Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 virus


  • Please log in to reply
10 replies to this topic

#1 BIGBOYTERP

BIGBOYTERP

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 06 July 2011 - 06:30 PM

My computer has been infected with the win 7 antispyware malware. I have complete all of the steps outlined on your website. I downloaded the file registry. I ran Rkill and Malwarebytes and Super Antispyware. I ran all three programs in regular and in safe mode, in the order that your website suggested, the popups of the win 7 antispyware are gone and I can open up executable files. The problem is, I can‘t access your website or any other websites that offer help killing win 7 antispyware. The rogue malware is still hidden on my computer somehow. I still need assistance removing this pest.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 06 July 2011 - 07:15 PM

Hello and welcome.

Run EXE HELPER
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

scan with MBAM and SAS and post the logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 06 July 2011 - 07:43 PM

The computer would not let me use exeHelper

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7034

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

7/13/2011 4:22:34 PM
mbam-log-2011-07-13 (16-22-34).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 366788
Time elapsed: 44 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\DVYHI42JUG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\opsmr9ibkfl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\R4B1ZAOPF5 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\kingterp\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5\175885-400d0967 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5\175885-44877ab3 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5\175885-631d92b2 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\189a7955.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc168.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc25.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc27.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc412568574.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc412570540.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc412572708.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc70.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc81.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\AppData\Roaming\Adobe\plugs\mmc94.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\kingterp\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/13/2011 at 02:01 PM

Application Version : 4.33.1000

Core Rules Database Version : 7379
Trace Rules Database Version: 5191

Scan type : Complete Scan
Total Scan Time : 00:52:29

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 7511
Registry threats detected : 2
File items scanned : 40536
File threats detected : 164

Trojan.Agent/Gen-RogueDrop
[R4B1ZAOPF5] C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\EBR.EXE
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\EBR.EXE
C:\Windows\Prefetch\EBR.EXE-A71B2167.pf

Trojan.Agent/Gen-RogueWare
[Security Protection] C:\PROGRAMDATA\DEFENDER.EXE
C:\PROGRAMDATA\DEFENDER.EXE
C:\USERS\KINGTERP\APPDATA\LOCAL\JDH.EXE
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\JAR_CACHE5977100447541998865.TMP
C:\USERS\PUBLIC\DESKTOP\MALWARE PROTECTION.LNK
C:\Windows\Prefetch\DEFENDER.EXE-C1DA341B.pf
C:\Windows\Prefetch\JDH.EXE-FE968C16.pf

Adware.Tracking Cookie
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@kontera[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.clicksthis[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@viewablemedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@advertise[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ru4[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@smartfindonline[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@cdn1.trafficmp[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@imrworldwide[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@indoormedia.co[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@viacom.adbureau[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@at.atwola[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@crackle[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@realmedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@media.adfrontiers[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@trafficengine[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.hippofind[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@fastclick[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@collective-media[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@eas.apm.emediate[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@atdmt[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@findology[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@mediabrandsww[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@advertising[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@surfaccuracy[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@advertising[7].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.clicksthe[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.boltfind[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@indieclick[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@apmebf[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@serving-sys[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@dc.tremormedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@mediaplex[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@statcounter[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@adbrite[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.apartmentfinder[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@adlegend[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@r1-ads.ace.advertising[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@pro-market[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.pubmatic[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.mediaquantics[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@rotator.adjuggler[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@vidasco.rotator.hadj7.adjuggler[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.clickbowl[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.blogtalkradio[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@legolas-media[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@network.realmedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@cdn.jemamedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.pointroll[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@eloqua.122.2o7[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@optimize.indieclick[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ad.yieldmanager[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.matrix-media[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.toseeking[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@bizzclick[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@invitemedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@revsci[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@apartmentfinder[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.react2media[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.lycos[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@media6degrees[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@miva.cinomedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.burstnet[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@citi.bridgetrack[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.findxml[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@m1.mediasrv[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.gamersmedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@zedo[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@tribalfusion[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.popuptraffic[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@servedby.adxpower[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@harrenmedianetwork[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.undertone[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@adserver.adtechus[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@adserving.versaneeds[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@yieldmanager[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@casalemedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@adxpose[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@clicksor[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@pointroll[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@xml.trafficengine[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.find-quick-results[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@trafficmp[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@cebwa.122.2o7[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@myroitracking[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@a1.interclick[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.321findit[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@specificclick[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@lucidmedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@insightexpressai[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@content.yieldmanager[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.googleadservices[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@mediatraffic[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@mediaquantics[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.clickcheer[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.adk2[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@content.yieldmanager[3].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@cracked[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ad.wsod[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@interclick[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@doubleclick[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@questionmarket[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@intermundomedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@2o7[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.amazeclick[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@educationcom.112.2o7[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@newmusiccountdown.mevio[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@adultswim[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@ads.bridgetrack[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@beacon.dmsinsights[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.pixeltrack66[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@tacoda.at.atwola[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.seekfinds[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@martiniadnetwork[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@uiadserver[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.findsmy[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@burstnet[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.clickwhale[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@p456t1s5204756.kronos.bravenetmedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@click.scour[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@rudefinder[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@p456t1s5371399.kronos.bravenetmedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@feed.validclick[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.rudefinder[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@247realmedia[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@mm.chitika[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@www.mediatraffic[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@search.clicksare[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\kingterp@p268t1s3796876.kronos.bravenetmedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@t.pointroll[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@segment-pixel.invitemedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@pointroll[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@doubleclick[2].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@ads.pointroll[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@atdmt[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@ad2.ip[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@invitemedia[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@content.yieldmanager[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@ad.yieldmanager[1].txt
C:\Users\kingterp\AppData\Roaming\Microsoft\Windows\Cookies\Low\kingterp@ad2.ip[2].txt

