Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer going insane talking to random IPs and redirecting - nothing seems to remove the problem! Please help!!


  • This topic is locked This topic is locked
19 replies to this topic

#1 irockthis51

irockthis51

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 11 August 2011 - 03:15 PM

Okay guys thank you very much for looking! I am a college student and this is my laptop that I use for all my research and everything and I am freaking out that I am going to lose all the information on it. Every time I do a search using chrome, mozilla, or IE, and click on a link, I get redirected, so I am assuming that I have some sort of a trojan. I tried using all the usual programs to get rid of it, Malware, Spybot, Avast, Microsoft Security Essentials (which I downloaded and installed but would not run) and then I've used AVG, TDSS killer, Combo fix, and nothing. Malware and Spybot keep finding something and "cleaning" it but the problem is still there. Malware also keeps telling me that its blocking my computer communicating with random IP addresses and connecting to these computers. I really have no idea what is happening this is beyond anything that I know how to deal with.

I've googled the problem on my other computer and it seems that the trojans or whatever they are seem to infect your registry and then just have fun while they are there. I downloaded combo fix and ran it and here is what it came up with. Thank you all for helping out, I really do not know what else to do and am just afraid of losing all my valuable data. Please advise on what I should do next. Thank you very much:


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\Cxuzaa.exe
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\lsprst7.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 19:52 . 2011-08-11 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 14:18 . 2011-08-10 14:18 -------- d-----w- c:\programdata\SafeNet Sentinel
2011-08-10 14:16 . 2011-08-10 14:17 -------- d--h--w- c:\program files\Zero G Registry
2011-08-10 14:16 . 2011-08-10 14:16 -------- d-----w- c:\programdata\SPSS
2011-08-10 14:15 . 2011-08-10 14:15 -------- d-----w- c:\program files\Common Files\IBM
2011-08-10 14:15 . 2011-08-10 14:15 -------- d-----w- c:\program files\IBM
2011-08-08 14:29 . 2011-08-08 14:29 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-08-06 02:59 . 2011-08-06 02:59 -------- d--h--w- c:\programdata\Common Files
2011-08-06 02:58 . 2011-08-06 02:59 -------- d-----w- c:\programdata\MFAData
2011-08-06 02:00 . 2011-08-06 02:00 -------- d-----w- c:\windows\system32\SPReview
2011-08-06 01:59 . 2011-08-06 01:59 -------- d-----w- c:\windows\system32\EventProviders
2011-08-06 01:43 . 2011-08-06 01:43 -------- d-----w- c:\program files\MSXML 4.0
2011-08-06 01:38 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll
2011-08-06 01:37 . 2010-11-20 12:21 1227776 ----a-w- c:\windows\system32\wdc.dll
2011-08-06 01:36 . 2010-11-20 12:21 27648 ----a-w- c:\windows\system32\wups.dll
2011-08-06 01:35 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-06 01:35 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-06 01:25 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-06 01:25 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-06 01:25 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-06 01:25 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-06 01:25 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-06 01:25 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-06 01:25 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-06 01:24 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-06 01:24 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-06 01:24 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-08-06 01:24 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-06 01:24 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-06 01:24 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-06 01:24 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-06 01:24 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-06 01:24 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-08-06 00:43 . 2011-08-06 00:43 -------- d-----w- c:\programdata\Pinnacle
2011-08-06 00:43 . 2011-08-06 00:43 -------- d-----w- c:\programdata\Avid
2011-08-06 00:42 . 2011-08-06 00:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-08-06 00:31 . 2011-08-06 00:31 -------- d-----w- c:\programdata\PACE
2011-08-06 00:29 . 2011-08-06 00:30 -------- d-----r- c:\program files\Avid
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-06 00:28 . 2011-08-06 00:28 -------- d-----w- c:\program files\QuickTime
2011-08-06 00:28 . 2011-08-06 00:28 -------- d-----w- c:\programdata\Apple Computer
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\program files\Common Files\Apple
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\programdata\Apple
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\program files\Apple Software Update
2011-08-06 00:03 . 2011-08-06 00:03 62976 --sha-r- c:\windows\system32\choicez.dll
2011-08-05 03:47 . 2011-08-05 03:47 -------- d-----w- c:\windows\system32\Wat
2011-08-05 00:40 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-08-05 00:40 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-08-05 00:39 . 2011-08-05 00:39 -------- d-----w- c:\program files\Microsoft Works
2011-08-05 00:37 . 2011-08-05 00:37 -------- d-----w- c:\windows\PCHEALTH
2011-08-05 00:35 . 2011-08-05 00:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-08-05 00:34 . 2011-08-05 00:46 -------- d-----w- c:\programdata\Microsoft Help
2011-08-04 20:22 . 2011-08-04 20:22 -------- d-----w- c:\program files\Microsoft Chart Controls
2011-08-04 20:20 . 2011-08-04 20:20 -------- d-----w- c:\program files\Microsoft WSE
2011-08-04 20:03 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-08-04 20:03 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-08-04 20:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-08-04 19:52 . 2011-08-04 19:52 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-08-04 19:50 . 2011-08-04 19:50 -------- d-----w- c:\program files\Adobe Media Player
2011-08-04 19:48 . 2011-08-04 19:48 -------- d-----w- c:\windows\system32\Macromed
