Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Bing searches redirecting and hidden IE instances opening


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mr_Wibble

Mr_Wibble

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 02 June 2011 - 03:29 PM

Hi, it seems I'm another occurrence of the search engine redirect and hidden IE instances infection, which started as follows. I'm running Windows 7 Pro 32bit version with SP1:

1) I started receiving warning messages about hard disk and memory failure in the system tray that were labelled as coming from Security Centre. At this point my start menu was empty and task manager was greyed out. I was able to use system restore to restore point from a couple of days ago and these messages stopped appearing.

2) After the system restore, whenever I click on a search engine result in IE or FF the page redirects to a blank page with a button labelled with a random site; I can get to the page I want to if I copy the link and paste it in the address bar.

3) Also since the restore, two hidden instances of iexplore.exe are listed in task manager every 10-15 minutes.

In addition to the system restore, I've run full scans with Malwarebyte's Anti-malware and Avast Free and both have detected nothing.

I've run through the prep guide, dds log below and dds and GMER logs attached.

.
DDS (Ver_2011-06-02.03) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Peter at 20:41:48 on 2011-06-02
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\regedit.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Peter\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
TCP: Interfaces\{D2376DFA-5885-4679-A8A8-F460A5331A0C} : DhcpNameServer = 87.194.255.154 87.194.255.155
TCP: Interfaces\{E30F2913-44CF-48D0-9540-A501D8CEC133} : DhcpNameServer = 87.194.255.154 87.194.255.155
TCP: Interfaces\{E30F2913-44CF-48D0-9540-A501D8CEC133}\4416471684F6C6564323 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FsUsbExDisk;FsUsbExDisk
R? FsUsbExService;FsUsbExService
R? PCANDIS4;PCANDIS4 Protocol Driver
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? cpuz132;cpuz132
S? lxdx_device;lxdx_device
S? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver
S? netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? SBSDWSCService;SBSD Security Center Service
S? WSDPrintDevice;WSD Print Support via UMB
.
=============== Created Last 30 ================
.
2011-06-02 17:17:36 -------- d-----w- c:\program files\Runtime Software
2011-06-02 17:16:19 1873239 ----a-w- c:\temp\dixmlsetup.exe
2011-05-30 09:18:31 -------- d-----w- c:\users\peter\appdata\local\{A84B2FBB-8C25-4DA2-A1F2-2133F1F3CF58}
2011-05-29 10:19:13 -------- d-----w- c:\users\peter\appdata\local\{E7032AD1-BDF1-48B8-B7A8-DD81A2C441DA}
2011-05-28 19:06:01 -------- d-----w- c:\program files\ESET
2011-05-28 18:59:29 75264 ----a-w- c:\temp\SystemLook.exe
2011-05-28 15:45:32 -------- d-----w- c:\users\peter\appdata\roaming\Malwarebytes
2011-05-28 15:45:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 15:45:16 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 15:45:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:06:59 7734240 ----a-w- c:\temp\mbam-setup.exe
2011-05-28 11:30:05 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-05-28 09:16:25 -------- d-----w- c:\program files\trend micro
2011-05-28 08:58:41 -------- d-----w- c:\users\peter\appdata\local\{7AB7F08C-DF24-4534-B5CC-395D9BC8AADF}
2011-05-27 22:30:37 13248968 ----a-w- c:\temp\windows-kb890830-v3.19.exe
2011-05-27 22:13:40 3096424 ----a-w- c:\temp\ccsetup307.exe
2011-05-27 20:43:45 -------- d-----w- c:\users\peter\appdata\local\{9BC01B4F-1535-4DA3-8C2A-A88310842ADA}
2011-05-27 19:02:44 388096 ----a-r- c:\users\peter\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-27 19:02:43 -------- d-----w- c:\program files\hijack this
2011-05-27 18:46:17 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7b76ddd7-1a4a-4b2b-a073-9f2c795f6df2}\mpengine.dll
2011-05-27 16:24:50 1029512 ----a-w- c:\temp\SkypeSetup.exe
2011-05-27 08:42:49 -------- d-----w- c:\users\peter\appdata\local\{F712BF2A-F14C-473F-A6A4-DEE60734B206}
2011-05-26 19:38:03 -------- d--h--w- c:\users\peter\appdata\local\{F56E7AAE-F8AB-4EC2-BA82-78D5C76AF79F}
2011-05-26 07:37:30 -------- d--h--w- c:\users\peter\appdata\local\{DA11395C-B529-41A1-A124-CA3202C1D34B}
2011-05-25 17:16:22 -------- d--h--w- c:\users\peter\appdata\local\{593C49AC-7D87-4ED2-B182-C67302AE2D97}
2011-05-24 17:26:37 -------- d--h--w- c:\users\peter\appdata\local\{23DAD91C-83DC-49F7-9F4D-7240A86A7A85}
