:02.0158 2576 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 22:17:02.0180 2576 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/28 22:17:02.0251 2576 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/28 22:17:02.0281 2576 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/28 22:17:02.0358 2576 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/28 22:17:02.0376 2576 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/28 22:17:02.0459 2576 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/28 22:17:02.0514 2576 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/28 22:17:02.0567 2576 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/28 22:17:02.0612 2576 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/28 22:17:02.0646 2576 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/28 22:17:02.0695 2576 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/02/28 22:17:02.0754 2576 ================================================================================
2011/02/28 22:17:02.0754 2576 Scan finished
2011/02/28 22:17:02.0754 2576 ================================================================================
No infections found.

Bootkit Remover:

Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Boot sector MD5 is: 469873e5b2ad5bbbbf0fcedc730a2ba8

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

MBRCheck...could not get to produce a log, but here's what showed up:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000003c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`a8000000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6A3FF5442E8346D1955D4022826E5D539027978


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:07 PM

Posted 01 March 2011 - 12:00 AM

Hello,

Hello.
1.
Your log indicates you have an infected Master Boot Record (MBR). To learn more about this infection please refer to:
  • What is Whistler Bootkit
  • Bootkit: Example of infected master boot record
  • MBR Rootkit, A New Breed of Malware

    Rerun MBRCheck.exe again by double-clicking on it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option [2] (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter [0] (for PhysicalDrive0) and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below.

    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:

  • Please select your version of Windows from the list and enter the corresponding number (For example, type 0 or 1 for XP, type 3 for Vista, type 5 for Windows 7, etc) and then press Enter. Be careful...if the wrong OS is used, it will render the computer unbootable.
  • When prompted for confirmation: 'Do you want to fix the MBR code?'. Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key on your keyboard to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

    Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console (XP) or Recovery Environment (Vista, Windows 7) in case of any problems, or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:[list]
  • How to use the Recovery Console in XP
  • How to fix MBR in Windows XP and Vista
  • How to Burn a Vista Repair Disc if You Don’t Have One

2.
Download Bootkit Remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose Select All.
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.



Things to include in your next reply::
MBRCHECK.exe log
Bootkit Remover log
How is your machine running now?

Edited by fireman4it, 01 March 2011 - 12:03 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 01 March 2011 - 12:22 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000003c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`a8000000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6A3FF5442E8346D1955D4022826E5D539027978


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

Bootkit Remover:

Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Boot sector MD5 is: 469873e5b2ad5bbbbf0fcedc730a2ba8

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:07 PM

Posted 01 March 2011 - 02:59 PM

Hello,


We need to get a dump of your MBR for review. We will also run Combofix and see if it picks up anything.