2011-08-04 19:48 . 2011-08-04 19:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-04 19:45 . 2011-08-05 02:47 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-04 19:43 . 2011-08-04 19:43 -------- d-----w- c:\program files\Singular Inversions
2011-08-04 19:40 . 2011-08-04 19:40 -------- d-----w- c:\programdata\boost_interprocess
2011-08-04 19:37 . 2011-08-04 19:37 -------- d-----w- c:\programdata\FLEXnet
2011-08-04 19:27 . 2011-08-04 19:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-08-04 19:24 . 2011-08-04 20:37 -------- d-----w- c:\program files\Autodesk
2011-08-04 19:09 . 2011-08-05 00:37 -------- d-----w- c:\program files\Microsoft.NET
2011-08-04 19:04 . 2011-08-04 20:37 -------- d-----w- c:\programdata\Autodesk
2011-08-04 18:45 . 2004-03-02 03:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2011-08-04 18:45 . 2004-02-11 19:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-08-04 18:44 . 2004-07-30 02:35 1077344 ----a-w- c:\windows\system32\mscomctl.ocx
2011-08-04 18:44 . 2002-02-14 15:26 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-08-04 18:15 . 2011-08-04 14:38 -------- d-----w- c:\windows\Panther
2011-08-04 18:06 . 2011-08-04 18:06 -------- d-----w- C:\Windows.old
2011-08-04 18:03 . 2011-08-04 18:03 -------- d-----w- c:\windows\system32\Lang
2011-08-04 18:03 . 2011-08-04 18:03 -------- d-----w- c:\program files\Intel
2011-08-04 18:03 . 2009-09-23 15:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2011-08-04 18:03 . 2009-09-23 15:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2011-08-04 16:17 . 2011-08-04 16:17 -------- d-----w- c:\program files\MATLAB
2011-08-04 16:13 . 2011-08-10 14:18 -------- d-sh--w- c:\windows\Installer
2011-08-04 15:40 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-08-04 15:40 . 2011-08-04 15:40 -------- d-----w- c:\program files\MagicDisc
2011-08-04 15:38 . 2011-08-04 15:38 -------- d-----w- c:\program files\MagicISO
2011-08-04 15:19 . 2011-08-06 00:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-04 15:19 . 2011-08-06 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-04 15:17 . 2011-08-04 15:17 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 15:17 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 15:17 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 15:17 . 2011-08-04 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 15:13 . 2011-08-04 15:13 -------- d-----w- c:\windows\system32\x64
2011-08-04 15:13 . 2009-09-23 23:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-08-04 15:10 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-04 15:08 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-04 15:08 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-04 15:08 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-04 15:08 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-04 15:08 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-04 15:08 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 15:06 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-08-04 15:06 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-04 15:06 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-04 15:06 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-04 15:06 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-08-04 15:06 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-04 15:06 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-04 15:06 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-04 15:06 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-08-04 15:06 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-04 14:50 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-08-04 14:50 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-08-04 14:50 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-08-04 14:42 . 2011-08-11 19:03 -------- d-----w- c:\windows\system32\wbem\Performance
2011-08-04 14:38 . 2011-08-10 14:58 -------- d-----w- c:\users\
2011-08-04 14:38 . 2011-08-04 14:38 -------- d-----w- C:\Recovery
2011-07-27 01:31 . 2011-07-27 01:32 -------- d-----w- C:\From Desktop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 02:40 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-8-4 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-02-23 86016]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-05 1343400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2010-11-08 2647552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29961963
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 29961963
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302717695-730101484-3770626351-1000Core.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 14:44]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302717695-730101484-3770626351-1000UA.job
- c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 14:44]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-11 15:57:45
ComboFix-quarantined-files.txt 2011-08-11 19:57
.
Pre-Run: 160,483,024,896 bytes free
Post-Run: 160,482,318,336 bytes free
.
- - End Of File - - 4A6B2FA4D0C1BC8CC90BDD94DD402B51

Edited by Orange Blossom, 11 August 2011 - 03:42 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 AM

Posted 16 August 2011 - 03:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/413950 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 irockthis51

irockthis51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 17 August 2011 - 04:17 AM

hey all thank you very much for replying to my post! yes I still need help, I am still being re-routed from Google Chrome to other websites. I tried using DDS.scr and/or DDS.pif, however, neither one would open the actual program for me, I just got some jumbled up notepad wording. I turned off all the realtime protection in my antivirus/malware programs and my firewall and turned off the internet but it was still to no avail. Regarding the GSER program, I was able to start it, however, once I clicked the "scan" part, the program would shut itself down and it would be unable to begin scanning my computer. I used the task manager to see if it was still running in the background but it was not. I don't know if that means the virus or whatever is messing with that but it seems definitely weird to me.