Malware.Trace
C:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job

Trojan.Agent/Gen-TDSS[Rel]
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\40A0.TMP
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\6A5E.TMP

Trojan.Agent/Gen-Frauder
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\5CC.TMP
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\JAR_CACHE2554179528469886492.TMP

Rootkit.Agent/Gen-TDSS
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\BC65.TMP
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\C2BB.TMP

Trojan.Agent/Gen-Cryptic
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\EBQ.EXE
C:\WINDOWS\EDOHOA.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\RARSFX1\NIRD\IEXPLORE.EXE
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\RARSFX2\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\USERS\KINGTERP\APPDATA\LOCAL\TEMP\RARSFX2\PROCS\EXPLORER.EXE

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 06 July 2011 - 08:29 PM

This was real good. Let's do 3 more things and let me know how it is after.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 06 July 2011 - 11:44 PM

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````






2011/07/13 22:44:10.0821 1360 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/13 22:44:11.0273 1360 ================================================================================
2011/07/13 22:44:11.0273 1360 SystemInfo:
2011/07/13 22:44:11.0273 1360
2011/07/13 22:44:11.0273 1360 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/13 22:44:11.0273 1360 Product type: Workstation
2011/07/13 22:44:11.0273 1360 ComputerName: KINGTERP-PC
2011/07/13 22:44:11.0273 1360 UserName: kingterp
2011/07/13 22:44:11.0273 1360 Windows directory: C:\Windows
2011/07/13 22:44:11.0273 1360 System windows directory: C:\Windows
2011/07/13 22:44:11.0273 1360 Running under WOW64
2011/07/13 22:44:11.0273 1360 Processor architecture: Intel x64
2011/07/13 22:44:11.0273 1360 Number of processors: 2
2011/07/13 22:44:11.0273 1360 Page size: 0x1000
2011/07/13 22:44:11.0273 1360 Boot type: Safe boot with network
2011/07/13 22:44:11.0273 1360 ================================================================================
2011/07/13 22:44:11.0617 1360 Initialize success
2011/07/13 22:44:39.0182 1484 ================================================================================
2011/07/13 22:44:39.0182 1484 Scan started
2011/07/13 22:44:39.0182 1484 Mode: Manual;
2011/07/13 22:44:39.0182 1484 ================================================================================
2011/07/13 22:44:39.0450 1484 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/13 22:44:39.0514 1484 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/13 22:44:39.0550 1484 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/13 22:44:39.0603 1484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/13 22:44:39.0627 1484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/13 22:44:39.0647 1484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/13 22:44:39.0824 1484 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/13 22:44:39.0860 1484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/13 22:44:39.0897 1484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/13 22:44:39.0924 1484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/13 22:44:39.0965 1484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/13 22:44:40.0009 1484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/13 22:44:40.0071 1484 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/13 22:44:40.0089 1484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/13 22:44:40.0127 1484 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/13 22:44:40.0195 1484 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/13 22:44:40.0211 1484 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/13 22:44:40.0272 1484 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/13 22:44:40.0306 1484 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/13 22:44:40.0345 1484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 22:44:40.0379 1484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/13 22:44:40.0436 1484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/13 22:44:40.0457 1484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/13 22:44:40.0572 1484 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/13 22:44:40.0677 1484 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/13 22:44:40.0798 1484 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/13 22:44:40.0896 1484 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys
2011/07/13 22:44:40.0972 1484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/13 22:44:41.0044 1484 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 22:44:41.0081 1484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 22:44:41.0104 1484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 22:44:41.0154 1484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/13 22:44:41.0171 1484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/13 22:44:41.0206 1484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 22:44:41.0221 1484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/13 22:44:41.0292 1484 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
2011/07/13 22:44:41.0309 1484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/13 22:44:41.0377 1484 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2011/07/13 22:44:41.0470 1484 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
2011/07/13 22:44:41.0551 1484 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 22:44:41.0589 1484 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/13 22:44:41.0624 1484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/13 22:44:41.0708 1484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/13 22:44:41.0810 1484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 22:44:41.0837 1484 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/13 22:44:41.0894 1484 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/13 22:44:41.0909 1484 Scan interrupted by user!
2011/07/13 22:44:41.0909 1484 ================================================================================
2011/07/13 22:44:41.0909 1484 Scan finished
2011/07/13 22:44:41.0909 1484 ================================================================================
2011/07/13 22:44:41.0925 1724 Detected object count: 0
2011/07/13 22:44:41.0925 1724 Actual detected object count: 0
2011/07/13 22:44:48.0637 1520 ================================================================================
2011/07/13 22:44:48.0637 1520 Scan started
2011/07/13 22:44:48.0637 1520 Mode: Manual;
2011/07/13 22:44:48.0638 1520 ================================================================================