1.
Re-Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
MBRcheck log
Dump.dat
Combofix.txt
How is your machine running now? Still getting popups and/or redirects?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 01 March 2011 - 05:37 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 243):
0x03213000 \SystemRoot\system32\ntoskrnl.exe
0x037F0000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C12000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C56000 \SystemRoot\system32\PSHED.dll
0x00C6A000 \SystemRoot\system32\CLFS.SYS
0x00CC8000 \SystemRoot\system32\CI.dll
0x00E71000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F15000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F24000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F84000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F8E000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FC1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E00000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E2A000 \SystemRoot\System32\drivers\partmgr.sys
0x00E3F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E48000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E54000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D88000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E69000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FD7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE7000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00FEE000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DE4000 \SystemRoot\System32\drivers\mountmgr.sys
0x01091000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010B7000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x010E0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01110000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01117000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012A4000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x0141B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01537000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01540000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0156A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01587000 \SystemRoot\system32\DRIVERS\storport.sys
0x015E9000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01400000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01200000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0111F000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x013C2000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x0127B000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x01175000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x015F4000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x011BC000 \SystemRoot\system32\DRIVERS\arc.sys
0x011D5000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01000000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x00C00000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x016F9000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01718000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0172B000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x0174A000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01756000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01600000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01610000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01837000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x0163B000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019DB000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01800000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01818000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0169A000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01AC0000 \SystemRoot\system32\drivers\fltmgr.sys
0x01B0C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01C47000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B20000 \SystemRoot\System32\Drivers\msrpc.sys
0x01C00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01B7E000 \SystemRoot\System32\Drivers\cng.sys
0x01C1A000 \SystemRoot\System32\drivers\pcw.sys
0x01C2B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E00000 \SystemRoot\system32\drivers\ndis.sys
0x01EF2000 \SystemRoot\system32\drivers\NETIO.SYS
0x01F52000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01F7D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01FC7000 \SystemRoot\system32\DRIVERS\wd.sys
0x01A00000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01FCF000 \SystemRoot\System32\Drivers\spldr.sys
0x01FD7000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01A4C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C35000 \SystemRoot\System32\Drivers\mup.sys
0x01FF4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01DEA000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01A86000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019E9000 \SystemRoot\system32\DRIVERS\disk.sys
0x03537000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03561000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x035E1000 \SystemRoot\System32\Drivers\Null.SYS
0x035EA000 \SystemRoot\System32\Drivers\Beep.SYS
0x035F1000 \SystemRoot\System32\drivers\vga.sys
0x016C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01822000 \SystemRoot\System32\drivers\watchdog.sys
0x01DF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x016E9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01299000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013F1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04867000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04878000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04896000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x048A3000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x048B3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x048F8000 \SystemRoot\system32\drivers\afd.sys
0x04982000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x0498C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04995000 \SystemRoot\system32\DRIVERS\pacer.sys
0x049BB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x049D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04800000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0481B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04A68000 \SystemRoot\System32\drivers\discache.sys
0x04A77000 \SystemRoot\System32\Drivers\dfsc.sys
0x04A95000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04AA6000 \SystemRoot\System32\Drivers\aswSP.SYS
0x04AF1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04B17000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x050BD000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05BE1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04C9A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D8E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04C00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04C36000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04C5A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05E38000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06598000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x065A5000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05056000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x05E00000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x04C6B000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x04DD4000 \SystemRoot\system32\DRIVERS\enecir.sys
0x05094000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05E27000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x065F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04B1C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05E33000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04DF1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05BE3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05BF0000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x050B2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04B8D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04BA3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04BB3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04BC9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04BED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0482F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x049E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0683E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0685F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x06879000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0687B000 \SystemRoot\system32\DRIVERS\ks.sys
0x068BE000 \SystemRoot\system32\DRIVERS\circlass.sys
0x068D0000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x06914000 \SystemRoot\system32\DRIVERS\umbus.sys
0x06926000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06980000 \SystemRoot\system32\drivers\nvhda64v.sys
0x06998000 \SystemRoot\system32\drivers\portcls.sys
0x069D5000 \SystemRoot\system32\drivers\drmk.sys
0x069F7000 \SystemRoot\system32\drivers\ksthunk.sys
0x08CF1000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x08E68000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x08F99000 \SystemRoot\system32\drivers\modem.sys
0x08FA8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x08FBD000 \SystemRoot\system32\DRIVERS\hidir.sys
0x08FCE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08FE7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x08FF0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x08E00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x08E0D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x08E1B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x08E2E000 \SystemRoot\System32\drivers\Dxapi.sys
0x08E3A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x08E48000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08D70000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x08D7E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x08DAC000 \SystemRoot\system32\drivers\luafv.sys
0x08C00000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x08C3A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x08C43000 \SystemRoot\system32\drivers\WudfPf.sys
0x08C64000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x08C79000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x08CCC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x08DCF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05C40000 \SystemRoot\system32\drivers\HTTP.sys
0x05D08000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05D26000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05D3E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05D6B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05DB9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09097000 \SystemRoot\system32\drivers\peauth.sys
0x0913D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09148000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09175000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09187000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09000000 \SystemRoot\System32\DRIVERS\srv.sys
0x0BC88000 \SystemRoot\system32\drivers\spsys.sys
0x77AE0000 \Windows\System32\ntdll.dll
0x47D50000 \Windows\System32\smss.exe
0xFFE00000 \Windows\System32\apisetschema.dll
0xFFBB0000 \Windows\System32\autochk.exe
0xFFC70000 \Windows\System32\urlmon.dll
0xFFC20000 \Windows\System32\ws2_32.dll
0x779C0000 \Windows\System32\kernel32.dll
0xFFC10000 \Windows\System32\lpk.dll
0xFFBA0000 \Windows\System32\gdi32.dll
0xFFB00000 \Windows\System32\clbcatq.dll
0xFFA20000 \Windows\System32\advapi32.dll
0xFEC90000 \Windows\System32\shell32.dll
0xFEBC0000 \Windows\System32\usp10.dll
0xFEB70000 \Windows\System32\Wldap32.dll
0x778C0000 \Windows\System32\user32.dll
0xFEB60000 \Windows\System32\nsi.dll
0xFEA30000 \Windows\System32\rpcrt4.dll
0xFE9B0000 \Windows\System32\shlwapi.dll
0xFE930000 \Windows\System32\difxapi.dll
0xFE890000 \Windows\System32\msvcrt.dll
0xFE6B0000 \Windows\System32\setupapi.dll
0xFE690000 \Windows\System32\imagehlp.dll
0xFE670000 \Windows\System32\sechost.dll
0xFE5D0000 \Windows\System32\comdlg32.dll
0xFE4C0000 \Windows\System32\msctf.dll
0xFE2B0000 \Windows\System32\ole32.dll
0xFE280000 \Windows\System32\imm32.dll
0xFE1A0000 \Windows\System32\oleaut32.dll
0x77CB0000 \Windows\System32\psapi.dll
0xFDF40000 \Windows\System32\iertutil.dll
0xFDE10000 \Windows\System32\wininet.dll
0x77CA0000 \Windows\System32\normaliz.dll
0xFDDD0000 \Windows\System32\wintrust.dll
0xFDD60000 \Windows\System32\KernelBase.dll
0xFDD20000 \Windows\System32\cfgmgr32.dll
0xFDC80000 \Windows\System32\comctl32.dll
0xFDC60000 \Windows\System32\devobj.dll
0xFDAF0000 \Windows\System32\crypt32.dll
0xFDAE0000 \Windows\System32\msasn1.dll