2011-05-23 18:21:18 -------- d--h--w- c:\users\peter\appdata\local\{5C4C72C6-72FD-47C5-B332-4FA4A77094AC}
2011-05-22 20:22:09 138140676 ----a-w- c:\temp\UDKInstall-WavesRPS.exe
2011-05-22 10:22:19 -------- d--h--w- c:\users\peter\appdata\local\{D601130D-8DB0-4A3B-9EAD-776BC4A765F5}
2011-05-21 22:21:38 -------- d--h--w- c:\users\peter\appdata\local\{15E25329-69C4-465B-B38F-CEB26D4ACD92}
2011-05-21 10:21:13 -------- d--h--w- c:\users\peter\appdata\local\{42BFDC1D-7C5B-4011-87C4-B7EAC8CFEB8D}
2011-05-20 10:19:17 -------- d--h--w- c:\users\peter\appdata\local\{564C23D5-E57F-4F4D-BFEA-82EF73B109C7}
2011-05-19 15:17:58 -------- d-----w- c:\program files\Mumble
2011-05-19 08:34:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 08:33:04 -------- d--h--w- c:\users\peter\appdata\local\{EE1554DB-9639-4B56-B500-D2363C42D47D}
2011-05-18 17:56:44 -------- d--h--w- c:\users\peter\appdata\local\{CA287173-AA05-45D2-B896-D393571C7A1A}
2011-05-17 16:52:49 -------- d--h--w- c:\users\peter\appdata\local\{A7A46A0B-ACA6-4C7A-9006-CC051AC8947A}
2011-05-16 17:36:26 -------- d--h--w- c:\users\peter\appdata\local\{195048E4-171C-4AA4-9B27-D8F4CFC4688B}
2011-05-15 18:25:16 1409323648 ----a-w- c:\temp\setup_outcast.exe
2011-05-15 09:47:44 -------- d-----w- c:\programdata\Skype Extras
2011-05-15 09:43:34 -------- d--h--w- c:\users\peter\appdata\local\{F7485398-F1E4-4CE7-9816-7FD548F75547}
2011-05-14 20:30:28 -------- d--h--w- c:\users\peter\appdata\local\{A2DF3E5F-CE6C-44B3-961A-6BFBA0CC7DFA}
2011-05-14 19:20:37 -------- d-----w- c:\program files\common files\Steam
2011-05-14 19:20:30 -------- d-----w- c:\program files\Steam
2011-05-14 08:29:53 -------- d--h--w- c:\users\peter\appdata\local\{9C46A9C6-102A-4FF5-96C7-FF38A428B996}
2011-05-13 20:29:12 -------- d--h--w- c:\users\peter\appdata\local\{8C2EBF4C-4C93-43D5-9940-A56508458E1C}
2011-05-13 08:28:42 -------- d--h--w- c:\users\peter\appdata\local\{DDE6181B-F715-47F6-A234-36F8BEDCC7D3}
2011-05-12 17:21:30 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 17:21:29 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 17:21:26 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-12 17:11:48 -------- d--h--w- c:\users\peter\appdata\local\{C53D1E12-3594-4CDC-AED4-F3C57990829D}
2011-05-11 19:35:50 253336 ----a-w- c:\users\peter\appdata\roaming\microsoft\identitycrl\production\ppcrlui.dll
2011-05-11 19:35:48 14744 ----a-w- c:\users\peter\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-05-11 17:14:08 -------- d--h--w- c:\users\peter\appdata\local\{AFAD45AC-BB0A-4346-B285-AF98BD6D68FD}
2011-05-09 17:25:02 -------- d--h--w- c:\users\peter\appdata\local\{280DD031-2ED1-414E-B6E9-6AF1B91904B7}
2011-05-08 09:08:04 -------- d--h--w- c:\users\peter\appdata\local\{8DE7F0FA-EE82-4B48-9359-8111AE3CB065}
2011-05-07 21:07:26 -------- d--h--w- c:\users\peter\appdata\local\{D16A1320-86BC-43C4-8ABF-62A9937AE65A}
2011-05-07 09:06:45 -------- d--h--w- c:\users\peter\appdata\local\{5610C1EB-332B-4A18-80F5-9B816D1268E7}
2011-05-06 19:00:34 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-06 19:00:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-06 19:00:33 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-06 19:00:33 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-06 19:00:33 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-06 19:00:33 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-06 19:00:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-06 19:00:32 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-06 17:11:31 -------- d--h--w- c:\users\peter\appdata\local\{1303E26F-7FC3-4134-8C79-6F74B2AA0B9D}
2011-05-05 18:12:01 -------- d--h--w- c:\users\peter\appdata\local\{ADFD8E85-7FC6-46E6-9EED-0D1BDFB22B01}
2011-05-04 17:18:44 -------- d--h--w- c:\users\peter\appdata\local\{1859E11F-8A0D-442A-B1EC-E7F463A4B9FF}
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-09 17:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 17:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:39:05 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:39:00 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:39:00 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:39:00 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:38:51 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:38:37 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:38:37 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 20:45:00.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:46 AM