2011/07/13 22:44:48.0777 1520 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/13 22:44:48.0820 1520 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/13 22:44:48.0844 1520 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/13 22:44:48.0868 1520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/13 22:44:48.0901 1520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/13 22:44:48.0922 1520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/13 22:44:48.0996 1520 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/13 22:44:49.0021 1520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/13 22:44:49.0058 1520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/13 22:44:49.0085 1520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/13 22:44:49.0115 1520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/13 22:44:49.0131 1520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/13 22:44:49.0177 1520 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/13 22:44:49.0209 1520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/13 22:44:49.0233 1520 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/13 22:44:49.0278 1520 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/13 22:44:49.0297 1520 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/13 22:44:49.0335 1520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/13 22:44:49.0359 1520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/13 22:44:49.0395 1520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/13 22:44:49.0428 1520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/13 22:44:49.0485 1520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/13 22:44:49.0516 1520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/13 22:44:49.0566 1520 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/13 22:44:49.0661 1520 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/13 22:44:49.0703 1520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/13 22:44:49.0768 1520 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys
2011/07/13 22:44:49.0799 1520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/13 22:44:49.0849 1520 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/13 22:44:49.0875 1520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 22:44:49.0909 1520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 22:44:49.0944 1520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/13 22:44:49.0961 1520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/13 22:44:49.0989 1520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 22:44:50.0004 1520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/13 22:44:50.0053 1520 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
2011/07/13 22:44:50.0068 1520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/13 22:44:50.0116 1520 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2011/07/13 22:44:50.0209 1520 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
2011/07/13 22:44:50.0245 1520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/13 22:44:50.0272 1520 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/13 22:44:50.0307 1520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/13 22:44:50.0357 1520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/13 22:44:50.0416 1520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/13 22:44:50.0453 1520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/13 22:44:50.0499 1520 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/13 22:44:50.0520 1520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/13 22:44:50.0546 1520 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/13 22:44:50.0567 1520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/13 22:44:50.0649 1520 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/07/13 22:44:50.0742 1520 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/13 22:44:50.0786 1520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/13 22:44:50.0843 1520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/13 22:44:50.0932 1520 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/13 22:44:50.0960 1520 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/13 22:44:51.0032 1520 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/13 22:44:51.0082 1520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/13 22:44:51.0139 1520 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/13 22:44:51.0256 1520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/13 22:44:51.0373 1520 eeCtrl (8ecb5d35f400706016931bd25ae1b554) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/07/13 22:44:51.0518 1520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/13 22:44:51.0542 1520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/13 22:44:51.0598 1520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/13 22:44:51.0641 1520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/13 22:44:51.0681 1520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/13 22:44:51.0738 1520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/13 22:44:51.0758 1520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/13 22:44:51.0773 1520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/13 22:44:51.0818 1520 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/13 22:44:51.0874 1520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/13 22:44:51.0901 1520 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/13 22:44:51.0974 1520 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/13 22:44:52.0002 1520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/13 22:44:52.0059 1520 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/13 22:44:52.0136 1520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/13 22:44:52.0173 1520 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/13 22:44:52.0189 1520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/13 22:44:52.0218 1520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/13 22:44:52.0241 1520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/13 22:44:52.0274 1520 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/13 22:44:52.0354 1520 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/13 22:44:52.0427 1520 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/13 22:44:52.0465 1520 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/13 22:44:52.0512 1520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/13 22:44:52.0572 1520 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/13 22:44:52.0622 1520 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/13 22:44:52.0768 1520 IDSVia64 (9a793a1451b5e2cf54b4a33342cb58cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100119.001\IDSvia64.sys
