Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Results Hijacked


  • This topic is locked This topic is locked
14 replies to this topic

#1 thomasgrout

thomasgrout

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 27 July 2011 - 12:01 AM

Hello, I was downloading files on vuze when all of a sudden Microsoft Security Essentials said I was getting a trojan. I removed the file via MSE and then subsequently ran Malware Bytes, which found 26 threats. I deleted them, which required a restart. However, I was getting popups saying generic messages about how my system was at risk. I ran malware bytes in both normal and safe mode, with both MSE running and not running. Both programs were updated. After a little manual deleting of suspicious files I have managed to get the popups beaten. The problem is that now when I do google searches I will periodically get redirected to some site other than the link I clicked. Malware bytes comes back clean. I'm running vista, I think its 64 bit so it wont include the one log the instructions asked me to include. Hopefully you can be my savior!

Here is the DDS log. . .

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_24
Run by Thomas at 21:49:30 on 2011-07-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2187 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe
C:\windows\system32\agr64svc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\windows\SMINST\BLService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\windows\splwow64.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\explorer.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
uRun: [ehTray.exe] C:\windows\ehome\ehTray.exe
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [readericon10] C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {00C3D8DD-8D26-41D1-BD7E-9BEC60F29516} - hxxp://myspeed.skbroadband.com/cab/qmsforhanaro.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://oss.skbroadband.com/initech/plugin/down/INIS60.cab
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.1/rayvactivex.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.04/uploader2.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/43.11/uploader2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9B77036D-95C0-4305-8F38-4746E3D5FF53} - hxxp://iplay.kkang.co.kr/ocx/MKPM.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DB7FA8D-D399-4D25-ACAC-ED0BDBACDA24} : DhcpNameServer = 68.87.64.216 68.87.66.216
TCP: Interfaces\{8C6B277A-3A11-4EF2-B413-1F9D7F1DCCF5} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
mRun-x64: [readericon10] C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cnm5lqc2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-7-23 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe --> C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\windows\SMINST\BLService.exe [2008-9-3 361808]
R2 vfsFPService;Validity Fingerprint Service;C:\windows\System32\vfsFPService.exe [2008-8-24 599344]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-9-3 227896]
R3 itecir;ITECIR Infrared Receiver;C:\windows\system32\DRIVERS\itecir.sys --> C:\windows\system32\DRIVERS\itecir.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\NETw5v64.sys --> C:\windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 vfs101a;vfs101a;C:\windows\system32\drivers\vfs101a.sys --> C:\windows\system32\drivers\vfs101a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\b57nd60a.sys --> C:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-5 89920]
.
=============== File Associations ===============
.
JSEFile=C:\windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-27 04:45:58 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1A8F356-AADA-455A-ABC3-6C91AF70E7F6}\mpengine.dll
2011-07-27 04:25:59 388096 ----a-r- C:\Users\Thomas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-27 04:25:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-26 02:26:34 -------- d-----w- C:\Users\Thomas\AppData\Local\{E5C9849B-38E0-4F28-B706-363A3BC12A4C}
2011-07-19 16:49:37 -------- d-----w- C:\Users\Thomas\AppData\Local\SupportSoft
2011-07-19 16:49:07 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2011-07-13 16:31:23 2764288 ----a-w- C:\windows\System32\win32k.sys
2011-07-13 16:31:21 695296 ----a-w- C:\windows\System32\drivers\bthport.sys
2011-07-13 16:31:21 35328 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2011-07-13 16:31:20 85504 ----a-w- C:\windows\System32\csrsrv.dll
2011-07-13 16:31:20 451072 ----a-w- C:\windows\System32\winsrv.dll
2011-06-29 16:34:40 344576 ----a-w- C:\windows\System32\schannel.dll
2011-06-29 16:34:40 276992 ----a-w- C:\windows\SysWow64\schannel.dll
.
==================== Find3M ====================
.
2011-07-07 02:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-05-28 06:28:00 1147904 ----a-w- C:\windows\System32\wininet.dll
2011-05-28 06:24:04 56832 ----a-w- C:\windows\System32\licmgr10.dll
2011-05-28 06:23:47 1538560 ----a-w- C:\windows\System32\inetcpl.cpl
2011-05-28 06:23:30 132096 ----a-w- C:\windows\System32\iesysprep.dll
2011-05-28 06:23:29 77312 ----a-w- C:\windows\System32\iesetup.dll
2011-05-28 06:08:58 916480 ----a-w- C:\windows\SysWow64\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- C:\windows\SysWow64\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2011-05-28 05:33:37 479232 ----a-w- C:\windows\System32\html.iec
2011-05-28 05:10:26 385024 ----a-w- C:\windows\SysWow64\html.iec
2011-05-28 04:53:37 162816 ----a-w- C:\windows\System32\ieUnatt.exe
2011-05-28 04:52:18 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 04:33:03 133632 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-02 17:16:14 739328 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-05-02 17:13:21 975360 ----a-w- C:\windows\System32\inetcomm.dll
2011-04-29 13:41:02 176128 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-04-29 13:40:56 145920 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-04-29 13:39:34 275456 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-04-29 13:39:34 135680 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-04-29 13:39:31 107008 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
.
============= FINISH: 21:50:13.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 29 July 2011 - 09:13 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 thomasgrout

thomasgrout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 31 July 2011 - 07:56 PM