Processes (total 88):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
560 csrss.exe
636 C:\Windows\System32\wininit.exe
660 csrss.exe
708 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
824 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\winlogon.exe
948 C:\Windows\System32\nvvsvc.exe
988 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\svchost.exe
696 C:\Windows\System32\svchost.exe
664 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe
1104 C:\Windows\System32\audiodg.exe
1280 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\hpservice.exe
1440 C:\Windows\System32\nvvsvc.exe
1488 C:\Windows\System32\svchost.exe
1564 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1928 C:\Windows\System32\spoolsv.exe
1968 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
1324 C:\Program Files\LSI SoftModem\agr64svc.exe
2060 C:\Windows\SysWOW64\svchost.exe
2080 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2108 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2148 C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
2332 C:\Program Files\Droid Explorer\SDK\tools\adb.exe
2360 C:\Windows\System32\svchost.exe
2456 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2492 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2552 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2576 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2604 C:\Windows\System32\svchost.exe
2660 C:\Program Files (x86)\TightVNC\tvnserver.exe
2708 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2768 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3008 C:\Windows\System32\svchost.exe
3268 C:\Windows\System32\taskhost.exe
3356 C:\Windows\System32\dwm.exe
3384 C:\Windows\explorer.exe
3648 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3660 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3676 C:\Program Files\Java\jre6\bin\jusched.exe
3768 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3812 C:\Program Files\IDT\WDM\sttray64.exe
3896 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3952 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
1252 C:\Windows\System32\SearchIndexer.exe
3752 C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
3728 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1408 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
1156 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1164 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1412 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3948 C:\Program Files (x86)\TightVNC\tvnserver.exe
3872 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3236 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4360 C:\Program Files\Windows Media Player\wmpnetwk.exe
4388 C:\Program Files\iPod\bin\iPodService.exe
4576 C:\Windows\System32\svchost.exe
4844 WmiPrvSE.exe
3552 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4616 C:\Windows\System32\taskeng.exe
4212 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4208 C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
4196 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3520 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1584 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
5008 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5460 dllhost.exe
5436 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3380 C:\Windows\System32\sppsvc.exe
2468 C:\Windows\System32\svchost.exe
1360 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3984 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3036 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
1092 C:\Windows\servicing\TrustedInstaller.exe
3628 C:\Windows\System32\VSSVC.exe
540 C:\Windows\System32\svchost.exe
4748 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
4032 C:\Users\BMW Ownage\Desktop\MBRCheck.exe
3260 C:\Windows\System32\conhost.exe
2120 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`a8000000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0005HPM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6A3FF5442E8346D1955D4022826E5D539027978