2011/07/13 22:44:52.0958 1520 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/13 22:44:53.0028 1520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/13 22:44:53.0056 1520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/13 22:44:53.0087 1520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/13 22:44:53.0158 1520 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/13 22:44:53.0189 1520 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/13 22:44:53.0206 1520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/13 22:44:53.0257 1520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/13 22:44:53.0281 1520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/13 22:44:53.0315 1520 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/13 22:44:53.0356 1520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/13 22:44:53.0371 1520 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/13 22:44:53.0404 1520 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/13 22:44:53.0466 1520 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/13 22:44:53.0509 1520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/13 22:44:53.0572 1520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/13 22:44:53.0625 1520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/13 22:44:53.0642 1520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/13 22:44:53.0669 1520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/13 22:44:53.0701 1520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/13 22:44:53.0741 1520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/13 22:44:53.0816 1520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/13 22:44:53.0851 1520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/13 22:44:53.0895 1520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/13 22:44:53.0925 1520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/13 22:44:53.0967 1520 motccgp (93f5adcad940111f6d4d71ae1d9ec7f6) C:\Windows\system32\DRIVERS\motccgp.sys
2011/07/13 22:44:54.0006 1520 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/07/13 22:44:54.0032 1520 motmodem (db83dc223b9133da3e41afcbdecc46b5) C:\Windows\system32\DRIVERS\motmodem.sys
2011/07/13 22:44:54.0053 1520 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
2011/07/13 22:44:54.0102 1520 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
2011/07/13 22:44:54.0158 1520 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
2011/07/13 22:44:54.0204 1520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/13 22:44:54.0235 1520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/13 22:44:54.0267 1520 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/13 22:44:54.0302 1520 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/13 22:44:54.0345 1520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/13 22:44:54.0401 1520 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/13 22:44:54.0466 1520 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 22:44:54.0507 1520 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 22:44:54.0558 1520 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 22:44:54.0586 1520 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/13 22:44:54.0621 1520 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/13 22:44:54.0674 1520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/13 22:44:54.0692 1520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/13 22:44:54.0718 1520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/13 22:44:54.0759 1520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/13 22:44:54.0789 1520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/13 22:44:54.0807 1520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/13 22:44:54.0850 1520 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/13 22:44:54.0887 1520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/13 22:44:54.0916 1520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/13 22:44:54.0940 1520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/13 22:44:54.0969 1520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/13 22:44:55.0014 1520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/13 22:44:55.0200 1520 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/13 22:44:55.0231 1520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/13 22:44:55.0262 1520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/13 22:44:55.0308 1520 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/13 22:44:55.0347 1520 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/13 22:44:55.0385 1520 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/13 22:44:55.0418 1520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/13 22:44:55.0469 1520 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/13 22:44:55.0515 1520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/13 22:44:55.0568 1520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/13 22:44:55.0597 1520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/13 22:44:55.0674 1520 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/13 22:44:55.0715 1520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/13 22:44:55.0765 1520 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/13 22:44:55.0824 1520 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/13 22:44:55.0862 1520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/13 22:44:55.0894 1520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/13 22:44:55.0966 1520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/13 22:44:55.0997 1520 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/13 22:44:56.0025 1520 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/13 22:44:56.0057 1520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/13 22:44:56.0091 1520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/13 22:44:56.0121 1520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/13 22:44:56.0178 1520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/13 22:44:56.0303 1520 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/13 22:44:56.0333 1520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/13 22:44:56.0377 1520 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/13 22:44:56.0438 1520 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/13 22:44:56.0504 1520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/13 22:44:56.0536 1520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/13 22:44:56.0571 1520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/13 22:44:56.0599 1520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/13 22:44:56.0639 1520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/13 22:44:56.0669 1520 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 22:44:56.0703 1520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/13 22:44:56.0726 1520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/13 22:44:56.0780 1520 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/13 22:44:56.0813 1520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/13 22:44:56.0835 1520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 22:44:56.0865 1520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/13 22:44:56.0894 1520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/13 22:44:56.0928 1520 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/13 22:44:56.0963 1520 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/13 22:44:57.0029 1520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/13 22:44:57.0075 1520 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/13 22:44:57.0171 1520 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/13 22:44:57.0199 1520 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
2011/07/13 22:44:57.0229 1520 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