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-07-31 17:52:00
-----------------------------
17:52:00.789 OS Version: Windows x64 6.0.6002 Service Pack 2
17:52:00.789 Number of processors: 2 586 0x1706
17:52:00.790 ComputerName: THOMAS-NOTEBOOK UserName: Thomas
17:52:01.153 Initialze error 0
17:52:10.858 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:52:10.860 Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3
17:52:10.875 Disk 0 MBR read successfully
17:52:10.878 Disk 0 MBR scan
17:52:10.881 Disk 0 unknown MBR code
17:52:10.883 Service scanning
17:52:11.865 Modules scanning
17:52:11.868 Disk 0 trace - called modules:
17:52:11.871 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iastor.sys hal.dll
17:52:11.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058e0790]
17:52:11.878 3 CLASSPNP.SYS[fffffa6000eadc33] -> nt!IofCallDriver -> [0xfffffa80067d59b0]
17:52:11.881 5 hpdskflt.sys[fffffa60013eb0ee] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80053c2050]
17:52:11.884 Scan finished successfully
17:52:27.493 Disk 0 MBR has been saved successfully to "C:\Users\Thomas\Desktop\MBR.dat"
17:52:27.499 The log file has been saved successfully to "C:\Users\Thomas\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   546bytes   1 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 31 July 2011 - 08:28 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 thomasgrout

thomasgrout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 31 July 2011 - 10:51 PM

ComboFix 11-07-31.04 - Thomas 07/31/2011 20:29:50.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2597 [GMT -7:00]
Running from: c:\users\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INITECH
c:\users\Thomas\AppData\Roaming\Adobe\plugs
c:\users\Thomas\AppData\Roaming\Adobe\shed
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 03:38 . 2011-08-01 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 00:22 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B775F6CF-E4B2-4812-BE80-CB4CF6BB235F}\mpengine.dll
2011-07-27 10:01 . 2011-07-27 10:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-27 10:01 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-27 04:25 . 2011-07-27 04:25 388096 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-27 04:25 . 2011-07-27 04:25 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-26 02:26 . 2011-07-26 02:26 -------- d-----w- c:\users\Thomas\AppData\Local\{E5C9849B-38E0-4F28-B706-363A3BC12A4C}
2011-07-19 16:50 . 2011-07-20 17:19 -------- d-----w- c:\programdata\SupportSoft
2011-07-19 16:49 . 2011-07-20 17:19 -------- d-----w- c:\users\Thomas\AppData\Local\SupportSoft
2011-07-19 16:49 . 2011-07-20 17:20 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft
2011-07-13 16:31 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:31 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 16:31 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 16:31 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:31 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 04:53 . 2011-02-01 22:52 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-07 02:52 . 2011-01-30 17:39 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-01-30 17:39 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 06:28 . 2011-06-16 16:10 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:24 . 2011-06-16 16:10 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:23 . 2011-06-16 16:10 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:23 . 2011-06-16 16:10 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 06:23 . 2011-06-16 16:10 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:08 . 2011-06-16 16:10 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-28 06:04 . 2011-06-16 16:10 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 16:10 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 16:10 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-28 06:04 . 2011-06-16 16:10 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-28 05:33 . 2011-06-16 16:10 479232 ----a-w- c:\windows\system32\html.iec
2011-05-28 05:10 . 2011-06-16 16:10 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-05-28 04:53 . 2011-06-16 16:10 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:52 . 2011-06-16 16:10 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 04:33 . 2011-06-16 16:10 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 16:10 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"readericon10"="c:\program files (x86)\Multimedia Card Reader\readericon10.exe" [2007-11-22 131072]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2008-07-15 814144]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-08-07 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-08-02 1144104]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-08-02 210216]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-07-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\EA Sports\FIFA Online 2\GameGuard\dump_wmimmc.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-07-24 27632]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-31 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-08-24 719152]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-01 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF19691.cfxxe" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-05-23 284160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {00C3D8DD-8D26-41D1-BD7E-9BEC60F29516} - hxxp://myspeed.skbroadband.com/cab/qmsforhanaro.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://oss.skbroadband.com/initech/plugin/down/INIS60.cab
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.1/rayvactivex.cab
DPF: {9B77036D-95C0-4305-8F38-4746E3D5FF53} - hxxp://iplay.kkang.co.kr/ocx/MKPM.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cnm5lqc2.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Desktop Software - c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe
Wow6432Node-HKLM-Run-Bing Bar - c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-ZGIUninstallKey - c:\oldgames\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-07-31 20:47:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-01 03:47
.
Pre-Run: 156,356,173,824 bytes free
Post-Run: 157,298,704,384 bytes free
.
- - End Of File - - 35999D018CD063A70EC98D3B063533DF

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 01 August 2011 - 06:04 AM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 thomasgrout

thomasgrout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 02 August 2011 - 10:43 AM

8/1/2011 10:37:43 PM
mbam-log-2011-08-01 (22-37-43).txt

Scan type: Quick scan
Objects scanned: 181476
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET

C:\Users\Thomas\Desktop\Poetry\Random\Poetry Out Loud\POL\blog.htm HTML/ScrInject.B.Gen virus

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 02 August 2011 - 06:00 PM

Hi

Please do the following:

Press the WinKey + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "C:\Users\Thomas\Desktop\Poetry\Random\Poetry Out Loud\POL\blog.htm"



NEXT



Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 26 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 26 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u26 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT


Please post a fresh DDS Log and advise how your computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 thomasgrout

thomasgrout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 03 August 2011 - 01:06 PM

When I restarted after Java uninstall, MSE detected a trojan that was trying to be installed. I believe this is the second time MSE has caught this file, so it seems like something is still trying to install it on restart. Here is a link to the encyclopedia entry pertaining to the file on microsoft's website.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan%3aJS%2fHiloti.D&threatid=2147647943

Also, when I tried to update Adobe Flash, it said that it wouldn't update because firefox was currently running, though no window was up. I did see it running in taskmanager, however. I clicked about 10-15 random google search results and didn't see any of them get hijacked. I did have it happen a few times yesterday when I was working however.


