Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Assistance needed with malicious nestat and redirects


  • Please log in to reply
7 replies to this topic

#1 Archit3ct

Archit3ct

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 23 July 2011 - 11:51 PM

Okay. About three weeks ago I get a random allow sunshine.java application warning and without hesitation clicked No, instantly after clicking it just keeps popping up without letting me exit it. Being that it was around 1 am I got annoyed and stupidly clicked clicked yes to get it out of my face...

The next time I Log in all of my programs are deleted, task manager does not work and I get a cute little GUI saying Windows 7 Anti Virus and that I am infected, no bleep. So to make a long story short I do a system recovery and things seem back to normal, soon enough I realize I get Google redirects and my OS just odd.

I ran multiple programs from MWBAM to CCleaner, Hijackthis, TDSS rootkit, Spyware Doctor. These have found a couple of things but I still am getting the Google Redirects.

When looking at my Netstat I found a Malicious IP of: 209.17.73.36 when typing this into the address bar it comes up with a weird page just saying hi. I need some help on how I should deal with this.

Also when trying to run Fport 2.0 the box will pop up but then immediately close after a second. Thanks

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:18 AM

Posted 24 July 2011 - 12:16 PM

Hi Archit3ct,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

:step1: Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please post the contents of that document.

:step2: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

:step3: Rerun Malwarebytes
Still in Safe Mode with Networking, open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

:step4: Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


If still redirecting...
Your HOSTS file may be infected.
Reset the HOSTS file
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


If still.... Are you using Firefox?
Are you on a router, are there others on it and if so do they redirect?


:step4: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

In your next reply, please include:
  • Security Check log
  • MiniToolBox log
  • Malwarebytes' log
  • TDSSkiller log (located at C:\)
  • GMER log
  • How's the computer running now? Please provide a detailed description any remaining problems, detailed word-for-word error messages that you are receiving, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Archit3ct

Archit3ct
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 25 July 2011 - 08:56 PM

Okay Jason thanks for the quick reply. Here are the logs as follows:

Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
ZoneAlarm
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````


MiniToolBox by Farbar
Ran by Chris (administrator) on 25-07-2011 at 20:44:12
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Zeek
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FA-02-A0-1C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-18-2C-C2-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd85:d27c:1a55:d063%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 25, 2011 1:42:09 PM
Lease Expires . . . . . . . . . . : Tuesday, July 26, 2011 6:39:29 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234890776
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-D5-B5-D5-00-26-18-2C-C2-CE
DNS Servers . . . . . . . . . . . : 68.87.74.166
68.87.68.166
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.fl.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.166

Name: google.com
Addresses: 74.125.93.104
74.125.93.106
74.125.93.147
74.125.93.105
74.125.93.103
74.125.93.99


Pinging google.com [74.125.91.105] with 32 bytes of data:
Reply from 74.125.91.105: bytes=32 time=115ms TTL=48
Reply from 74.125.91.105: bytes=32 time=45ms TTL=48

Ping statistics for 74.125.91.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 115ms, Average = 80ms
Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.166

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=87ms TTL=52
Reply from 72.30.2.43: bytes=32 time=86ms TTL=52

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 87ms, Average = 86ms

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
11...00 22 fa 02 a0 1c ......Intel® WiFi Link 5100 AGN
10...00 26 18 2c c2 ce ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.104 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.104 276
192.168.0.104 255.255.255.255 On-link 192.168.0.104 276
192.168.0.255 255.255.255.255 On-link 192.168.0.104 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.104 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.104 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::cd85:d27c:1a55:d063/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/23/2011 09:05:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/23/2011 02:35:13 AM) (Source: BugSplat) (User: )
Description: Pando_WinPando-1

Error: (07/23/2011 01:15:12 AM) (Source: BugSplat) (User: )
Description: Pando_WinPando-1

Error: (07/22/2011 00:22:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: SoftwareUpdate.exe, version: 2.1.2.120, time stamp: 0x4ae0ac1f
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x000332ff
Faulting process id: 0xe2c
Faulting application start time: 0xSoftwareUpdate.exe0
Faulting application path: SoftwareUpdate.exe1
Faulting module path: SoftwareUpdate.exe2
Report Id: SoftwareUpdate.exe3

Error: (07/22/2011 00:12:14 AM) (Source: pctsSvc.exe) (User: )
Description: The service process could not connect to the service controller