On a side note, I was finally able to install Microsoft security essentials yesterday and now I can run it on my computer, and when it scans it does not find any viruses, however, I still have the redirecting problem and the computer is drastically slower. Please advise on what I should do next. I am using 32 bit Windows 7 and do not have the original CD. Thank you all for your help.

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:55 PM

Posted 19 August 2011 - 12:09 AM

Hi,

First of all, ComboFix should be run only under supervision of trained helper.

Download DDS and save it to your desktop from here to see if it runs more successfully.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 irockthis51

irockthis51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 20 August 2011 - 10:25 AM

Here you go man sorry I did not respond until now. Thanks a lot for any help you can offer me as the computer is still sending me to various sites when I use google and has gotten noticeably slower lately. Here is the DDS script log that I ran and attached are both the files:


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Vanja Vlajnic at 11:20:04 on 2011-08-20
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.2063 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Vanja Vlajnic\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vanja Vlajnic\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\vanjav~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\vanja vlajnic\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\vanjav~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\vanjav~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3FDBDD2F-CB2A-461C-8866-0DDDB5B9D888} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3FDBDD2F-CB2A-461C-8866-0DDDB5B9D888}\37F6E6963616E6464786F627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3FDBDD2F-CB2A-461C-8866-0DDDB5B9D888}\4656661657C647 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl257dfad3;MpKsl257dfad3;c:\programdata\microsoft\microsoft antimalware\definition updates\{985e1262-524d-49db-87a8-059ccfaf1ebc}\MpKsl257dfad3.sys [2011-8-20 28752]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-4 366640]
R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-2-23 86016]
R2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2010-11-8 2647552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-4 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-5 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-4 1343400]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2011-08-20 15:14:39 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{985e1262-524d-49db-87a8-059ccfaf1ebc}\MpKsl257dfad3.sys
2011-08-19 23:51:24 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{985e1262-524d-49db-87a8-059ccfaf1ebc}\mpengine.dll
2011-08-19 22:20:32 -------- d-----w- C:\extensions
2011-08-19 22:20:31 -------- d-----w- c:\program files\Conduit
2011-08-19 22:20:26 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-19 22:20:23 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Conduit
2011-08-19 22:19:32 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\BitTorrent
2011-08-16 19:21:05 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Diagnostics
2011-08-15 20:27:18 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-08-14 18:03:07 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{481cd7fb-7d80-4fdc-91cb-8b497d458985}\gapaengine.dll
2011-08-14 18:00:58 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-14 17:57:00 388096 ----a-r- c:\users\vanja vlajnic\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-14 17:57:00 -------- d-----w- c:\program files\Trend Micro
2011-08-12 11:57:56 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-12 11:57:56 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-12 11:57:56 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-12 11:57:56 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-12 11:57:56 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-12 11:57:56 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-12 11:57:54 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 19:57:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-11 19:31:56 98816 ----a-w- c:\windows\sed.exe
2011-08-11 19:31:56 518144 ----a-w- c:\windows\SWREG.exe
2011-08-11 19:31:56 256000 ----a-w- c:\windows\PEV.exe
2011-08-11 19:31:56 208896 ----a-w- c:\windows\MBR.exe
2011-08-11 19:31:45 -------- d-----w- C:\ComboFix
2011-08-10 14:58:19 -------- d-----w- c:\users\vanja vlajnic\.spss
2011-08-10 14:58:12 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\Eclipse
2011-08-10 14:58:01 -------- d-----w- c:\users\vanja vlajnic\appdata\local\javasharedresources
2011-08-10 14:18:27 -------- d-----w- c:\programdata\SafeNet Sentinel
2011-08-10 14:16:55 -------- d--h--w- c:\program files\Zero G Registry
2011-08-10 14:16:54 -------- d--h--w- c:\users\vanja vlajnic\InstallAnywhere
2011-08-10 14:16:35 -------- d-----w- c:\programdata\SPSS
2011-08-10 14:15:52 -------- d-----w- c:\program files\common files\IBM
2011-08-10 14:15:30 -------- d-----w- c:\program files\IBM
2011-08-08 15:02:54 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\Thinstall
2011-08-08 15:02:54 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Thinstall
2011-08-08 14:29:20 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-08-06 02:59:54 -------- d--h--w- c:\programdata\Common Files
2011-08-06 02:58:26 -------- d-----w- c:\programdata\MFAData
2011-08-06 02:00:58 -------- d-----w- c:\windows\system32\SPReview
2011-08-06 01:59:25 -------- d-----w- c:\windows\system32\EventProviders
2011-08-06 01:43:54 -------- d-----w- c:\program files\MSXML 4.0
2011-08-06 01:38:59 213504 ----a-w- c:\windows\system32\rdpdd.dll
2011-08-06 01:37:59 399872 ----a-w- c:\windows\system32\DXP.dll
2011-08-06 01:36:59 41984 ----a-w- c:\windows\system32\browcli.dll
2011-08-06 01:35:42 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-06 01:35:41 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-06 01:25:00 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-06 01:25:00 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-06 01:25:00 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-06 01:25:00 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-06 01:25:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-06 01:25:00 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-06 01:25:00 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-06 01:24:38 1699328 ----a-w- c:\windows\system32\esent.dll
2011-08-06 01:24:38 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-06 01:24:38 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-06 01:24:37 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-06 01:24:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-08-06 01:24:37 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-06 01:24:37 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-06 01:24:37 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-06 01:24:37 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-06 00:43:17 -------- d-----w- c:\programdata\AvidTorq