Here is DDS
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Thomas at 10:58:05 on 2011-08-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2342 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe
C:\windows\system32\agr64svc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\windows\SMINST\BLService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\ehome\ehtray.exe
C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\msiexec.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\notepad.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
uRun: [ehTray.exe] C:\windows\ehome\ehTray.exe
mRun: [readericon10] C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {00C3D8DD-8D26-41D1-BD7E-9BEC60F29516} - hxxp://myspeed.skbroadband.com/cab/qmsforhanaro.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://oss.skbroadband.com/initech/plugin/down/INIS60.cab
DPF: {3B1E1AB9-98C2-4B7E-AE01-59C84302BBDB} - hxxp://update.rayv.com/viewer/webinstall/ActiveXInstall1.1/rayvactivex.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.04/uploader2.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/43.11/uploader2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9B77036D-95C0-4305-8F38-4746E3D5FF53} - hxxp://iplay.kkang.co.kr/ocx/MKPM.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DB7FA8D-D399-4D25-ACAC-ED0BDBACDA24} : DhcpNameServer = 68.87.64.216 68.87.66.216
TCP: Interfaces\{8C6B277A-3A11-4EF2-B413-1F9D7F1DCCF5} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
mRun-x64: [readericon10] C:\Program Files (x86)\Multimedia Card Reader\readericon10.exe
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cnm5lqc2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-7-23 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe --> C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\windows\SMINST\BLService.exe [2008-9-3 361808]
R2 vfsFPService;Validity Fingerprint Service;C:\windows\System32\vfsFPService.exe [2008-8-24 599344]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-9-3 227896]
R3 itecir;ITECIR Infrared Receiver;C:\windows\system32\DRIVERS\itecir.sys --> C:\windows\system32\DRIVERS\itecir.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\NETw5v64.sys --> C:\windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 vfs101a;vfs101a;C:\windows\system32\drivers\vfs101a.sys --> C:\windows\system32\drivers\vfs101a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\b57nd60a.sys --> C:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-5 89920]
.
=============== File Associations ===============
.
JSEFile=C:\windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-08-03 03:47:07 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AE3EB86-4A46-4037-AB3E-147FC9E5534D}\mpengine.dll
2011-08-01 03:41:05 -------- d-----w- C:\$RECYCLE.BIN
2011-08-01 03:05:28 98816 ----a-w- C:\windows\sed.exe
2011-08-01 03:05:28 518144 ----a-w- C:\windows\SWREG.exe
2011-08-01 03:05:28 256000 ----a-w- C:\windows\PEV.exe
2011-08-01 03:05:28 208896 ----a-w- C:\windows\MBR.exe
2011-07-27 10:01:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-27 10:01:32 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-27 04:25:59 388096 ----a-r- C:\Users\Thomas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-27 04:25:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-26 02:26:34 -------- d-----w- C:\Users\Thomas\AppData\Local\{E5C9849B-38E0-4F28-B706-363A3BC12A4C}
2011-07-19 16:49:37 -------- d-----w- C:\Users\Thomas\AppData\Local\SupportSoft
2011-07-19 16:49:07 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2011-07-13 16:31:23 2764288 ----a-w- C:\windows\System32\win32k.sys
2011-07-13 16:31:21 695296 ----a-w- C:\windows\System32\drivers\bthport.sys
2011-07-13 16:31:21 35328 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2011-07-13 16:31:20 85504 ----a-w- C:\windows\System32\csrsrv.dll
2011-07-13 16:31:20 451072 ----a-w- C:\windows\System32\winsrv.dll
.
==================== Find3M ====================
.
2011-08-03 17:48:55 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-07-07 02:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-05-28 06:28:00 1147904 ----a-w- C:\windows\System32\wininet.dll
2011-05-28 06:24:04 56832 ----a-w- C:\windows\System32\licmgr10.dll
2011-05-28 06:23:47 1538560 ----a-w- C:\windows\System32\inetcpl.cpl
2011-05-28 06:23:30 132096 ----a-w- C:\windows\System32\iesysprep.dll
2011-05-28 06:23:29 77312 ----a-w- C:\windows\System32\iesetup.dll
2011-05-28 06:08:58 916480 ----a-w- C:\windows\SysWow64\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- C:\windows\SysWow64\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2011-05-28 05:33:37 479232 ----a-w- C:\windows\System32\html.iec
2011-05-28 05:10:26 385024 ----a-w- C:\windows\SysWow64\html.iec
2011-05-28 04:53:37 162816 ----a-w- C:\windows\System32\ieUnatt.exe
2011-05-28 04:52:18 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 04:33:03 133632 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 10:58:47.21 ===============

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 03 August 2011 - 06:42 PM

Hi

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT




Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 thomasgrout

thomasgrout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 03 August 2011 - 08:45 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:41 on 03/08/2011 (Thomas)
Firefox version 5.0.1 (en-US)

========== GooredScan ==========

Removing Orphan:
"msntoolbar@msn.com"="C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:19 26/07/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:17 04/12/2009]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [08:04 02/02/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [15:44 31/08/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [16:28 04/11/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [18:12 03/02/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [17:49 03/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [18:54 20/05/2009]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [10:01 11/10/2010]