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!



ComboFix 11-02-28.07 - BMW Ownage 03/01/2011 16:21:10.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4471 [GMT -6:00]
Running from: c:\users\BMW Ownage\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Public\videos\HP MediaSmart Demo.exe

.
((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 22:26 . 2011-03-01 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 22:26 . 2011-03-01 22:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-03-01 22:19 . 2011-03-01 22:20 -------- d-----w- C:\32788R22FWJFW
2011-03-01 22:12 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09E93B38-6211-47EA-9BD7-B096CAD6326D}\mpengine.dll
2011-03-01 22:05 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-28 23:29 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-28 23:29 . 2011-02-28 23:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-28 23:02 . 2011-02-28 23:02 -------- d-----w- c:\programdata\Lavasoft
2011-02-28 23:00 . 2011-02-28 23:00 -------- d-----w- c:\users\BMW Ownage\AppData\Roaming\SUPERAntiSpyware.com
2011-02-28 23:00 . 2011-02-28 23:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-26 18:33 . 2011-02-26 18:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-26 18:33 . 2011-02-26 18:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-26 18:33 . 2011-02-26 18:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-26 18:33 . 2011-02-26 18:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-26 18:33 . 2011-02-26 18:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-26 18:33 . 2011-02-26 18:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-26 18:33 . 2011-02-26 18:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-26 18:32 . 2011-02-26 18:33 -------- d-----w- c:\program files (x86)\QuickTime
2011-02-23 23:48 . 2011-02-23 23:48 -------- d-----w- c:\users\BMW Ownage\AppData\Roaming\skypePM
2011-02-23 23:47 . 2011-02-23 23:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-02-23 23:47 . 2011-02-24 00:58 -------- d-----w- c:\users\BMW Ownage\AppData\Roaming\Skype
2011-02-23 23:47 . 2011-02-23 23:47 -------- d-----r- c:\program files (x86)\Skype
2011-02-23 23:47 . 2011-02-23 23:47 -------- d-----w- c:\programdata\Skype
2011-02-23 22:11 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 22:11 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-22 22:56 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-22 22:56 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-22 22:56 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 22:56 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-17 22:19 . 2011-02-17 22:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-17 03:49 . 2011-02-17 04:03 -------- d-----w- c:\users\BMW Ownage\phishing stuff
2011-02-12 01:42 . 2011-02-12 01:42 -------- d-----w- c:\program files\Windows Live
2011-02-12 01:41 . 2011-02-12 01:41 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eaf05fc91cbca551c\DSETUP.dll
2011-02-12 01:41 . 2011-02-12 01:41 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eaf05fc91cbca551c\DXSETUP.exe
2011-02-12 01:41 . 2011-02-12 01:41 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eaf05fc91cbca551c\dsetup32.dll
2011-02-12 01:41 . 2011-02-12 01:41 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e51a4cf81cbca551a\DSETUP.dll
2011-02-12 01:41 . 2011-02-12 01:41 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e51a4cf81cbca551a\DXSETUP.exe
2011-02-12 01:41 . 2011-02-12 01:41 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e51a4cf81cbca551a\dsetup32.dll
2011-02-12 01:40 . 2011-03-01 22:09 -------- d-----w- c:\users\BMW Ownage\AppData\Local\Windows Live
2011-02-11 02:32 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 21:46 . 2011-02-10 21:46 -------- d-----w- C:\found.000
2011-02-10 20:53 . 2011-02-10 23:30 -------- d-----w- C:\brent
2011-02-10 18:33 . 2011-02-10 18:33 -------- d-----w- c:\users\BMW Ownage\AppData\Roaming\Malwarebytes
2011-02-10 18:33 . 2011-02-10 18:33 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 04:29 . 2011-03-01 05:13 -------- d-----w- c:\users\BMW Ownage\AppData\Roaming\Xfire
2011-02-08 04:29 . 2011-02-19 08:50 -------- d-----w- c:\programdata\Xfire
2011-02-08 04:29 . 2011-02-11 01:02 -------- d-----w- c:\program files (x86)\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-07-10 22:48 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-12 23:07 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-19 23:45 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-03-12 23:07 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-12 23:07 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-12 23:07 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-03-12 23:07 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-03-12 23:07 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-03 03:40 . 2010-04-21 23:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 23:11 . 2010-02-15 22:26 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-12 00:35 . 2011-01-12 00:35 1868288 ----a-r- c:\users\BMW Ownage\AppData\Roaming\Microsoft\Installer\{6056086A-9E66-4BA3-8AE2-AF5BA45D5EA5}\AppIcon.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
2011-02-23 15:04 814160 ----a-w- c:\program files\Alwil Software\Avast5\aswWebRepIE.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"= "c:\program files\Alwil Software\Avast5\aswWebRepIE.dll" [2011-02-23 814160]