2011-08-06 00:43:03 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Avid
2011-08-06 00:43:03 -------- d-----w- c:\programdata\Avid
2011-08-06 00:42:59 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\PACE Anti-Piracy
2011-08-06 00:42:59 -------- d-----w- c:\users\vanja vlajnic\appdata\local\PACE Anti-Piracy
2011-08-06 00:42:59 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-08-06 00:31:13 -------- d-----w- c:\programdata\PACE
2011-08-06 00:31:09 -------- d-----w- c:\program files\common files\PACE
2011-08-06 00:30:03 368640 ----a-w- c:\windows\system32\ReWire.dll
2011-08-06 00:29:39 864256 ----a-w- c:\windows\system32\QtNetwork_Torq_2.0.0.3_4.dll
2011-08-06 00:29:39 798720 ----a-w- c:\windows\system32\fmodex.dll
2011-08-06 00:29:39 720896 ----a-w- c:\windows\system32\QtOpenGL_Torq_2.0.0.3_4.dll
2011-08-06 00:29:39 614400 ----a-w- c:\windows\system32\QtSql_Torq_2.0.0.3_4.dll
2011-08-06 00:29:39 368640 ----a-w- c:\windows\system32\QtXml_Torq_2.0.0.3_4.dll
2011-08-06 00:29:39 3166208 ----a-w- c:\windows\system32\QtXmlPatterns_Torq_2.0.0.3_4.dll
2011-08-06 00:29:39 1339392 ----a-w- c:\windows\system32\QtScript_Torq_2.0.0.3_4.dll
2011-08-06 00:29:38 8491008 ----a-w- c:\windows\system32\QtGui_Torq_2.0.0.3_4.dll
2011-08-06 00:29:38 2666496 ----a-w- c:\windows\system32\QtDeclarative_Torq_2.0.0.3_4.dll
2011-08-06 00:29:38 2363392 ----a-w- c:\windows\system32\QtCore_Torq_2.0.0.3_4.dll
2011-08-06 00:29:37 -------- d-----r- c:\program files\Avid
2011-08-06 00:28:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-06 00:28:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-06 00:28:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-06 00:28:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-06 00:28:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-06 00:28:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-06 00:28:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-06 00:27:37 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Apple
2011-08-06 00:03:29 62976 --sha-r- c:\windows\system32\choicez.dll
2011-08-05 23:09:16 -------- d-----r- c:\users\vanja vlajnic\Dropbox
2011-08-05 23:06:29 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\Dropbox
2011-08-05 03:47:53 -------- d-----w- c:\windows\system32\Wat
2011-08-05 00:40:19 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-08-05 00:40:19 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-08-05 00:37:35 -------- d-----w- c:\windows\PCHEALTH
2011-08-05 00:35:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-08-05 00:34:58 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Microsoft Help
2011-08-04 20:22:11 -------- d-----w- c:\program files\Microsoft Chart Controls
2011-08-04 20:20:21 -------- d-----w- c:\program files\Microsoft WSE
2011-08-04 20:03:02 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-08-04 20:03:02 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-08-04 20:03:01 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-08-04 19:52:40 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-08-04 19:44:24 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Adobe
2011-08-04 19:43:07 -------- d-----w- c:\program files\Singular Inversions
2011-08-04 19:40:29 -------- d-----w- c:\programdata\boost_interprocess
2011-08-04 19:37:20 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Autodesk
2011-08-04 19:27:45 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-08-04 19:24:23 -------- d-----w- c:\program files\Autodesk
2011-08-04 19:04:36 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\Autodesk
2011-08-04 18:48:45 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\MathWorks
2011-08-04 18:45:00 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2011-08-04 18:45:00 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-08-04 18:44:59 1077344 ----a-w- c:\windows\system32\mscomctl.ocx
2011-08-04 18:44:58 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-08-04 18:15:18 -------- d-----w- c:\windows\Panther
2011-08-04 18:06:43 -------- d-----w- C:\Windows.old
2011-08-04 18:03:22 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2011-08-04 18:03:22 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2011-08-04 18:03:22 -------- d-----w- c:\windows\system32\Lang
2011-08-04 16:17:44 -------- d-----w- c:\program files\MATLAB
2011-08-04 16:13:12 -------- d-sh--w- c:\windows\Installer
2011-08-04 15:40:21 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-08-04 15:40:20 -------- d-----w- c:\program files\MagicDisc
2011-08-04 15:38:50 -------- d-----w- c:\program files\MagicISO
2011-08-04 15:19:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-04 15:19:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-04 15:18:10 -------- d-----w- c:\users\vanja vlajnic\appdata\roaming\Malwarebytes
2011-08-04 15:17:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 15:17:58 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 15:17:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 15:17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 15:13:46 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-08-04 15:13:46 -------- d-----w- c:\windows\system32\x64
2011-08-04 15:10:40 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-04 15:08:56 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-04 15:08:49 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-04 15:08:40 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-04 15:08:12 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-04 15:08:12 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-04 15:08:03 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 15:06:56 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-08-04 15:06:55 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-04 15:06:31 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-08-04 15:06:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-04 15:06:28 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-04 15:06:25 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-08-04 15:06:15 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-04 14:50:31 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-08-04 14:50:31 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-08-04 14:50:31 107520 ----a-w- c:\windows\system32\cdd.dll
2011-08-04 14:44:13 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Google
2011-08-04 14:43:53 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Deployment
2011-08-04 14:43:53 -------- d-----w- c:\users\vanja vlajnic\appdata\local\Apps
2011-08-04 14:42:22 -------- d-----w- c:\windows\system32\wbem\Performance
2011-07-27 01:31:19 -------- d-----w- C:\From Desktop
.
==================== Find3M ====================
.
2011-08-06 02:40:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 11:21:51.87 ===============