-=E.O.F=-


2011/08/03 18:40:24.0144 2160 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/03 18:40:24.0663 2160 ================================================================================
2011/08/03 18:40:24.0663 2160 SystemInfo:
2011/08/03 18:40:24.0663 2160
2011/08/03 18:40:24.0663 2160 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/03 18:40:24.0663 2160 Product type: Workstation
2011/08/03 18:40:24.0663 2160 ComputerName: THOMAS-NOTEBOOK
2011/08/03 18:40:24.0664 2160 UserName: Thomas
2011/08/03 18:40:24.0664 2160 Windows directory: C:\windows
2011/08/03 18:40:24.0664 2160 System windows directory: C:\windows
2011/08/03 18:40:24.0664 2160 Running under WOW64
2011/08/03 18:40:24.0664 2160 Processor architecture: Intel x64
2011/08/03 18:40:24.0664 2160 Number of processors: 2
2011/08/03 18:40:24.0664 2160 Page size: 0x1000
2011/08/03 18:40:24.0664 2160 Boot type: Normal boot
2011/08/03 18:40:24.0664 2160 ================================================================================
2011/08/03 18:40:25.0297 2160 Initialize success
2011/08/03 18:40:31.0190 3868 ================================================================================
2011/08/03 18:40:31.0190 3868 Scan started
2011/08/03 18:40:31.0190 3868 Mode: Manual;
2011/08/03 18:40:31.0190 3868 ================================================================================
2011/08/03 18:40:32.0019 3868 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/08/03 18:40:32.0139 3868 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\windows\system32\drivers\acpi.sys
2011/08/03 18:40:32.0292 3868 adp94xx (f14215e37cf124104575073f782111d2) C:\windows\system32\drivers\adp94xx.sys
2011/08/03 18:40:32.0394 3868 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\windows\system32\drivers\adpahci.sys
2011/08/03 18:40:32.0500 3868 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\windows\system32\drivers\adpu160m.sys
2011/08/03 18:40:32.0556 3868 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\windows\system32\drivers\adpu320.sys
2011/08/03 18:40:32.0784 3868 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\windows\system32\drivers\afd.sys
2011/08/03 18:40:32.0975 3868 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\windows\system32\DRIVERS\agrsm64.sys
2011/08/03 18:40:33.0129 3868 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\windows\system32\drivers\agp440.sys
2011/08/03 18:40:33.0194 3868 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\windows\system32\drivers\djsvs.sys
2011/08/03 18:40:33.0323 3868 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\windows\system32\drivers\aliide.sys
2011/08/03 18:40:33.0360 3868 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\windows\system32\drivers\amdide.sys
2011/08/03 18:40:33.0469 3868 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\windows\system32\drivers\amdk8.sys
2011/08/03 18:40:33.0510 3868 ApfiltrService (eedcb7802bde1631a2d1ed491321c5ff) C:\windows\system32\DRIVERS\Apfiltr.sys
2011/08/03 18:40:33.0632 3868 arc (ba8417d4765f3988ff921f30f630e303) C:\windows\system32\drivers\arc.sys
2011/08/03 18:40:33.0728 3868 arcsas (9d41c435619733b34cc16a511e644b11) C:\windows\system32\drivers\arcsas.sys
2011/08/03 18:40:33.0858 3868 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\windows\system32\DRIVERS\asyncmac.sys
2011/08/03 18:40:33.0910 3868 atapi (b388797caab36d523840347cc6a39b96) C:\windows\system32\drivers\atapi.sys
2011/08/03 18:40:34.0100 3868 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/08/03 18:40:34.0301 3868 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\windows\system32\drivers\blbdrive.sys
2011/08/03 18:40:34.0379 3868 bowser (2348447a80920b2493a9b582a23e81e1) C:\windows\system32\DRIVERS\bowser.sys
2011/08/03 18:40:34.0501 3868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\brfiltlo.sys
2011/08/03 18:40:34.0536 3868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\brfiltup.sys
2011/08/03 18:40:34.0662 3868 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\windows\system32\drivers\brserid.sys
2011/08/03 18:40:34.0725 3868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\system32\drivers\brserwdm.sys
2011/08/03 18:40:34.0824 3868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\system32\drivers\brusbmdm.sys
2011/08/03 18:40:34.0853 3868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\system32\drivers\brusbser.sys
2011/08/03 18:40:34.0969 3868 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\windows\system32\DRIVERS\BthEnum.sys
2011/08/03 18:40:35.0083 3868 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\windows\system32\drivers\bthmodem.sys
2011/08/03 18:40:35.0143 3868 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\windows\system32\DRIVERS\bthpan.sys
2011/08/03 18:40:35.0290 3868 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\windows\system32\Drivers\BTHport.sys
2011/08/03 18:40:35.0415 3868 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\windows\system32\Drivers\BTHUSB.sys
2011/08/03 18:40:35.0444 3868 btwavdt (df18e4291c43bed05b1d0c2d5c0e96d6) C:\windows\system32\drivers\btwavdt.sys
2011/08/03 18:40:35.0529 3868 btwrchid (637a44c54520a9958e2e5e3ee9e26c4a) C:\windows\system32\drivers\btwrchid.sys
2011/08/03 18:40:35.0663 3868 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\windows\system32\DRIVERS\cdfs.sys
2011/08/03 18:40:35.0825 3868 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\windows\system32\DRIVERS\cdrom.sys
2011/08/03 18:40:35.0899 3868 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\windows\system32\DRIVERS\circlass.sys
2011/08/03 18:40:36.0007 3868 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\windows\system32\CLFS.sys
2011/08/03 18:40:36.0175 3868 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\windows\system32\DRIVERS\CmBatt.sys
2011/08/03 18:40:36.0200 3868 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\windows\system32\drivers\cmdide.sys