Posted 09 June 2011 - 08:25 PM

Hello Mr_Wibble and welcome to Bleeping Computer!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

#3 Mr_Wibble

Mr_Wibble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 10 June 2011 - 02:38 PM

I've run all three applications, logs below and attached.

So far I've not seen IE opening in the background and both browsers are no longer redirecting. Thank you for the assistance!


2011/06/10 19:57:00.0966 2788 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 19:57:01.0090 2788 ================================================================================
2011/06/10 19:57:01.0090 2788 SystemInfo:
2011/06/10 19:57:01.0090 2788
2011/06/10 19:57:01.0090 2788 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/10 19:57:01.0090 2788 Product type: Workstation
2011/06/10 19:57:01.0090 2788 ComputerName: ATHENA
2011/06/10 19:57:01.0090 2788 UserName: Peter
2011/06/10 19:57:01.0090 2788 Windows directory: C:\Windows
2011/06/10 19:57:01.0090 2788 System windows directory: C:\Windows
2011/06/10 19:57:01.0090 2788 Processor architecture: Intel x86
2011/06/10 19:57:01.0090 2788 Number of processors: 2
2011/06/10 19:57:01.0090 2788 Page size: 0x1000
2011/06/10 19:57:01.0090 2788 Boot type: Normal boot
2011/06/10 19:57:01.0090 2788 ================================================================================
2011/06/10 19:57:06.0051 2788 Initialize success
2011/06/10 19:57:31.0884 3840 ================================================================================
2011/06/10 19:57:31.0884 3840 Scan started
2011/06/10 19:57:31.0884 3840 Mode: Manual;
2011/06/10 19:57:31.0884 3840 ================================================================================
2011/06/10 19:57:39.0856 3840 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/06/10 19:57:40.0199 3840 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/06/10 19:57:40.0542 3840 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/06/10 19:57:40.0761 3840 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/10 19:57:41.0182 3840 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/10 19:57:41.0478 3840 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/10 19:57:41.0853 3840 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/06/10 19:57:42.0196 3840 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/06/10 19:57:42.0383 3840 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/10 19:57:42.0758 3840 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/06/10 19:57:42.0804 3840 amdagp (3c6600a0696e9\0a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/06/10 19:57:42.0914 3840 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/06/10 19:57:43.0257 3840 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/10 19:57:43.0335 3840 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/10 19:57:43.0475 3840 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/06/10 19:57:43.0896 3840 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/10 19:57:43.0943 3840 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/06/10 19:57:44.0411 3840 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/06/10 19:57:44.0879 3840 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/10 19:57:45.0456 3840 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/10 19:57:45.0971 3840 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/10 19:57:46.0470 3840 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/10 19:57:46.0798 3840 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/10 19:57:47.0360 3840 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/10 19:57:47.0828 3840 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/10 19:57:48.0545 3840 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/10 19:57:48.0888 3840 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/10 19:57:49.0169 3840 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/06/10 19:57:49.0668 3840 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/10 19:57:49.0887 3840 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/10 19:57:50.0355 3840 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/06/10 19:57:50.0589 3840 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/10 19:57:50.0948 3840 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/10 19:57:51.0244 3840 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/10 19:57:51.0696 3840 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/10 19:57:51.0821 3840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/10 19:57:52.0289 3840 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/10 19:57:52.0523 3840 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/10 19:57:52.0726 3840 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/10 19:57:53.0054 3840 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/10 19:57:53.0319 3840 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/10 19:57:53.0553 3840 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/10 19:57:53.0990 3840 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/06/10 19:57:54.0333 3840 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/10 19:57:54.0520 3840 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/10 19:57:54.0941 3840 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/10 19:57:55.0362 3840 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/06/10 19:57:55.0674 3840 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/10 19:57:55.0877 3840 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/10 19:57:56.0267 3840 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/10 19:57:56.0860 3840 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
2011/06/10 19:57:57.0110 3840 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/10 19:57:57.0531 3840 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/06/10 19:57:57.0749 3840 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/06/10 19:57:58.0061 3840 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/10 19:57:58.0326 3840 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/10 19:57:58.0748 3840 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/10 19:57:58.0872 3840 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/10 19:57:59.0980 3840 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/10 19:58:00.0838 3840 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/10 19:58:01.0353 3840 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
2011/06/10 19:58:01.0680 3840 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/06/10 19:58:01.0977 3840 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
2011/06/10 19:58:02.0414 3840 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
2011/06/10 19:58:02.0788 3840 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/10 19:58:03.0256 3840 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/10 19:58:03.0771 3840 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/10 19:58:04.0067 3840 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/10 19:58:04.0426 3840 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/10 19:58:04.0582 3840 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/10 19:58:04.0988 3840 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/10 19:58:05.0222 3840 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/10 19:58:05.0518 3840 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/06/10 19:58:06.0048 3840 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/10 19:58:06.0470 3840 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/10 19:58:06.0766 3840 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/10 19:58:07.0234 3840 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/10 19:58:07.0608 3840 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/06/10 19:58:07.0686 3840 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/10 19:58:07.0764 3840 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/10 19:58:07.0796 3840 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/10 19:58:07.0858 3840 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/10 19:58:07.0967 3840 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/06/10 19:58:08.0076 3840 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/10 19:58:08.0295 3840 