Error: (07/21/2011 11:01:23 PM) (Source: IMFservice) (User: )
Description: The handle is invalid

Error: (07/21/2011 04:26:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2011 07:47:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Panda PSK service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/19/2011 07:47:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Panda IManager Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/19/2011 07:47:12 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Panda On-Access Anti-Malware Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (07/25/2011 06:39:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058

Error: (07/25/2011 02:01:55 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058

Error: (07/25/2011 01:44:54 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (07/25/2011 01:44:54 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (07/25/2011 01:42:52 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
31450991
sptd

Error: (07/25/2011 01:42:22 PM) (Source: Service Control Manager) (User: )
Description: The NVR0FLASHDev service failed to start due to the following error:
%%2

Error: (07/25/2011 01:42:05 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:20:55 PM on ?7/?25/?2011 was unexpected.

Error: (07/25/2011 07:49:22 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ANARCH
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E5F114B-F029-4DA6-876D-694D3D2E537D}.
The master browser is stopping or an election is being forced.

Error: (07/24/2011 11:35:52 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ANARCH
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6E5F114B-F029-4DA6-876D-694D3D2E537D}.
The master browser is stopping or an election is being forced.

Error: (07/24/2011 10:34:32 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (07/23/2011 09:05:12 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Chris\Downloads\esetsmartinstaller_enu.exe

Error: (07/23/2011 02:35:13 AM) (Source: BugSplat)(User: )
Description: Pando_WinPando-1

Error: (07/23/2011 01:15:12 AM) (Source: BugSplat)(User: )
Description: Pando_WinPando-1

Error: (07/22/2011 00:22:44 AM) (Source: Application Error)(User: )
Description: SoftwareUpdate.exe2.1.2.1204ae0ac1fntdll.dll6.1.7601.175144ce7ba58c0000005000332ffe2c01cc4826ffb13cc5C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exeC:\Windows\SysWOW64\ntdll.dll3e8f08c6-b41a-11e0-8e54-0026182cc2ce

Error: (07/22/2011 00:12:14 AM) (Source: pctsSvc.exe)(User: )
Description: The service process could not connect to the service controller

Error: (07/21/2011 11:01:23 PM) (Source: IMFservice)(User: )
Description: The handle is invalid

Error: (07/21/2011 04:26:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Chris\Downloads\esetsmartinstaller_enu.exe

Error: (07/19/2011 07:47:12 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Panda PSK service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/19/2011 07:47:12 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Panda IManager Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/19/2011 07:47:12 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Panda On-Access Anti-Malware Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 4095.11 MB
Available physical RAM: 1923.64 MB
Total Pagefile: 8188.42 MB
Available Pagefile: 6055.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.71 MB

========================= Partitions: =====================================

1 Drive c: (Brain) (Fixed) (Total:286.37 GB) (Free:137.38 GB) NTFS

========================= Users: ========================================

User accounts for \\ZEEK

Administrator Chris Guest


== End of log ==


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7278

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/25/2011 8:58:07 PM
mbam-log-2011-07-25 (20-58-07).txt