2011/08/03 18:40:36.0322 3868 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\windows\system32\DRIVERS\compbatt.sys
2011/08/03 18:40:36.0339 3868 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\windows\system32\drivers\crcdisk.sys
2011/08/03 18:40:36.0509 3868 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\windows\system32\Drivers\dfsc.sys
2011/08/03 18:40:36.0699 3868 disk (b0107e40ecdb5fa692ebf832f295d905) C:\windows\system32\drivers\disk.sys
2011/08/03 18:40:36.0864 3868 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\windows\system32\drivers\drmkaud.sys
2011/08/03 18:40:37.0051 3868 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\windows\System32\drivers\dxgkrnl.sys
2011/08/03 18:40:37.0200 3868 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\windows\system32\DRIVERS\E1G6032E.sys
2011/08/03 18:40:37.0378 3868 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\windows\system32\drivers\ecache.sys
2011/08/03 18:40:37.0446 3868 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\windows\system32\drivers\elxstor.sys
2011/08/03 18:40:37.0560 3868 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\windows\system32\drivers\errdev.sys
2011/08/03 18:40:37.0634 3868 exfat (486844f47b6636044a42454614ed4523) C:\windows\system32\drivers\exfat.sys
2011/08/03 18:40:37.0765 3868 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\windows\system32\drivers\fastfat.sys
2011/08/03 18:40:37.0797 3868 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\windows\system32\DRIVERS\fdc.sys
2011/08/03 18:40:37.0898 3868 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\windows\system32\drivers\fileinfo.sys
2011/08/03 18:40:37.0923 3868 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\windows\system32\drivers\filetrace.sys
2011/08/03 18:40:37.0970 3868 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\windows\system32\DRIVERS\flpydisk.sys
2011/08/03 18:40:38.0105 3868 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\windows\system32\drivers\fltmgr.sys
2011/08/03 18:40:38.0240 3868 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\windows\system32\drivers\Fs_Rec.sys
2011/08/03 18:40:38.0278 3868 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\windows\system32\drivers\gagp30kx.sys
2011/08/03 18:40:38.0415 3868 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\windows\system32\drivers\HdAudio.sys
2011/08/03 18:40:38.0494 3868 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/08/03 18:40:38.0605 3868 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\windows\system32\drivers\hidbth.sys
2011/08/03 18:40:38.0643 3868 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\windows\system32\DRIVERS\hidir.sys
2011/08/03 18:40:38.0772 3868 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\windows\system32\DRIVERS\hidusb.sys
2011/08/03 18:40:38.0935 3868 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\windows\system32\drivers\hpcisss.sys
2011/08/03 18:40:39.0094 3868 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/08/03 18:40:39.0210 3868 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/08/03 18:40:39.0364 3868 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\windows\system32\drivers\HTTP.sys
2011/08/03 18:40:39.0477 3868 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\windows\system32\drivers\i2omp.sys
2011/08/03 18:40:39.0545 3868 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\windows\system32\DRIVERS\i8042prt.sys
2011/08/03 18:40:39.0632 3868 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\windows\system32\drivers\iastor.sys
2011/08/03 18:40:39.0691 3868 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\windows\system32\drivers\iastorv.sys
2011/08/03 18:40:39.0816 3868 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\windows\system32\drivers\iirsp.sys
2011/08/03 18:40:39.0899 3868 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\windows\system32\drivers\intelide.sys
2011/08/03 18:40:39.0974 3868 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\windows\system32\DRIVERS\intelppm.sys
2011/08/03 18:40:40.0075 3868 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/08/03 18:40:40.0183 3868 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\windows\system32\drivers\ipmidrv.sys
2011/08/03 18:40:40.0236 3868 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\windows\system32\DRIVERS\ipnat.sys
2011/08/03 18:40:40.0268 3868 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\windows\system32\drivers\irenum.sys
2011/08/03 18:40:40.0390 3868 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\windows\system32\drivers\isapnp.sys
2011/08/03 18:40:40.0493 3868 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\windows\system32\DRIVERS\msiscsi.sys
2011/08/03 18:40:40.0596 3868 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\windows\system32\drivers\iteatapi.sys
2011/08/03 18:40:40.0650 3868 itecir (e157d6b89d87a1b467ecdd66d280a1c2) C:\windows\system32\DRIVERS\itecir.sys
2011/08/03 18:40:40.0766 3868 iteraid (1281fe73b17664631d12f643cbea3f59) C:\windows\system32\drivers\iteraid.sys
2011/08/03 18:40:40.0823 3868 kbdclass (423696f3ba6472dd17699209b933bc26) C:\windows\system32\DRIVERS\kbdclass.sys
2011/08/03 18:40:40.0882 3868 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\windows\system32\DRIVERS\kbdhid.sys
2011/08/03 18:40:40.0988 3868 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\windows\system32\Drivers\ksecdd.sys
2011/08/03 18:40:41.0024 3868 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\windows\system32\drivers\ksthunk.sys
2011/08/03 18:40:41.0101 3868 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\windows\system32\DRIVERS\lltdio.sys
2011/08/03 18:40:41.0151 3868 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\windows\system32\drivers\lsi_fc.sys
2011/08/03 18:40:41.0222 3868 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\windows\system32\drivers\lsi_sas.sys