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/10 19:58:08.0435 3840 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/10 19:58:08.0529 3840 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/06/10 19:58:08.0591 3840 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/10 19:58:08.0732 3840 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/06/10 19:58:08.0872 3840 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/06/10 19:58:08.0950 3840 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/10 19:58:09.0153 3840 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/06/10 19:58:09.0278 3840 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/10 19:58:09.0356 3840 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/10 19:58:09.0418 3840 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/10 19:58:09.0480 3840 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/10 19:58:09.0543 3840 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/06/10 19:58:09.0636 3840 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/06/10 19:58:09.0792 3840 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/06/10 19:58:09.0870 3840 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/06/10 19:58:09.0933 3840 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/10 19:58:10.0058 3840 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/10 19:58:10.0245 3840 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/10 19:58:10.0307 3840 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/10 19:58:10.0354 3840 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/10 19:58:10.0385 3840 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/10 19:58:10.0416 3840 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/10 19:58:10.0526 3840 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/10 19:58:10.0791 3840 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/10 19:58:10.0962 3840 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/10 19:58:11.0212 3840 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/10 19:58:11.0430 3840 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/10 19:58:11.0664 3840 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/10 19:58:12.0304 3840 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/06/10 19:58:12.0491 3840 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/10 19:58:12.0647 3840 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/10 19:58:12.0788 3840 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/06/10 19:58:12.0944 3840 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/10 19:58:13.0224 3840 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/06/10 19:58:13.0443 3840 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/10 19:58:13.0926 3840 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/10 19:58:14.0316 3840 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/10 19:58:14.0504 3840 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/06/10 19:58:14.0972 3840 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/06/10 19:58:15.0564 3840 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/10 19:58:15.0689 3840 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/10 19:58:16.0204 3840 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\Windows\system32\Drivers\nx6000.sys
2011/06/10 19:58:16.0298 3840 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/06/10 19:58:16.0516 3840 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/10 19:58:16.0672 3840 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/10 19:58:16.0890 3840 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/10 19:58:17.0390 3840 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/10 19:58:17.0733 3840 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/06/10 19:58:18.0263 3840 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/10 19:58:18.0669 3840 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/10 19:58:18.0872 3840 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/10 19:58:19.0308 3840 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/10 19:58:20.0166 3840 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/06/10 19:58:20.0650 3840 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/10 19:58:20.0868 3840 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/10 19:58:21.0399 3840 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/10 19:58:21.0726 3840 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/10 19:58:22.0101 3840 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/06/10 19:58:22.0584 3840 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/10 19:58:23.0177 3840 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/10 19:58:24.0831 3840 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/06/10 19:58:25.0533 3840 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/10 19:58:26.0484 3840 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
2011/06/10 19:58:27.0186 3840 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
2011/06/10 19:58:27.0732 3840 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/10 19:58:28.0138 3840 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/10 19:58:28.0778 3840 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/06/10 19:58:29.0183 3840 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/10 19:58:30.0915 3840 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/10 19:58:31.0508 3840 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/06/10 19:58:31.0742 3840 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/06/10 19:58:32.0132 3840 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/06/10 19:58:32.0288 3840 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/06/10 19:58:32.0631 3840 OVT511Plus (c5739be3a8eecdf951955a38e1741f45) C:\Windows\system32\Drivers\omcamvid.sys
2011/06/10 19:58:32.0912 3840 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/10 19:58:33.0317 3840 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/06/10 19:58:33.0442 3840 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/10 19:58:33.0676 3840 PCANDIS4 (c36f305e2f777fc84c8f9a914a3bd277) C:\PCANDIS4.SYS
2011/06/10 19:58:34.0191 3840 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/06/10 19:58:34.0347 3840 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/06/10 19:58:34.0799 3840 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/06/10 19:58:35.0080 3840 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/10 19:58:35.0486 3840 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/10 19:58:36.0219 3840 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/10 19:58:36.0936 3840 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/10 19:58:37.0061 3840 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/10 19:58:37.0576 3840 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/10 19:58:38.0262 3840 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/10 19:58:38.0699 3840 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/10 19:58:38.0762 3840 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/10 19:58:38.0824 3840 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/10 19:58:38.0871 3840 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/10 19:58:38.0933 3840 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/10 19:58:39.0276 3840 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/10 19:58:39.0620 3840 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/10 19:58:40.0041 3840 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/10 19:58:40.0400 3840 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/10 19:58:40.0618 3840 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/10 19:58:40.0961 3840 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/06/10 19:58:41.0507 3840 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/10 19:58:41.0835 3840 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/10 19:58:42.0116 3840 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/06/10 19:58:42.0630 3840 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/06/10 19:58:42.0927 3840 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/10 19:58:43.0052 3840 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/06/10 19:58:43.0270 3840 