2011/07/13 22:44:57.0269 1520 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/13 22:44:57.0301 1520 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/13 22:44:57.0347 1520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/13 22:44:57.0395 1520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/13 22:44:57.0420 1520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/13 22:44:57.0450 1520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/13 22:44:57.0495 1520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/13 22:44:57.0526 1520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/13 22:44:57.0548 1520 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/13 22:44:57.0563 1520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/13 22:44:57.0639 1520 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/07/13 22:44:57.0712 1520 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/07/13 22:44:57.0756 1520 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/07/13 22:44:57.0831 1520 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/07/13 22:44:57.0897 1520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/13 22:44:57.0935 1520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/13 22:44:57.0969 1520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/13 22:44:58.0009 1520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/13 22:44:58.0131 1520 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
2011/07/13 22:44:58.0184 1520 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
2011/07/13 22:44:58.0262 1520 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/13 22:44:58.0302 1520 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/13 22:44:58.0348 1520 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/13 22:44:58.0414 1520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/13 22:44:58.0484 1520 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/13 22:44:58.0536 1520 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/13 22:44:58.0573 1520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/13 22:44:58.0680 1520 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
2011/07/13 22:44:58.0719 1520 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/07/13 22:44:58.0790 1520 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/07/13 22:44:58.0904 1520 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
2011/07/13 22:44:59.0012 1520 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/13 22:44:59.0079 1520 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/13 22:44:59.0140 1520 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/13 22:44:59.0169 1520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/13 22:44:59.0196 1520 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/13 22:44:59.0227 1520 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/13 22:44:59.0243 1520 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/13 22:44:59.0325 1520 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 22:44:59.0366 1520 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/13 22:44:59.0398 1520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/13 22:44:59.0447 1520 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/13 22:44:59.0484 1520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/13 22:44:59.0512 1520 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/13 22:44:59.0546 1520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/13 22:44:59.0593 1520 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/13 22:44:59.0647 1520 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/13 22:44:59.0678 1520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/13 22:44:59.0732 1520 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/13 22:44:59.0781 1520 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/13 22:44:59.0805 1520 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/13 22:44:59.0826 1520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/13 22:44:59.0873 1520 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/13 22:44:59.0920 1520 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/13 22:44:59.0938 1520 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/13 22:44:59.0994 1520 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/13 22:45:00.0031 1520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/13 22:45:00.0064 1520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/13 22:45:00.0098 1520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/13 22:45:00.0125 1520 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/13 22:45:00.0149 1520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/13 22:45:00.0181 1520 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/13 22:45:00.0216 1520 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/13 22:45:00.0267 1520 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/13 22:45:00.0301 1520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/13 22:45:00.0332 1520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/13 22:45:00.0369 1520 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/13 22:45:00.0411 1520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/13 22:45:00.0441 1520 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 22:45:00.0458 1520 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/13 22:45:00.0536 1520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/13 22:45:00.0575 1520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/13 22:45:00.0665 1520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/13 22:45:00.0724 1520 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/13 22:45:00.0750 1520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/13 22:45:00.0836 1520 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/13 22:45:00.0890 1520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/13 22:45:00.0985 1520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/13 22:45:01.0043 1520 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/13 22:45:01.0071 1520 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 22:45:01.0167 1520 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/13 22:45:01.0224 1520 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/07/13 22:45:01.0251 1520 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/07/13 22:45:01.0272 1520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
2011/07/13 22:45:01.0289 1520 Boot (0x1200) (d6f66a4799a81078eee3eb4855343d7a) \Device\Harddisk0\DR0\Partition0
2011/07/13 22:45:01.0316 1520 Boot (0x1200) (e758476d756c11d094e35c94d2715920) \Device\Harddisk0\DR0\Partition1
2011/07/13 22:45:01.0332 1520 Boot (0x1200) (15140bf176037361a28e522fd942bf0b) \Device\Harddisk1\DR1\Partition0
2011/07/13 22:45:01.0349 1520 Boot (0x1200) (8f68b8c600da2c9a193d71789d2e8914) \Device\Harddisk2\DR4\Partition0
2011/07/13 22:45:01.0360 1520 ================================================================================
2011/07/13 22:45:01.0360 1520 Scan finished
2011/07/13 22:45:01.0360 1520 ================================================================================
2011/07/13 22:45:01.0381 1356 Detected object count: 0
2011/07/13 22:45:01.0381 1356 Actual detected object count: 0