2011/08/03 18:40:41.0320 3868 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\windows\system32\drivers\lsi_scsi.sys
2011/08/03 18:40:41.0380 3868 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\windows\system32\drivers\luafv.sys
2011/08/03 18:40:41.0461 3868 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\windows\system32\drivers\megasas.sys
2011/08/03 18:40:41.0516 3868 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\windows\system32\drivers\megasr.sys
2011/08/03 18:40:41.0594 3868 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\windows\system32\drivers\modem.sys
2011/08/03 18:40:41.0672 3868 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\windows\system32\DRIVERS\monitor.sys
2011/08/03 18:40:41.0744 3868 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\windows\system32\DRIVERS\mouclass.sys
2011/08/03 18:40:41.0779 3868 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\windows\system32\DRIVERS\mouhid.sys
2011/08/03 18:40:41.0814 3868 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\windows\system32\drivers\mountmgr.sys
2011/08/03 18:40:41.0897 3868 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
2011/08/03 18:40:41.0970 3868 mpio (f8276eb8698142884498a528dfea8478) C:\windows\system32\drivers\mpio.sys
2011/08/03 18:40:42.0081 3868 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/08/03 18:40:42.0123 3868 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\windows\system32\drivers\mpsdrv.sys
2011/08/03 18:40:42.0207 3868 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\windows\system32\drivers\mraid35x.sys
2011/08/03 18:40:42.0300 3868 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\windows\system32\drivers\mrxdav.sys
2011/08/03 18:40:42.0407 3868 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/08/03 18:40:42.0450 3868 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/08/03 18:40:42.0574 3868 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/08/03 18:40:42.0706 3868 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\windows\system32\drivers\msahci.sys
2011/08/03 18:40:42.0743 3868 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\windows\system32\drivers\msdsm.sys
2011/08/03 18:40:42.0884 3868 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\windows\system32\drivers\Msfs.sys
2011/08/03 18:40:42.0946 3868 msisadrv (00ebc952961664780d43dca157e79b27) C:\windows\system32\drivers\msisadrv.sys
2011/08/03 18:40:43.0016 3868 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\windows\system32\drivers\MSKSSRV.sys
2011/08/03 18:40:43.0137 3868 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\windows\system32\drivers\MSPCLOCK.sys
2011/08/03 18:40:43.0216 3868 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\windows\system32\drivers\MSPQM.sys
2011/08/03 18:40:43.0324 3868 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\windows\system32\drivers\MsRPC.sys
2011/08/03 18:40:43.0384 3868 mssmbios (855796e59df77ea93af46f20155bf55b) C:\windows\system32\DRIVERS\mssmbios.sys
2011/08/03 18:40:43.0439 3868 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\windows\system32\drivers\MSTEE.sys
2011/08/03 18:40:43.0489 3868 Mup (0cc49f78d8aca0877d885f149084e543) C:\windows\system32\Drivers\mup.sys
2011/08/03 18:40:43.0656 3868 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\windows\system32\DRIVERS\nwifi.sys
2011/08/03 18:40:43.0758 3868 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\windows\system32\drivers\ndis.sys
2011/08/03 18:40:43.0867 3868 NdisTapi (64df698a425478e321981431ac171334) C:\windows\system32\DRIVERS\ndistapi.sys
2011/08/03 18:40:43.0891 3868 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\windows\system32\DRIVERS\ndisuio.sys
2011/08/03 18:40:44.0023 3868 NdisWan (f8158771905260982ce724076419ef19) C:\windows\system32\DRIVERS\ndiswan.sys
2011/08/03 18:40:44.0051 3868 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\windows\system32\drivers\NDProxy.sys
2011/08/03 18:40:44.0195 3868 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\windows\system32\DRIVERS\netbios.sys
2011/08/03 18:40:44.0262 3868 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\windows\system32\DRIVERS\netbt.sys
2011/08/03 18:40:44.0517 3868 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\windows\system32\DRIVERS\NETw5v64.sys
2011/08/03 18:40:44.0739 3868 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\windows\system32\drivers\nfrd960.sys
2011/08/03 18:40:44.0862 3868 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/03 18:40:44.0945 3868 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\windows\system32\drivers\Npfs.sys
2011/08/03 18:40:44.0988 3868 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\windows\system32\drivers\nsiproxy.sys
2011/08/03 18:40:45.0140 3868 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\windows\system32\drivers\Ntfs.sys
2011/08/03 18:40:45.0247 3868 Null (dd5d684975352b85b52e3fd5347c20cb) C:\windows\system32\drivers\Null.sys
2011/08/03 18:40:45.0566 3868 nvlddmkm (fd39b98ff1bb8ed3848781497e9d02e0) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/08/03 18:40:45.0850 3868 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\windows\system32\drivers\nvraid.sys
2011/08/03 18:40:45.0872 3868 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\windows\system32\drivers\nvstor.sys
2011/08/03 18:40:46.0019 3868 nv_agp (19067ca93075ef4823e3938a686f532f) C:\windows\system32\drivers\nv_agp.sys
2011/08/03 18:40:46.0214 3868 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\windows\system32\drivers\ohci1394.sys
2011/08/03 18:40:46.0382 3868 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\windows\system32\DRIVERS\parport.sys
2011/08/03 18:40:46.0445 3868 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\windows\system32\drivers\partmgr.sys
2011/08/03 18:40:46.0587 3868 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\windows\system32\drivers\pci.sys