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:55 PM

Posted 20 August 2011 - 11:26 AM

Hi,

Run ComboFix again and let it update itself. Post back the log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 irockthis51

irockthis51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 20 August 2011 - 07:56 PM

hey man thanks for the reply. here is the log from combofix:


ComboFix 11-08-20.01 - Vanja Vlajnic 08/20/2011 20:18:24.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.1797 [GMT -4:00]
Running from: c:\users\Vanja Vlajnic\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 00:28 . 2011-08-21 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 00:07 . 2011-08-21 00:07 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{985E1262-524D-49DB-87A8-059CCFAF1EBC}\MpKsl8f4f4762.sys
2011-08-19 23:51 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{985E1262-524D-49DB-87A8-059CCFAF1EBC}\mpengine.dll
2011-08-19 22:20 . 2011-08-19 22:20 -------- d-----w- C:\extensions
2011-08-19 22:20 . 2011-08-19 22:20 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-15 20:27 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-14 18:03 . 2011-08-14 18:02 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{481CD7FB-7D80-4FDC-91CB-8B497D458985}\gapaengine.dll
2011-08-14 18:00 . 2011-08-14 18:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-14 17:57 . 2011-08-14 17:57 -------- d-----w- c:\program files\Trend Micro
2011-08-12 11:57 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-12 11:57 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-12 11:57 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-12 11:57 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-12 11:57 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-12 11:57 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-12 11:57 . 2011-06-21 05:34 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 14:18 . 2011-08-10 14:18 -------- d-----w- c:\programdata\SafeNet Sentinel
2011-08-10 14:16 . 2011-08-10 14:17 -------- d--h--w- c:\program files\Zero G Registry
2011-08-10 14:16 . 2011-08-10 14:16 -------- d-----w- c:\programdata\SPSS
2011-08-10 14:15 . 2011-08-10 14:15 -------- d-----w- c:\program files\Common Files\IBM
2011-08-10 14:15 . 2011-08-10 14:15 -------- d-----w- c:\program files\IBM
2011-08-08 14:29 . 2011-08-08 14:29 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-08-06 02:59 . 2011-08-06 02:59 -------- d--h--w- c:\programdata\Common Files
2011-08-06 02:58 . 2011-08-06 02:59 -------- d-----w- c:\programdata\MFAData
2011-08-06 02:00 . 2011-08-06 02:00 -------- d-----w- c:\windows\system32\SPReview
2011-08-06 01:59 . 2011-08-06 01:59 -------- d-----w- c:\windows\system32\EventProviders
2011-08-06 01:43 . 2011-08-06 01:43 -------- d-----w- c:\program files\MSXML 4.0
2011-08-06 01:38 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll
2011-08-06 01:37 . 2010-11-20 12:21 1227776 ----a-w- c:\windows\system32\wdc.dll
2011-08-06 01:36 . 2010-11-20 12:21 27648 ----a-w- c:\windows\system32\wups.dll
2011-08-06 01:35 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-06 01:35 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-06 01:25 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-06 01:25 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-06 01:25 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-06 01:25 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-06 01:25 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-06 01:25 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-06 01:25 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-06 01:24 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-06 01:24 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-06 01:24 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-08-06 01:24 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-06 01:24 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-06 01:24 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-06 01:24 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-06 01:24 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-06 01:24 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-08-06 00:43 . 2011-08-06 00:43 -------- d-----w- c:\programdata\Pinnacle
2011-08-06 00:43 . 2011-08-06 00:43 -------- d-----w- c:\programdata\Avid
2011-08-06 00:42 . 2011-08-06 00:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-08-06 00:31 . 2011-08-06 00:31 -------- d-----w- c:\programdata\PACE
2011-08-06 00:29 . 2011-08-06 00:30 -------- d-----r- c:\program files\Avid
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-06 00:28 . 2011-08-06 00:28 -------- d-----w- c:\program files\QuickTime
2011-08-06 00:28 . 2011-08-06 00:28 -------- d-----w- c:\programdata\Apple Computer
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\program files\Common Files\Apple
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\programdata\Apple
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\program files\Apple Software Update
2011-08-06 00:03 . 2011-08-06 00:03 62976 --sha-r- c:\windows\system32\choicez.dll
2011-08-05 03:47 . 2011-08-05 03:47 -------- d-----w- c:\windows\system32\Wat
2011-08-05 00:40 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-08-05 00:40 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-08-05 00:39 . 2011-08-05 00:39 -------- d-----w- c:\program files\Microsoft Works
2011-08-05 00:37 . 2011-08-05 00:37 -------- d-----w- c:\windows\PCHEALTH