C:\Users\kingterp\AppData\Local\Temp\5.866957991326998E8.exe Win32/Inject.NEQ trojan cleaned by deleting - quarantined
C:\Users\kingterp\AppData\Local\Temp\9.629272672931664E7.exe a variant of Win32/Injector.EBW trojan deleted - quarantined
C:\Users\kingterp\AppData\Local\Temp\jar_cache227253916971322047.tmp multiple threats deleted - quarantined
C:\Users\kingterp\AppData\Local\Temp\jar_cache3859099173778455308.tmp multiple threats deleted - quarantined
C:\Users\kingterp\AppData\Local\Temp\jar_cache4277362405442429870.tmp multiple threats deleted - quarantined
C:\Users\kingterp\AppData\Local\Temp\jar_cache5448416615605090922.tmp a variant of Java/TrojanDownloader.OpenStream.NBU trojan deleted - quarantined
C:\Users\kingterp\AppData\Local\Temp\jar_cache626526206274143689.tmp Java/TrojanDownloader.Agent.NCB trojan deleted - quarantined
C:\Users\kingterp\AppData\Local\Temp\jar_cache7106364163098211267.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan deleted - quarantined
C:\Users\kingterp\AppData\Local\Temp\jar_cache7681766189860409213.tmp Java/TrojanDownloader.Agent.NCB trojan deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7b603a92-206abff0 multiple threats deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\31da22c2-6a64e08d multiple threats deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\115bbe55-190f1dd9 multiple threats deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\47469895-40a60d14 probably a variant of Java/Agent.CR trojan deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\545519e1-7c77f312 multiple threats deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\21ca1a26-32c84eef multiple threats deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\570424e9-3a9906b0 probably a variant of Java/Agent.CR trojan deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\23109c6e-31f2062d multiple threats deleted - quarantined
C:\Users\kingterp\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\608456fc-21af85ca multiple threats deleted - quarantined

#6 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 07 July 2011 - 02:05 PM

bump

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 07 July 2011 - 02:18 PM

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 07 July 2011 - 03:18 PM

I did what you said to but my computer still wont let me go to your site outside of safe mode. When I put your site in to Google search I get the right search results. But when I double click Bleeping Computer I get Redirected to some other page I thank its that way for some other sites also.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 07 July 2011 - 07:24 PM

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 08 July 2011 - 02:19 PM

I did the fix and it did not work

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:22 PM

Posted 08 July 2011 - 08:16 PM

Rats!! We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users