Scan type: Quick scan
Objects scanned: 169314
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2011/07/25 20:59:59.0376 4796 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 21:00:00.0011 4796 ================================================================================
2011/07/25 21:00:00.0011 4796 SystemInfo:
2011/07/25 21:00:00.0011 4796
2011/07/25 21:00:00.0011 4796 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/25 21:00:00.0011 4796 Product type: Workstation
2011/07/25 21:00:00.0011 4796 ComputerName: ZEEK
2011/07/25 21:00:00.0011 4796 UserName: Chris
2011/07/25 21:00:00.0012 4796 Windows directory: C:\Windows
2011/07/25 21:00:00.0012 4796 System windows directory: C:\Windows
2011/07/25 21:00:00.0012 4796 Running under WOW64
2011/07/25 21:00:00.0012 4796 Processor architecture: Intel x64
2011/07/25 21:00:00.0012 4796 Number of processors: 2
2011/07/25 21:00:00.0012 4796 Page size: 0x1000
2011/07/25 21:00:00.0012 4796 Boot type: Normal boot
2011/07/25 21:00:00.0012 4796 ================================================================================
2011/07/25 21:00:01.0781 4796 Initialize success
2011/07/25 21:00:07.0734 3080 ================================================================================
2011/07/25 21:00:07.0734 3080 Scan started
2011/07/25 21:00:07.0734 3080 Mode: Manual;
2011/07/25 21:00:07.0734 3080 ================================================================================
2011/07/25 21:00:09.0980 3080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/25 21:00:10.0073 3080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/25 21:00:10.0119 3080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/25 21:00:10.0176 3080 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/07/25 21:00:10.0316 3080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/25 21:00:10.0390 3080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/25 21:00:10.0433 3080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/25 21:00:10.0606 3080 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/25 21:00:10.0706 3080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/25 21:00:10.0764 3080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/25 21:00:10.0800 3080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/25 21:00:10.0842 3080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/25 21:00:10.0875 3080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/25 21:00:10.0924 3080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/25 21:00:10.0958 3080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/25 21:00:10.0986 3080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/25 21:00:11.0047 3080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/25 21:00:11.0119 3080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/25 21:00:11.0150 3080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/25 21:00:11.0203 3080 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
2011/07/25 21:00:11.0349 3080 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
2011/07/25 21:00:11.0389 3080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/25 21:00:11.0442 3080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/25 21:00:11.0594 3080 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/25 21:00:11.0729 3080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/25 21:00:11.0786 3080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/25 21:00:11.0855 3080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/25 21:00:11.0954 3080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/25 21:00:12.0039 3080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/25 21:00:12.0090 3080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/25 21:00:12.0120 3080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/25 21:00:12.0189 3080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/25 21:00:12.0227 3080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/25 21:00:12.0257 3080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/25 21:00:12.0276 3080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/25 21:00:12.0307 3080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/25 21:00:12.0379 3080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/25 21:00:12.0464 3080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/25 21:00:12.0511 3080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/25 21:00:12.0573 3080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/25 21:00:12.0646 3080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/25 21:00:12.0697 3080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/25 21:00:12.0751 3080 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/25 21:00:12.0786 3080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/25 21:00:12.0852 3080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/25 21:00:12.0953 3080 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
2011/07/25 21:00:12.0997 3080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/25 21:00:13.0135 3080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/25 21:00:13.0171 3080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/25 21:00:13.0210 3080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/25 21:00:13.0272 3080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/25 21:00:13.0329 3080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/25 21:00:13.0451 3080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/25 21:00:13.0597 3080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/25 21:00:13.0649 3080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/25 21:00:13.0696 3080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/25 21:00:13.0736 3080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/25 21:00:13.0777 3080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/25 21:00:13.0823 3080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/25 21:00:13.0984 3080 FileMonitor (c896f451d567762b0f2feeda327ada01) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
2011/07/25 21:00:14.0013 3080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/25 21:00:14.0066 3080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/25 21:00:14.0135 3080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/25 21:00:14.0178 3080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/25 21:00:14.0204 3080 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/25 21:00:14.0295 3080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/25 21:00:14.0336 3080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/25 21:00:14.0379 3080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/25 21:00:14.0434 3080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/25 21:00:14.0523 3080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/25 21:00:14.0599 3080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/25 21:00:14.0637 3080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/25 21:00:14.0675 3080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/25 21:00:14.0736 3080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/25 21:00:14.0783 3080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/07/25 21:00:14.0966 3080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/25 21:00:15.0037 3080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/25 21:00:15.0089 3080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/25 21:00:15.0147 3080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/25 21:00:15.0209 3080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/25 21:00:15.0272 3080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/25 21:00:15.0363 3080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/25 21:00:15.0397 3080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/25 21:00:15.0464 3080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/25 21:00:15.0526 3080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/25 21:00:15.0562 3080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/25 21:00:15.0624 3080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/25 21:00:15.0677 3080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/25 21:00:15.0724 3080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/25 21:00:15.0803 3080 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys
2011/07/25 21:00:15.0843 3080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/25 21:00:15.0891 3080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/25 21:00:15.0943 3080 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/25 21:00:15.0991 3080 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/25 21:00:16.0016 3080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/25 21:00:16.0099 3080 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/25 21:00:16.0139 3080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/25 21:00:16.0176 3080 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/25 21:00:16.0218 3080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/25 21:00:16.0253 3080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/25 21:00:16.0284 3080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/25 21:00:16.0345 3080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/25 21:00:16.0411 3080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/25 21:00:16.0471 3080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/25 21:00:16.0512 3080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/25 21:00:16.0584 3080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/25 21:00:16.0625 3080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/25 21:00:16.0683 3080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/25 21:00:16.0722 3080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/25 21:00:16.0768 3080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/25 21:00:16.0818 3080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/25 21:00:16.0851 3080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/25 21:00:16.0900 3080 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\MRVW24C.sys
2011/07/25 21:00:16.0951 3080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/25 21:00:17.0002 3080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/25 21:00:17.0066 3080 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/25 21:00:17.0096 3080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/25 21:00:17.0147 3080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/25 21:00:17.0189 3080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/25 21:00:17.0271 3080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/25 21:00:17.0297 3080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/25 21:00:17.0346 3080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/25 21:00:17.0391 3080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/25 21:00:17.0417 3080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/25 21:00:17.0445 3080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/25 21:00:17.0499 3080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/25 21:00:17.0530 3080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/25 21:00:17.0565 3080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/25 21:00:17.0602 3080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/25 21:00:17.0694 3080 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/07/25 21:00:17.0730 3080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/25 21:00:17.0778 3080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/25 21:00:17.0870 3080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/25 21:00:17.0935 3080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/25 21:00:17.0986 3080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/25 21:00:18.0036 3080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/25 21:00:18.0089 3080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/25 21:00:18.0140 3080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/25 21:00:18.0169 3080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/25 21:00:18.0221 3080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/25 21:00:18.0437 3080 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/07/25 21:00:18.0754 3080 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/07/25 21:00:19.0073 3080 NETwNs64 (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/07/25 21:00:19.0268 3080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/25 21:00:19.0351 3080 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
2011/07/25 21:00:19.0399 3080 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
2011/07/25 21:00:19.0430 3080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/25 21:00:19.0462 3080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/25 21:00:19.0542 3080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/25 21:00:19.0604 3080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/25 21:00:19.0912 3080 nvlddmkm (1610a86b327e2fec3b8f849be8cfcd82) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/25 21:00:20.0285 3080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/25 21:00:20.0313 3080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/25 21:00:20.0369 3080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/25 21:00:20.0427 3080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/25 21:00:20.0501 3080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/25 21:00:20.0546 3080 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/25 21:00:20.0582 3080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/25 21:00:20.0635 3080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/25 21:00:20.0683 3080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/25 21:00:20.0762 3080 PCTCore (8f38fffa9e7b9d547b7921efa8edff3c) C:\Windows\system32\drivers\PCTCore64.sys
2011/07/25 21:00:20.0806 3080 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
2011/07/25 21:00:20.0859 3080 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
2011/07/25 21:00:20.0906 3080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/25 21:00:20.0944 3080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/25 21:00:21.0066 3080 pgfilter (4533f4eb614fe84083685b41b99aaad8) C:\Program Files\PeerGuardian2\pgfilter.sys