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/06/10 19:58:43.0769 3840 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/10 19:58:43.0941 3840 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/06/10 19:58:44.0518 3840 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/10 19:58:45.0267 3840 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/10 19:58:45.0563 3840 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/10 19:58:46.0203 3840 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/10 19:58:47.0217 3840 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/06/10 19:58:47.0264 3840 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/10 19:58:47.0310 3840 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/10 19:58:47.0435 3840 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/10 19:58:47.0669 3840 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/06/10 19:58:47.0888 3840 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/10 19:58:48.0200 3840 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/10 19:58:48.0262 3840 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/10 19:58:48.0371 3840 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/10 19:58:49.0026 3840 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/06/10 19:58:49.0338 3840 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/10 19:58:49.0775 3840 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/10 19:58:50.0025 3840 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/10 19:58:50.0571 3840 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/10 19:58:50.0789 3840 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/10 19:58:51.0179 3840 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/10 19:58:51.0429 3840 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/06/10 19:58:51.0772 3840 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/06/10 19:58:51.0866 3840 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/06/10 19:58:52.0770 3840 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/10 19:58:53.0067 3840 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/06/10 19:58:53.0394 3840 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/06/10 19:58:53.0706 3840 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/06/10 19:58:54.0471 3840 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/10 19:58:55.0188 3840 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/06/10 19:58:55.0688 3840 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/10 19:58:56.0249 3840 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/10 19:58:56.0374 3840 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/06/10 19:58:56.0452 3840 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/06/10 19:58:56.0811 3840 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/10 19:58:56.0936 3840 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/06/10 19:58:57.0154 3840 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/10 19:58:57.0482 3840 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/10 19:58:58.0090 3840 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/10 19:58:58.0293 3840 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/10 19:58:58.0418 3840 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/10 19:58:58.0854 3840 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/10 19:58:59.0057 3840 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/06/10 19:58:59.0213 3840 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/10 19:58:59.0463 3840 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/06/10 19:58:59.0681 3840 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/06/10 19:58:59.0790 3840 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/06/10 19:58:59.0884 3840 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/10 19:59:00.0102 3840 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/06/10 19:59:00.0352 3840 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/10 19:59:00.0508 3840 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/10 19:59:00.0664 3840 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/10 19:59:00.0820 3840 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/10 19:59:01.0257 3840 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/10 19:59:01.0569 3840 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/06/10 19:59:01.0943 3840 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/10 19:59:02.0349 3840 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/10 19:59:02.0583 3840 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/10 19:59:02.0770 3840 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/06/10 19:59:03.0191 3840 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/06/10 19:59:03.0410 3840 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/10 19:59:03.0644 3840 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/06/10 19:59:03.0815 3840 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/06/10 19:59:03.0956 3840 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/06/10 19:59:04.0361 3840 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/06/10 19:59:04.0595 3840 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/10 19:59:04.0907 3840 volsnap (ab6532bf1c2519efcec5b8c04d8dc407) C:\Windows\system32\drivers\volsnap.sys
2011/06/10 19:59:04.0907 3840 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ab6532bf1c2519efcec5b8c04d8dc407, Fake md5: f497f67932c6fa693d7de2780631cfe7
2011/06/10 19:59:04.0923 3840 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/10 19:59:05.0453 3840 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/06/10 19:59:05.0796 3840 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/06/10 19:59:06.0342 3840 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/06/10 19:59:06.0654 3840 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
2011/06/10 19:59:06.0920 3840 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/10 19:59:07.0029 3840 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/10 19:59:07.0247 3840 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/10 19:59:07.0466 3840 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/10 19:59:07.0481 3840 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/10 19:59:08.0230 3840 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/10 19:59:08.0480 3840 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/10 19:59:08.0963 3840 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/10 19:59:09.0182 3840 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/10 19:59:09.0868 3840 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/10 19:59:10.0508 3840 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/10 19:59:10.0866 3840 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/10 19:59:11.0303 3840 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/10 19:59:11.0428 3840 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/06/10 19:59:11.0787 3840 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/06/10 19:59:12.0224 3840 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/10 19:59:12.0629 3840 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/10 19:59:12.0848 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/10 19:59:12.0926 3840 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
2011/06/10 19:59:12.0957 3840 ================================================================================
2011/06/10 19:59:12.0957 3840 Scan finished
2011/06/10 19:59:12.0957 3840 ================================================================================
2011/06/10 19:59:12.0988 2172 Detected object count: 1
2011/06/10 19:59:12.0988 2172 Actual detected object count: 1
2011/06/10 19:59:27.0044 2172 volsnap (ab6532bf1c2519efcec5b8c04d8dc407) C:\Windows\system32\drivers\volsnap.sys
2011/06/10 19:59:27.0044 2172 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ab6532bf1c2519efcec5b8c04d8dc407, Fake md5: f497f67932c6fa693d7de2780631cfe7
2011/06/10 19:59:30.0757 2172 Backup copy found, using it..
2011/06/10 19:59:30.0788 2172 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/06/10 19:59:30.0788 2172 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/10 19:59:36.0310 3988 Deinitialize success