[HKEY_CLASSES_ROOT\clsid\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]
[HKEY_CLASSES_ROOT\Avast.WrcBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}]
[HKEY_CLASSES_ROOT\Avast.WrcBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Google Update"="c:\users\BMW Ownage\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-11 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R1 SASDIFSV;SASDIFSV;f:\superantispyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;f:\superantispyware\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-10-26 151040]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-07-23 5435904]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 159208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-08-29 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-11 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-06-24 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2010-08-22 253440]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-06-24 7680512]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-03-12 84512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-12 291328]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431655087-2857071200-2982523902-1001Core.job
- c:\users\BMW Ownage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-11 23:42]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1431655087-2857071200-2982523902-1001UA.job
- c:\users\BMW Ownage\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-11 23:42]

2011-02-27 c:\windows\Tasks\HPCeeScheduleForBMW Ownage.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-24 487424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 16395880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-SUPERAntiSpyware - f:\superantispyware\SUPERAntiSpyware.exe
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-03-01 16:35:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-01 22:35
ComboFix2.txt 2011-02-10 20:48

Pre-Run: 375,364,853,760 bytes free
Post-Run: 375,896,723,456 bytes free

- - End Of File - - 4D901B81A0D8C6D5B83CD6B787853058

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:07 PM

Posted 01 March 2011 - 06:38 PM

Hello,

There should be something on your desktop named dump.dat I need for you to attach that in your next reply.
I also need to know how your machine is running. Your logs look good so I need to hear from you what is going on if any thing. Let go ahead and run a couple other scanners. It also looks like your Avast installation has become corrupt. I would uninstall the program and reinstall it.

1.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

3.
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Things to include in your next reply::
Dump.dat
MBAm log
Eset log
Drweb log
A new DDS log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 01 March 2011 - 07:33 PM

It never gave me the .dat file on my desktop.

#15 BMW Ownage

BMW Ownage
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 01 March 2011 - 07:35 PM

Also as to the malware pop ups and redirects, I would only experience them at random times and I won't be able to tell if its actually better for an amount of time I guess.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users