2011/07/25 21:00:21.0164 3080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/25 21:00:21.0200 3080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/25 21:00:21.0305 3080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/25 21:00:21.0382 3080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/25 21:00:21.0459 3080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/25 21:00:21.0502 3080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/25 21:00:21.0534 3080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/25 21:00:21.0584 3080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/25 21:00:21.0640 3080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/25 21:00:21.0674 3080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/25 21:00:21.0703 3080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/25 21:00:21.0753 3080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/25 21:00:21.0789 3080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/25 21:00:21.0822 3080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/25 21:00:21.0876 3080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/25 21:00:21.0906 3080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/25 21:00:21.0961 3080 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/25 21:00:22.0040 3080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/25 21:00:22.0118 3080 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/07/25 21:00:22.0178 3080 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/07/25 21:00:22.0247 3080 RivaTuner64 (9b29bbd1427f71a854c2b400f3bbcf55) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2011/07/25 21:00:22.0338 3080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/25 21:00:22.0396 3080 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/25 21:00:22.0491 3080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/25 21:00:22.0569 3080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/25 21:00:22.0619 3080 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/07/25 21:00:22.0654 3080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/25 21:00:22.0705 3080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/25 21:00:22.0738 3080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/25 21:00:22.0783 3080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/25 21:00:22.0834 3080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/25 21:00:22.0867 3080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/25 21:00:22.0897 3080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/25 21:00:22.0940 3080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/25 21:00:23.0008 3080 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/07/25 21:00:23.0052 3080 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/07/25 21:00:23.0082 3080 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/07/25 21:00:23.0104 3080 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/07/25 21:00:23.0164 3080 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/07/25 21:00:23.0223 3080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/25 21:00:23.0251 3080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/25 21:00:23.0334 3080 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2011/07/25 21:00:23.0361 3080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/25 21:00:23.0421 3080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/25 21:00:23.0518 3080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/25 21:00:23.0563 3080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/25 21:00:23.0589 3080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/25 21:00:23.0646 3080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/25 21:00:23.0714 3080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/25 21:00:23.0826 3080 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/25 21:00:23.0927 3080 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/25 21:00:23.0984 3080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/25 21:00:24.0040 3080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/25 21:00:24.0079 3080 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/25 21:00:24.0138 3080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/25 21:00:24.0163 3080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/25 21:00:24.0252 3080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/25 21:00:24.0325 3080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/25 21:00:24.0403 3080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/25 21:00:24.0462 3080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/25 21:00:24.0521 3080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/25 21:00:24.0607 3080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/25 21:00:24.0629 3080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/25 21:00:24.0668 3080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/25 21:00:24.0811 3080 UrlFilter (1aa6ca6b150f85f07804cba5f814d9b2) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
2011/07/25 21:00:24.0840 3080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/25 21:00:24.0889 3080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/25 21:00:24.0927 3080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/25 21:00:24.0976 3080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/25 21:00:25.0016 3080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/07/25 21:00:25.0057 3080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/25 21:00:25.0091 3080 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
2011/07/25 21:00:25.0124 3080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/25 21:00:25.0152 3080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/25 21:00:25.0195 3080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/25 21:00:25.0359 3080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/25 21:00:25.0418 3080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/25 21:00:25.0457 3080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/25 21:00:25.0491 3080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/25 21:00:25.0526 3080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/25 21:00:25.0561 3080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/25 21:00:25.0630 3080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/25 21:00:25.0663 3080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/25 21:00:25.0753 3080 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
2011/07/25 21:00:25.0827 3080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/25 21:00:25.0867 3080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/25 21:00:25.0891 3080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/25 21:00:25.0942 3080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/25 21:00:26.0022 3080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 21:00:26.0038 3080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 21:00:26.0116 3080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/25 21:00:26.0180 3080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/25 21:00:26.0265 3080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/25 21:00:26.0294 3080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/25 21:00:26.0401 3080 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/25 21:00:26.0512 3080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/25 21:00:26.0648 3080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/25 21:00:26.0699 3080 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/07/25 21:00:26.0768 3080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/25 21:00:26.0809 3080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/25 21:00:26.0912 3080 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/25 21:00:26.0917 3080 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/25 21:00:26.0935 3080 Boot (0x1200) (7b77340a7cd562279d27b697cd89898d) \Device\Harddisk0\DR0\Partition0
2011/07/25 21:00:26.0940 3080 ================================================================================
2011/07/25 21:00:26.0941 3080 Scan finished
2011/07/25 21:00:26.0941 3080 ================================================================================
2011/07/25 21:00:26.0959 4156 Detected object count: 1
2011/07/25 21:00:26.0959 4156 Actual detected object count: 1
2011/07/25 21:00:56.0585 4156 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/25 21:00:56.0586 4156 \Device\Harddisk0\DR0 - ok
2011/07/25 21:00:56.0589 4156 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/25 21:01:03.0190 4948 Deinitialize success