Attached Files



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:46 AM

Posted 10 June 2011 - 03:02 PM

Hello again. Your logs are looking better! :) However, there is more that needs doing.

Also, please post the logs as posts and not as uploaded attachments; it makes my job easier that way. :wink:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::
C:\32788R22FWJFW
c:\users\Peter\AppData\Local\{A84B2FBB-8C25-4DA2-A1F2-2133F1F3CF58}
c:\users\Peter\AppData\Local\{E7032AD1-BDF1-48B8-B7A8-DD81A2C441DA}
c:\users\Peter\AppData\Local\{7AB7F08C-DF24-4534-B5CC-395D9BC8AADF}
c:\users\Peter\AppData\Local\{9BC01B4F-1535-4DA3-8C2A-A88310842ADA}
c:\users\Peter\AppData\Local\{F712BF2A-F14C-473F-A6A4-DEE60734B206}
c:\users\Peter\AppData\Local\{F56E7AAE-F8AB-4EC2-BA82-78D5C76AF79F}
c:\users\Peter\AppData\Local\{DA11395C-B529-41A1-A124-CA3202C1D34B}
c:\users\Peter\AppData\Local\{593C49AC-7D87-4ED2-B182-C67302AE2D97}
c:\users\Peter\AppData\Local\{23DAD91C-83DC-49F7-9F4D-7240A86A7A85}
c:\users\Peter\AppData\Local\{5C4C72C6-72FD-47C5-B332-4FA4A77094AC}
c:\users\Peter\AppData\Local\{D601130D-8DB0-4A3B-9EAD-776BC4A765F5}
c:\users\Peter\AppData\Local\{15E25329-69C4-465B-B38F-CEB26D4ACD92}
c:\users\Peter\AppData\Local\{42BFDC1D-7C5B-4011-87C4-B7EAC8CFEB8D}
c:\users\Peter\AppData\Local\{564C23D5-E57F-4F4D-BFEA-82EF73B109C7}
c:\users\Peter\AppData\Local\{EE1554DB-9639-4B56-B500-D2363C42D47D}
c:\users\Peter\AppData\Local\{CA287173-AA05-45D2-B896-D393571C7A1A}
c:\users\Peter\AppData\Local\{A7A46A0B-ACA6-4C7A-9006-CC051AC8947A}
c:\users\Peter\AppData\Local\{195048E4-171C-4AA4-9B27-D8F4CFC4688B}
c:\users\Peter\AppData\Local\{F7485398-F1E4-4CE7-9816-7FD548F75547}
c:\users\Peter\AppData\Local\{A2DF3E5F-CE6C-44B3-961A-6BFBA0CC7DFA}
c:\users\Peter\AppData\Local\{9C46A9C6-102A-4FF5-96C7-FF38A428B996}
c:\users\Peter\AppData\Local\{8C2EBF4C-4C93-43D5-9940-A56508458E1C}
c:\users\Peter\AppData\Local\{DDE6181B-F715-47F6-A234-36F8BEDCC7D3}
c:\users\Peter\AppData\Local\{C53D1E12-3594-4CDC-AED4-F3C57990829D}

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

-------------

In your next reply, please include:
  • C:\ComboFix.txt

How is your computer running now?