2011/08/03 18:40:46.0624 3868 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\windows\system32\drivers\pciide.sys
2011/08/03 18:40:46.0717 3868 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\windows\system32\drivers\pcmcia.sys
2011/08/03 18:40:46.0781 3868 PEAUTH (58865916f53592a61549b04941bfd80d) C:\windows\system32\drivers\peauth.sys
2011/08/03 18:40:46.0995 3868 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\windows\system32\DRIVERS\raspptp.sys
2011/08/03 18:40:47.0038 3868 Processor (5080e59ecee0bc923f14018803aa7a01) C:\windows\system32\drivers\processr.sys
2011/08/03 18:40:47.0214 3868 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\windows\system32\DRIVERS\pacer.sys
2011/08/03 18:40:47.0283 3868 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\windows\system32\drivers\ql2300.sys
2011/08/03 18:40:47.0414 3868 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\windows\system32\drivers\ql40xx.sys
2011/08/03 18:40:47.0553 3868 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\windows\system32\drivers\qwavedrv.sys
2011/08/03 18:40:47.0579 3868 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\windows\system32\DRIVERS\rasacd.sys
2011/08/03 18:40:47.0743 3868 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/08/03 18:40:47.0826 3868 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\windows\system32\DRIVERS\raspppoe.sys
2011/08/03 18:40:47.0944 3868 RasSstp (c6a593b51f34c33e5474539544072527) C:\windows\system32\DRIVERS\rassstp.sys
2011/08/03 18:40:48.0010 3868 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\windows\system32\DRIVERS\rdbss.sys
2011/08/03 18:40:48.0103 3868 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/08/03 18:40:48.0143 3868 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\windows\system32\drivers\rdpdr.sys
2011/08/03 18:40:48.0250 3868 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\windows\system32\drivers\rdpencdd.sys
2011/08/03 18:40:48.0318 3868 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\windows\system32\drivers\RDPWD.sys
2011/08/03 18:40:48.0523 3868 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\windows\system32\DRIVERS\rfcomm.sys
2011/08/03 18:40:48.0712 3868 RMCAST (f913517bb2f3a73ec6b9b65e5dc7b420) C:\windows\system32\DRIVERS\RMCAST.sys
2011/08/03 18:40:48.0788 3868 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\windows\system32\DRIVERS\rspndr.sys
2011/08/03 18:40:48.0917 3868 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\windows\system32\DRIVERS\Rtlh64.sys
2011/08/03 18:40:48.0986 3868 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\windows\system32\drivers\sbp2port.sys
2011/08/03 18:40:49.0109 3868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/08/03 18:40:49.0169 3868 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\windows\system32\DRIVERS\serenum.sys
2011/08/03 18:40:49.0247 3868 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\windows\system32\DRIVERS\serial.sys
2011/08/03 18:40:49.0316 3868 sermouse (a842f04833684bceea7336211be478df) C:\windows\system32\drivers\sermouse.sys
2011/08/03 18:40:49.0399 3868 sffdisk (14d4b4465193a87c127933978e8c4106) C:\windows\system32\drivers\sffdisk.sys
2011/08/03 18:40:49.0457 3868 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\windows\system32\drivers\sffp_mmc.sys
2011/08/03 18:40:49.0521 3868 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\windows\system32\drivers\sffp_sd.sys
2011/08/03 18:40:49.0614 3868 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\windows\system32\drivers\sfloppy.sys
2011/08/03 18:40:49.0692 3868 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\windows\system32\drivers\sisraid2.sys
2011/08/03 18:40:49.0799 3868 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\windows\system32\drivers\sisraid4.sys
2011/08/03 18:40:49.0912 3868 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\windows\system32\DRIVERS\smb.sys
2011/08/03 18:40:49.0984 3868 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\windows\system32\drivers\spldr.sys
2011/08/03 18:40:50.0039 3868 srv (880a57fccb571ebd063d4dd50e93e46d) C:\windows\system32\DRIVERS\srv.sys
2011/08/03 18:40:50.0135 3868 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\windows\system32\DRIVERS\srv2.sys
2011/08/03 18:40:50.0185 3868 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\windows\system32\DRIVERS\srvnet.sys
2011/08/03 18:40:50.0342 3868 STHDA (fca841b6eab5d58b80d16285d301387d) C:\windows\system32\DRIVERS\stwrt64.sys
2011/08/03 18:40:50.0439 3868 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\windows\system32\DRIVERS\swenum.sys
2011/08/03 18:40:50.0472 3868 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\windows\system32\drivers\symc8xx.sys
2011/08/03 18:40:50.0510 3868 Sym_hi (a909667976d3bccd1df813fed517d837) C:\windows\system32\drivers\sym_hi.sys
2011/08/03 18:40:50.0539 3868 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\windows\system32\drivers\sym_u3.sys
2011/08/03 18:40:50.0707 3868 Tcpip (0011810b5211fdacd784de585262ecfe) C:\windows\system32\drivers\tcpip.sys
2011/08/03 18:40:50.0873 3868 Tcpip6 (0011810b5211fdacd784de585262ecfe) C:\windows\system32\DRIVERS\tcpip.sys
2011/08/03 18:40:50.0987 3868 tcpipreg (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\windows\system32\drivers\tcpipreg.sys
2011/08/03 18:40:51.0029 3868 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\windows\system32\drivers\tdpipe.sys
2011/08/03 18:40:51.0125 3868 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\windows\system32\drivers\tdtcp.sys
2011/08/03 18:40:51.0177 3868 tdx (458919c8c42e398dc4802178d5ffee27) C:\windows\system32\DRIVERS\tdx.sys
2011/08/03 18:40:51.0236 3868 TermDD (8c19678d22649ec002ef2282eae92f98) C:\windows\system32\DRIVERS\termdd.sys
2011/08/03 18:40:51.0359 3868 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/08/03 18:40:51.0428 3868 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\windows\system32\DRIVERS\tunmp.sys