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-25 21:55:46
Windows 6.1.7601 Service Pack 1
Running: hkbfzm5v.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0xBB 0x07 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x84 0x16 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0xBC 0x3E 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0xE4 0xBB 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0xBB 0x07 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x84 0x16 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0xBC 0x3E 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0xE4 0xBB 0x60 ...

---- Files - GMER 1.0.15 ----

File C:\$WINDOWS.~Q\DATA\Program Files\ASUS\ASUS Data Security Manager\driver\x64 0 bytes
File C:\$WINDOWS.~Q\DATA\Program Files\ASUS\ASUS Data Security Manager\driver\x64\AsDsm.sys 34872 bytes executable
File C:\$WINDOWS.~Q\DATA\Program Files\ASUS\ASUS Data Security Manager\driver\x64\_avt 512 bytes
File C:\Users\Chris\Safe Doc 0 bytes
File C:\Users\Chris\Safe Doc\_avt 512 bytes
File C:\Users\Chris\Safe Doc\_lit 512 bytes
File C:\Users\Chris\Safe Music 0 bytes
File C:\Users\Chris\Safe Music\_avt 512 bytes
File C:\Users\Chris\Safe Music\_lit 512 bytes
File C:\Users\Chris\Safe Video 0 bytes
File C:\Users\Chris\Safe Video\_avt 512 bytes
File C:\Users\Chris\Safe Video\_lit 512 bytes
File C:\Windows.old\Users\Chris\Safe Doc 0 bytes
File C:\Windows.old\Users\Chris\Safe Doc\_avt 512 bytes
File C:\Windows.old\Users\Chris\Safe Doc\_lit 512 bytes
File C:\Windows.old\Users\Chris\Safe Music 0 bytes
File C:\Windows.old\Users\Chris\Safe Music\_avt 512 bytes
File C:\Windows.old\Users\Chris\Safe Music\_lit 512 bytes
File C:\Windows.old\Users\Chris\Safe Video 0 bytes
File C:\Windows.old\Users\Chris\Safe Video\_avt 512 bytes
File C:\Windows.old\Users\Chris\Safe Video\_lit 512 bytes
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 1040 bytes
File C:\ADSM_PData_0150\DB\VL.db 6160 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes

---- EOF - GMER 1.0.15 ----



It seems as if the redirects are no more. Thanks a lot my friend, Do you have any other tips for making sure my system is secure and not affected by a hacker or bot of some kind, seeing that odd IP in netstat was unsettling and I just want to make sure I am not messed with. Thanks again.

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:18 AM

Posted 25 July 2011 - 09:11 PM

It seems as if the redirects are no more. Thanks a lot my friend, Do you have any other tips for making sure my system is secure and not affected by a hacker or bot of some kind, seeing that odd IP in netstat was unsettling and I just want to make sure I am not messed with. Thanks again.


Yes, TDSSkiller found and cured what was likely causing the redirect. I do have some tips, but I just want to double check you're clean first.

:step1:
Please run the F-Secure Online Scanner
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Archit3ct

Archit3ct
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 25 July 2011 - 11:32 PM

Okay took a little bit but here it is.

Scanning Report
Tuesday, July 26, 2011 23:33:56 - 00:26:23

Computer name: ZEEK
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ Q:\
6 malware found
Suspicious:W32/Malware!Gemini (spyware)

System (Disinfected)

Stealth_file (virus)

C:\ADSM_PDATA_0150\DB\_AVT (Not cleaned & Submitted)

Stealth_file (virus)

C:\ADSM_PDATA_0150\DRAGWAIT.EXE (Not cleaned & Submitted)

Stealth_file (virus)

C:\ADSM_PDATA_0150\_AVT (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

C:\USERS\CHRIS\DESKTOP\NEW FOLDER (3)\HKBFZM5V.EXE (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

C:\PROGRAM FILES (X86)\FVD SUITE\FFMPEG\FFMPEG.EXE (Not cleaned & Submitted)

Statistics
Scanned:

Files: 68552
System: 9221
Not scanned: 81

Actions:

Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 5
Submitted: 4

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\ETILQS_ZX1WF3NBYMPXPL3J8STC
C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\ETILQS_KQMQH0KRGFSC3CAOFRDL
C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\HSPERFDATA_CHRIS\5136
C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\HSPERFDATA_CHRIS\5520
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_1
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_2
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_3
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\INDEX
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\MEDIA CACHE\DATA_0
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3
C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX
C:\SYSTEM VOLUME INFORMATION\{097A1880-B3D1-11E0-917D-0026182CC2CE}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{1B59FC75-B572-11E0-870F-0026182CC2CE}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{35B52329-B23C-11E0-93AC-0026182CC2CE}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{373E4F2A-B4B7-11E0-935B-0026182CC2CE}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{35B5230C-B23C-11E0-93AC-0026182CC2CE}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{F5FEC39D-B722-11E0-A6DE-0026182CC2CE}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12648FE293F5CFF66A23543840574DFC_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16E0F22E92194D8A7FA38222C84FB5BC_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D8EFD19F515716A32838AD47024FFD9_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\330170F88EAEC7937CF8861499FEAD4F_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A1860BD86D69DF709DCD3BD5A8C350A_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50663B634EE325CB2B5D2F7705811607_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5112954AAA7FAAFDB6E98F95CEBDC9DD_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61A93E1C4F29035AF1A46709E0D604E6_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65F7C00BF957D25BC30E5979705A628B_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B93531854A600C97E2E5FB2CB631187_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\743B8A28D25FC039EAF9B8E9FCABB46E_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D530CE5F2D16AD1169FFF07A63C1BF7_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94B6752A73A02DE292AD217D187A5DFE_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9541B90D6BDA27473333A5DC40F1D3B2_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D686E7976C0E8964417EE5449D82356_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E74848F52FB211C44022A398F0FCE92_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\894087AD75F7667B52C6D9DC35BF45E2_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9937744D0397919BDB759E4D53A5E502_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8FDB21C36E2C8D5C25FBBABCACB4A9C2_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A220A3BB48F8FB4074F1CC33B68F2B69_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B315906329416EF856F6C9A85CBE75F8_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A843AC42C63DDA426B27C32FFEB64282_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF69826B880C61DB98CCD929B1B875A7_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B62E5224FA055C3D032B2F6EE23215A9_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADF74C959DD73CA27FDA218FCCB61AE6_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB2CDB6A06505F5206935D625C2414A1_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CA7C65D4C482A6EDA75CACA67A7CB726_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDA126F33672DB6FB9F06D434255EA12_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3CD43BB4879D4533D8ADD44D15ED571_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB5D803D885928FE43F33566DC7A8943_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D215E646F88091F9E13FA5F2C963A2E9_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED8A2726C665E047D9A7D00003E9C9A9_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D275A36E59FC0891A550F511F43AE360_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8BEF95581EE1024212A631081025B9E_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC5C1DBA606567BE33F609B583BC6464_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6259FD663744882058E956E5999D5C3_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F346344B30290A7040D5D56738A166BC_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF8676328EB6B92E6CC2B22FE286E31B_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5C741CEB17E075E205EE2C09A196908_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9569B117F8B4D8519AB4F4321766520_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FAED29846FF580F5F6E1307A1A6F69D2_BC24C6A9-9525-4F82-9D8A-17D520EE3862
C:\BOOT\BCD

I think ADSM is a encryption program for ASUS computers, not sure why these were not cleaned. Also I am not sure what FVD suite is. Oh and HKBFZM5V.EXE is GMER

Edited by Archit3ct, 25 July 2011 - 11:34 PM.


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:18 AM

Posted 26 July 2011 - 07:06 AM

I think ADSM is a encryption program for ASUS computers, not sure why these were not cleaned. Also I am not sure what FVD suite is. Oh and HKBFZM5V.EXE is GMER


Yes, I you are correct with ADSM and HKBFZM5V.EXE, these are false positives.

How's the computer running now? Anything out of the ordinary?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Archit3ct

Archit3ct
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 26 July 2011 - 07:14 AM

Seems to be working great, No redirects or anything. Any Tips for the future?

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:18 AM

Posted 26 July 2011 - 07:23 AM

Your computer looks clean!

Let's take some preventative steps to ensure you don't get infected again:


:step1: Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

:step2: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step3: Your Adobe Flash version is out of date.
Older Adobe Flash versions have vulnerabilities in them that malware can use to reinfect your computer. It is strongly recommended to update to the latest, secure version of Adobe Flash.

To do this, go to http://filehippo.com/download_flashplayer_ie/10128/ for the Internet Explorer version of Flash
and http://filehippo.com/download_flashplayer_firefox/10129/ for the Non-Internet Explorer version of Flash

Please download and update both versions.

:step4: Make Internet Explorer more secure:
Hold down the Windows Key, and press the R key.
In the Run Dialog box, type: inetcpl.cpl & click OK
Click on the Security tab,
Click Reset all zones to default level
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

:step5: Install the Latest Version of Common Software:
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting http://secunia.com/vulnerability_scanning/online/ and http://www.calendarofupdates.com/updates/calendar.html.

I recommend FileHippo's update checker that scans your computer for programs it recognizes and allows you to easily download new versions of common software: http://filehippo.com/updatechecker/UpdateChecker.exe

:step6: Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Please feel free to post any future computer problems in the appropriate forum. Have a great day! :)

Edited by jntkwx, 26 July 2011 - 07:24 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users