2011-08-05 00:35 . 2011-08-05 00:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-08-05 00:34 . 2011-08-05 00:46 -------- d-----w- c:\programdata\Microsoft Help
2011-08-04 20:22 . 2011-08-04 20:22 -------- d-----w- c:\program files\Microsoft Chart Controls
2011-08-04 20:20 . 2011-08-04 20:20 -------- d-----w- c:\program files\Microsoft WSE
2011-08-04 20:03 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-08-04 20:03 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-08-04 20:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-08-04 19:52 . 2011-08-04 19:52 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-08-04 19:50 . 2011-08-04 19:50 -------- d-----w- c:\program files\Adobe Media Player
2011-08-04 19:48 . 2011-08-04 19:48 -------- d-----w- c:\windows\system32\Macromed
2011-08-04 19:48 . 2011-08-04 19:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-04 19:45 . 2011-08-05 02:47 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-04 19:43 . 2011-08-04 19:43 -------- d-----w- c:\program files\Singular Inversions
2011-08-04 19:40 . 2011-08-04 19:40 -------- d-----w- c:\programdata\boost_interprocess
2011-08-04 19:37 . 2011-08-04 19:37 -------- d-----w- c:\programdata\FLEXnet
2011-08-04 19:27 . 2011-08-04 19:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-08-04 19:24 . 2011-08-04 20:37 -------- d-----w- c:\program files\Autodesk
2011-08-04 19:09 . 2011-08-05 00:37 -------- d-----w- c:\program files\Microsoft.NET
2011-08-04 19:04 . 2011-08-04 20:37 -------- d-----w- c:\programdata\Autodesk
2011-08-04 18:45 . 2004-03-02 03:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2011-08-04 18:45 . 2004-02-11 19:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-08-04 18:44 . 2004-07-30 02:35 1077344 ----a-w- c:\windows\system32\mscomctl.ocx
2011-08-04 18:44 . 2002-02-14 15:26 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-08-04 18:15 . 2011-08-04 14:38 -------- d-----w- c:\windows\Panther
2011-08-04 18:06 . 2011-08-04 18:06 -------- d-----w- C:\Windows.old
2011-08-04 18:03 . 2011-08-04 18:03 -------- d-----w- c:\windows\system32\Lang
2011-08-04 18:03 . 2011-08-04 18:03 -------- d-----w- c:\program files\Intel
2011-08-04 18:03 . 2009-09-23 15:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2011-08-04 18:03 . 2009-09-23 15:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2011-08-04 16:17 . 2011-08-04 16:17 -------- d-----w- c:\program files\MATLAB
2011-08-04 16:13 . 2011-08-17 08:57 -------- d-sh--w- c:\windows\Installer
2011-08-04 15:40 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-08-04 15:40 . 2011-08-04 15:40 -------- d-----w- c:\program files\MagicDisc
2011-08-04 15:38 . 2011-08-04 15:38 -------- d-----w- c:\program files\MagicISO
2011-08-04 15:19 . 2011-08-06 00:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-04 15:19 . 2011-08-06 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-04 15:17 . 2011-08-04 15:17 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 15:17 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 15:17 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 15:17 . 2011-08-04 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 15:13 . 2011-08-04 15:13 -------- d-----w- c:\windows\system32\x64
2011-08-04 15:13 . 2009-09-23 23:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-08-04 15:10 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-04 15:08 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-04 15:08 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-04 15:08 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-04 15:08 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-04 15:08 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-04 15:08 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 15:06 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-08-04 15:06 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-04 15:06 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-08-04 15:06 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-04 15:06 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 02:40 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Vanja Vlajnic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-8-4 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl5300df7c;MpKsl5300df7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD28A0-914E-4C45-803D-05662F482311}\MpKsl5300df7c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-02-23 86016]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-05 1343400]
S1 MpKsl8f4f4762;MpKsl8f4f4762;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{985E1262-524D-49DB-87A8-059CCFAF1EBC}\MpKsl8f4f4762.sys [2011-08-21 28752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2010-11-08 2647552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8F4F4762
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302717695-730101484-3770626351-1000Core.job
- c:\users\Vanja Vlajnic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 14:44]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302717695-730101484-3770626351-1000UA.job
- c:\users\Vanja Vlajnic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 14:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3536)
c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\ieframe.dll
c:\windows\system32\FXSRESM.DLL
.
Completion time: 2011-08-20 20:31:18
ComboFix-quarantined-files.txt 2011-08-21 00:31
ComboFix2.txt 2011-08-11 19:57
.
Pre-Run: 159,729,987,584 bytes free
Post-Run: 159,725,813,760 bytes free
.
- - End Of File - - 4D41852A1920B14DE3DFAB718A484D05