2011/08/03 18:40:51.0569 3868 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\windows\system32\DRIVERS\tunnel.sys
2011/08/03 18:40:51.0606 3868 uagp35 (fec266ef401966311744bd0f359f7f56) C:\windows\system32\drivers\uagp35.sys
2011/08/03 18:40:51.0725 3868 udfs (faf2640a2a76ed03d449e443194c4c34) C:\windows\system32\DRIVERS\udfs.sys
2011/08/03 18:40:51.0799 3868 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\windows\system32\drivers\uliagpkx.sys
2011/08/03 18:40:51.0839 3868 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\windows\system32\drivers\uliahci.sys
2011/08/03 18:40:51.0927 3868 UlSata (31707f09846056651ea2c37858f5ddb0) C:\windows\system32\drivers\ulsata.sys
2011/08/03 18:40:51.0976 3868 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\windows\system32\drivers\ulsata2.sys
2011/08/03 18:40:52.0002 3868 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\windows\system32\DRIVERS\umbus.sys
2011/08/03 18:40:52.0090 3868 usbccgp (07e3498fc60834219d2356293da0fecc) C:\windows\system32\DRIVERS\usbccgp.sys
2011/08/03 18:40:52.0133 3868 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\windows\system32\drivers\usbcir.sys
2011/08/03 18:40:52.0236 3868 usbehci (827e44de934a736ea31e91d353eb126f) C:\windows\system32\DRIVERS\usbehci.sys
2011/08/03 18:40:52.0294 3868 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\windows\system32\DRIVERS\usbhub.sys
2011/08/03 18:40:52.0333 3868 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\windows\system32\drivers\usbohci.sys
2011/08/03 18:40:52.0424 3868 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\windows\system32\DRIVERS\usbprint.sys
2011/08/03 18:40:52.0506 3868 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/08/03 18:40:52.0593 3868 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\windows\system32\DRIVERS\usbuhci.sys
2011/08/03 18:40:52.0621 3868 usbvideo (fc33099877790d51b0927b7039059855) C:\windows\system32\Drivers\usbvideo.sys
2011/08/03 18:40:52.0701 3868 vfs101a (566ab0761ed4d4d31d4db0b81efa5467) C:\windows\system32\drivers\vfs101a.sys
2011/08/03 18:40:52.0791 3868 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\windows\system32\DRIVERS\vgapnp.sys
2011/08/03 18:40:52.0805 3868 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\windows\System32\drivers\vga.sys
2011/08/03 18:40:52.0821 3868 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\windows\system32\drivers\viaide.sys
2011/08/03 18:40:52.0894 3868 volmgr (2b7e885ed951519a12c450d24535dfca) C:\windows\system32\drivers\volmgr.sys
2011/08/03 18:40:52.0973 3868 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\windows\system32\drivers\volmgrx.sys
2011/08/03 18:40:53.0096 3868 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\windows\system32\drivers\volsnap.sys
2011/08/03 18:40:53.0142 3868 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\windows\system32\drivers\vsmraid.sys
2011/08/03 18:40:53.0242 3868 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\windows\system32\drivers\wacompen.sys
2011/08/03 18:40:53.0294 3868 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/03 18:40:53.0306 3868 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\windows\system32\DRIVERS\wanarp.sys
2011/08/03 18:40:53.0360 3868 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\windows\system32\drivers\wd.sys
2011/08/03 18:40:53.0457 3868 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\windows\system32\drivers\Wdf01000.sys
2011/08/03 18:40:53.0661 3868 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/08/03 18:40:53.0732 3868 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\windows\system32\DRIVERS\wpdusb.sys
2011/08/03 18:40:53.0775 3868 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\windows\system32\drivers\ws2ifsl.sys
2011/08/03 18:40:53.0887 3868 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\windows\system32\DRIVERS\WSDPrint.sys
2011/08/03 18:40:53.0934 3868 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/08/03 18:40:54.0057 3868 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/08/03 18:40:54.0090 3868 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
2011/08/03 18:40:54.0101 3868 Boot (0x1200) (dc177e6e811c7b30a3f2564ade96eee0) \Device\Harddisk0\DR0\Partition0
2011/08/03 18:40:54.0142 3868 Boot (0x1200) (e922d494d9a36eb486d0941da3cee9ca) \Device\Harddisk0\DR0\Partition1
2011/08/03 18:40:54.0147 3868 ================================================================================
2011/08/03 18:40:54.0147 3868 Scan finished
2011/08/03 18:40:54.0147 3868 ================================================================================
2011/08/03 18:40:54.0159 2824 Detected object count: 0
2011/08/03 18:40:54.0159 2824 Actual detected object count: 0
2011/08/03 18:41:06.0812 4528 Deinitialize success

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 03 August 2011 - 08:50 PM

How is the computer running now?

what file exactly is MSSE alerting on as your logs appear to be clean.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 thomasgrout

thomasgrout
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 03 August 2011 - 10:17 PM

Whatever it was, it appears to be gone now. I can't see any evidence of malware anymore. If something does turn up, should I just post to this thread again?

Thank you so much for your hardwork. I'm not sure what you get out of this by volunteering your time, but I'm sending good karma your way!

Thomas

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 04 August 2011 - 02:54 AM

I like good karma :lol:

we just have some housekeeping to do now, I'll leave the thread open a couple of days in case there are any other issues


please do the following:


You can delete the DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:35 AM

Posted 11 August 2011 - 08:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users