#5 Mr_Wibble

Mr_Wibble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 June 2011 - 04:36 AM

Combofix log as below. The machine's looking all good now.

ComboFix 11-06-10.09 - Peter 11/06/2011 9:58.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2046.1234 [GMT 1:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Peter\AppData\Local\{15E25329-69C4-465B-B38F-CEB26D4ACD92}
c:\users\Peter\AppData\Local\{195048E4-171C-4AA4-9B27-D8F4CFC4688B}
c:\users\Peter\AppData\Local\{23DAD91C-83DC-49F7-9F4D-7240A86A7A85}
c:\users\Peter\AppData\Local\{42BFDC1D-7C5B-4011-87C4-B7EAC8CFEB8D}
c:\users\Peter\AppData\Local\{564C23D5-E57F-4F4D-BFEA-82EF73B109C7}
c:\users\Peter\AppData\Local\{593C49AC-7D87-4ED2-B182-C67302AE2D97}
c:\users\Peter\AppData\Local\{5C4C72C6-72FD-47C5-B332-4FA4A77094AC}
c:\users\Peter\AppData\Local\{7AB7F08C-DF24-4534-B5CC-395D9BC8AADF}
c:\users\Peter\AppData\Local\{8C2EBF4C-4C93-43D5-9940-A56508458E1C}
c:\users\Peter\AppData\Local\{9BC01B4F-1535-4DA3-8C2A-A88310842ADA}
c:\users\Peter\AppData\Local\{9C46A9C6-102A-4FF5-96C7-FF38A428B996}
c:\users\Peter\AppData\Local\{A2DF3E5F-CE6C-44B3-961A-6BFBA0CC7DFA}
c:\users\Peter\AppData\Local\{A7A46A0B-ACA6-4C7A-9006-CC051AC8947A}
c:\users\Peter\AppData\Local\{A84B2FBB-8C25-4DA2-A1F2-2133F1F3CF58}
c:\users\Peter\AppData\Local\{C53D1E12-3594-4CDC-AED4-F3C57990829D}
c:\users\Peter\AppData\Local\{CA287173-AA05-45D2-B896-D393571C7A1A}
c:\users\Peter\AppData\Local\{D601130D-8DB0-4A3B-9EAD-776BC4A765F5}
c:\users\Peter\AppData\Local\{DA11395C-B529-41A1-A124-CA3202C1D34B}
c:\users\Peter\AppData\Local\{DDE6181B-F715-47F6-A234-36F8BEDCC7D3}
c:\users\Peter\AppData\Local\{E7032AD1-BDF1-48B8-B7A8-DD81A2C441DA}
c:\users\Peter\AppData\Local\{EE1554DB-9639-4B56-B500-D2363C42D47D}
c:\users\Peter\AppData\Local\{F56E7AAE-F8AB-4EC2-BA82-78D5C76AF79F}
c:\users\Peter\AppData\Local\{F712BF2A-F14C-473F-A6A4-DEE60734B206}
c:\users\Peter\AppData\Local\{F7485398-F1E4-4CE7-9816-7FD548F75547}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-02 17:17 . 2011-06-02 17:17 -------- d-----w- c:\program files\Runtime Software
2011-06-02 17:16 . 2011-06-02 17:16 1873239 ----a-w- c:\temp\dixmlsetup.exe
2011-05-28 19:06 . 2011-05-28 19:06 -------- d-----w- c:\program files\ESET
2011-05-28 18:59 . 2011-05-28 18:59 75264 ----a-w- c:\temp\SystemLook.exe
2011-05-28 15:45 . 2011-05-28 15:45 -------- d-----w- c:\users\Peter\AppData\Roaming\Malwarebytes
2011-05-28 15:45 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-28 15:45 . 2011-05-28 15:45 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 15:45 . 2011-05-28 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:06 . 2011-05-28 12:11 7734240 ----a-w- c:\temp\mbam-setup.exe
2011-05-28 11:30 . 2011-05-28 15:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-05-28 09:16 . 2011-05-28 09:16 -------- d-----w- c:\program files\trend micro
2011-05-28 09:16 . 2011-05-28 09:16 -------- d-----w- C:\rsit
2011-05-27 22:30 . 2011-05-27 22:30 13248968 ----a-w- c:\temp\windows-kb890830-v3.19.exe
2011-05-27 22:13 . 2011-05-27 22:13 3096424 ----a-w- c:\temp\ccsetup307.exe
2011-05-27 19:02 . 2011-05-27 19:02 388096 ----a-r- c:\users\Peter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-27 19:02 . 2011-05-27 19:02 -------- d-----w- c:\program files\hijack this
2011-05-27 18:46 . 2011-05-18 11:37 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B76DDD7-1A4A-4B2B-A073-9F2C795F6DF2}\mpengine.dll
2011-05-27 16:24 . 2011-05-27 16:24 1029512 ----a-w- c:\temp\SkypeSetup.exe
2011-05-22 20:22 . 2011-05-22 20:23 138140676 ----a-w- c:\temp\UDKInstall-WavesRPS.exe
2011-05-19 15:17 . 2011-05-19 15:18 -------- d-----w- c:\program files\Mumble
2011-05-19 08:34 . 2011-05-19 08:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 18:25 . 2011-05-15 18:35 1409323648 ----a-w- c:\temp\setup_outcast.exe
2011-05-15 09:47 . 2011-05-23 18:31 -------- d-----w- c:\programdata\Skype Extras
2011-05-14 19:20 . 2011-05-14 19:20 -------- d-----w- c:\program files\Common Files\Steam
2011-05-14 19:20 . 2011-05-27 22:18 -------- d-----w- c:\program files\Steam
2011-05-12 17:21 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-12 17:21 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 17:21 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 19:00 . 2011-02-23 10:52 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-11 19:35 . 2011-05-11 19:35 253336 ----a-w- c:\users\Peter\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlui.dll