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:55 PM

Posted 21 August 2011 - 03:09 AM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic413950.html
Collect::
c:\windows\system32\choicez.dll


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 irockthis51

irockthis51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 21 August 2011 - 04:03 PM

Wow so it took almost 6 hours for ESET to finish its scan, idk if that is normal but here is the only report I could get it to write (I hope this is what you wanted). After that is the ComboFix log and attached are the DDS logs. Once again, sorry for the late response but its because ESET took its sweet time.

Report from ESET:

C:\Qoobox\Quarantine\[4]-Submit_2011-08-21_11.52.35.zip a variant of Win32/Kryptik.RLE trojan
C:\Qoobox\Quarantine\C\Windows\System32\choicez.dll.vir a variant of Win32/Kryptik.RLE trojan

Here is ComboFix:

ComboFix 11-08-21.01 - Vanja Vlajnic 08/21/2011 11:52:46.3.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3062.2237 [GMT -4:00]
Running from: c:\users\Vanja Vlajnic\Downloads\ComboFix.exe
Command switches used :: c:\users\Vanja Vlajnic\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
file zipped: c:\windows\system32\choicez.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\choicez.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 16:00 . 2011-08-21 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-21 15:24 . 2011-08-21 15:24 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0BECD5F-2112-403B-BB3B-9A0BAA5BD84C}\MpKsl1cab5fc4.sys
2011-08-21 03:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0BECD5F-2112-403B-BB3B-9A0BAA5BD84C}\mpengine.dll
2011-08-19 22:20 . 2011-08-19 22:20 -------- d-----w- C:\extensions
2011-08-19 22:20 . 2011-08-19 22:20 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-15 20:27 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-14 18:03 . 2011-08-14 18:02 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{481CD7FB-7D80-4FDC-91CB-8B497D458985}\gapaengine.dll
2011-08-14 18:00 . 2011-08-14 18:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-14 17:57 . 2011-08-14 17:57 -------- d-----w- c:\program files\Trend Micro
2011-08-12 11:57 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-12 11:57 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-12 11:57 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-12 11:57 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-12 11:57 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-12 11:57 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-12 11:57 . 2011-06-21 05:34 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 14:18 . 2011-08-10 14:18 -------- d-----w- c:\programdata\SafeNet Sentinel
2011-08-10 14:16 . 2011-08-10 14:17 -------- d--h--w- c:\program files\Zero G Registry
2011-08-10 14:16 . 2011-08-10 14:16 -------- d-----w- c:\programdata\SPSS
2011-08-10 14:15 . 2011-08-10 14:15 -------- d-----w- c:\program files\Common Files\IBM
2011-08-10 14:15 . 2011-08-10 14:15 -------- d-----w- c:\program files\IBM
2011-08-08 14:29 . 2011-08-08 14:29 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-08-06 02:59 . 2011-08-06 02:59 -------- d--h--w- c:\programdata\Common Files
2011-08-06 02:58 . 2011-08-06 02:59 -------- d-----w- c:\programdata\MFAData
2011-08-06 02:00 . 2011-08-06 02:00 -------- d-----w- c:\windows\system32\SPReview
2011-08-06 01:59 . 2011-08-06 01:59 -------- d-----w- c:\windows\system32\EventProviders
2011-08-06 01:43 . 2011-08-06 01:43 -------- d-----w- c:\program files\MSXML 4.0
2011-08-06 01:38 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll
2011-08-06 01:37 . 2010-11-20 12:21 1227776 ----a-w- c:\windows\system32\wdc.dll
2011-08-06 01:36 . 2010-11-20 12:21 27648 ----a-w- c:\windows\system32\wups.dll
2011-08-06 01:35 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-06 01:35 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-06 01:25 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-06 01:25 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-06 01:25 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-06 01:25 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-06 01:25 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-06 01:25 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-06 01:25 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-06 01:24 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-06 01:24 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-06 01:24 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2011-08-06 01:24 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-06 01:24 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-06 01:24 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-06 01:24 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-06 01:24 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-06 01:24 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-08-06 00:43 . 2011-08-06 00:43 -------- d-----w- c:\programdata\Pinnacle
2011-08-06 00:43 . 2011-08-06 00:43 -------- d-----w- c:\programdata\Avid
2011-08-06 00:42 . 2011-08-06 00:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-08-06 00:31 . 2011-08-06 00:31 -------- d-----w- c:\programdata\PACE
2011-08-06 00:29 . 2011-08-06 00:30 -------- d-----r- c:\program files\Avid
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-06 00:28 . 2011-08-06 00:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-06 00:28 . 2011-08-06 00:28 -------- d-----w- c:\program files\QuickTime