2011-05-10 12:10 . 2010-08-23 20:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-02-21 11:53 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-04-06 17:19 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-02-21 11:53 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-02-21 11:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-02-21 11:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-02-21 11:53 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-02-21 11:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-09 17:55 . 2011-04-09 17:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 17:55 . 2011-04-09 17:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-06 17:10 . 2011-04-06 17:10 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 17:10 . 2011-04-06 17:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 17:10 . 2011-04-06 17:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 17:10 . 2011-04-06 17:10 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 17:10 . 2011-04-06 17:10 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 17:10 . 2011-04-06 17:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 17:10 . 2011-04-06 17:10 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 17:10 . 2011-04-06 17:10 367104 ----a-w- c:\windows\system32\html.iec
2011-04-06 17:10 . 2011-04-06 17:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-06 17:10 . 2011-04-06 17:10 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 17:10 . 2011-04-06 17:10 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 17:10 . 2011-04-06 17:10 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 17:10 . 2011-04-06 17:10 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 17:10 . 2011-04-06 17:10 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 17:10 . 2011-04-06 17:10 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 17:10 . 2011-04-06 17:10 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 17:10 . 2011-04-06 17:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 17:10 . 2011-04-06 17:10 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-06 17:10 . 2011-04-06 17:10 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 17:10 . 2011-04-06 17:10 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-06 17:10 . 2011-04-06 17:10 35840 ----a-w- c:\windows\system32\imgutil.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-05-06 19:00 . 2011-05-06 19:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="c:\program files\Emsisoft Anti-Malware\a2guard.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-14 36608]
R3 PCANDIS4;PCANDIS4 Protocol Driver;C:\PCANDIS4.SYS [2010-06-04 16112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-31 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-17 238952]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-03 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 589824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 87.194.255.154 87.194.255.155
FF - ProfilePath -
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1008)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-06-11 10:21:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 09:20
ComboFix2.txt 2011-06-10 19:26
.
Pre-Run: 51,063,136,256 bytes free
Post-Run: 50,873,073,664 bytes free
.
- - End Of File - - 7C4E44588FA28A46484DEE1758D3527E

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:46 AM

Posted 11 June 2011 - 06:23 AM

Hello again. Your logs are looking much better! :) However, we need to do a few more things.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

-------------

In your next reply, please include:
  • ESET Online Scan log


#7 Mr_Wibble

Mr_Wibble
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 June 2011 - 10:50 AM

Eset loag as below:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=d586ef56922e1c41b2e7dd01ff36b546
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-11 03:06:17
# local_time=2011-06-11 04:06:17 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 1221364 1221364 0 0
# compatibility_mode=768 16777215 100 0 41045990 41045990 0 0
# compatibility_mode=5893 16776573 100 94 1273592 60265561 0 0
# compatibility_mode=8192 67108863 100 0 1186009 1186009 0 0
# scanned=137536
# found=0
# cleaned=0
# scan_time=5607

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:46 AM

Posted 11 June 2011 - 02:34 PM

Hello again. Your logs appear to be clean. You are good to go. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reenable your TeaTimer.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

You have UAC (User Account Control) set to Disabled! This leaves you extremley vulnerable to being reinfected. I strongly suggest that you leave it Enabled!

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available A tutorial on understanding and using firewalls may be found here.


If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:04:46 AM

Posted 18 June 2011 - 09:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users