2011-08-06 00:28 . 2011-08-06 00:28 -------- d-----w- c:\programdata\Apple Computer
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\program files\Common Files\Apple
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\programdata\Apple
2011-08-06 00:27 . 2011-08-06 00:27 -------- d-----w- c:\program files\Apple Software Update
2011-08-05 03:47 . 2011-08-05 03:47 -------- d-----w- c:\windows\system32\Wat
2011-08-05 00:40 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-08-05 00:40 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-08-05 00:39 . 2011-08-05 00:39 -------- d-----w- c:\program files\Microsoft Works
2011-08-05 00:37 . 2011-08-05 00:37 -------- d-----w- c:\windows\PCHEALTH
2011-08-05 00:35 . 2011-08-05 00:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-08-05 00:34 . 2011-08-05 00:46 -------- d-----w- c:\programdata\Microsoft Help
2011-08-04 20:22 . 2011-08-04 20:22 -------- d-----w- c:\program files\Microsoft Chart Controls
2011-08-04 20:20 . 2011-08-04 20:20 -------- d-----w- c:\program files\Microsoft WSE
2011-08-04 20:03 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-08-04 20:03 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-08-04 20:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-08-04 19:52 . 2011-08-04 19:52 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-08-04 19:50 . 2011-08-04 19:50 -------- d-----w- c:\program files\Adobe Media Player
2011-08-04 19:48 . 2011-08-04 19:48 -------- d-----w- c:\windows\system32\Macromed
2011-08-04 19:48 . 2011-08-04 19:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-04 19:45 . 2011-08-05 02:47 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-04 19:43 . 2011-08-04 19:43 -------- d-----w- c:\program files\Singular Inversions
2011-08-04 19:40 . 2011-08-04 19:40 -------- d-----w- c:\programdata\boost_interprocess
2011-08-04 19:37 . 2011-08-04 19:37 -------- d-----w- c:\programdata\FLEXnet
2011-08-04 19:27 . 2011-08-04 19:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-08-04 19:24 . 2011-08-04 20:37 -------- d-----w- c:\program files\Autodesk
2011-08-04 19:09 . 2011-08-05 00:37 -------- d-----w- c:\program files\Microsoft.NET
2011-08-04 19:04 . 2011-08-04 20:37 -------- d-----w- c:\programdata\Autodesk
2011-08-04 18:45 . 2004-03-02 03:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2011-08-04 18:45 . 2004-02-11 19:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-08-04 18:44 . 2004-07-30 02:35 1077344 ----a-w- c:\windows\system32\mscomctl.ocx
2011-08-04 18:44 . 2002-02-14 15:26 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-08-04 18:15 . 2011-08-04 14:38 -------- d-----w- c:\windows\Panther
2011-08-04 18:06 . 2011-08-04 18:06 -------- d-----w- C:\Windows.old
2011-08-04 18:03 . 2011-08-04 18:03 -------- d-----w- c:\windows\system32\Lang
2011-08-04 18:03 . 2011-08-04 18:03 -------- d-----w- c:\program files\Intel
2011-08-04 18:03 . 2009-09-23 15:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2011-08-04 18:03 . 2009-09-23 15:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2011-08-04 16:17 . 2011-08-04 16:17 -------- d-----w- c:\program files\MATLAB
2011-08-04 16:13 . 2011-08-17 08:57 -------- d-sh--w- c:\windows\Installer
2011-08-04 15:40 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-08-04 15:40 . 2011-08-04 15:40 -------- d-----w- c:\program files\MagicDisc
2011-08-04 15:38 . 2011-08-04 15:38 -------- d-----w- c:\program files\MagicISO
2011-08-04 15:19 . 2011-08-06 00:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-04 15:19 . 2011-08-06 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-04 15:17 . 2011-08-04 15:17 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 15:17 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 15:17 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 15:17 . 2011-08-04 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 15:13 . 2011-08-04 15:13 -------- d-----w- c:\windows\system32\x64
2011-08-04 15:13 . 2009-09-23 23:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-08-04 15:10 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-08-04 15:08 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-04 15:08 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-08-04 15:08 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-04 15:08 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-04 15:08 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-04 15:08 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-08-04 15:06 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-08-04 15:06 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-08-04 15:06 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-08-04 15:06 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-04 15:06 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-04 15:06 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 02:40 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Vanja Vlajnic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-8-4 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl5300df7c;MpKsl5300df7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD28A0-914E-4C45-803D-05662F482311}\MpKsl5300df7c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\VANJAV~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-05 1343400]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S1 MpKsl1cab5fc4;MpKsl1cab5fc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0BECD5F-2112-403B-BB3B-9A0BAA5BD84C}\MpKsl1cab5fc4.sys [2011-08-21 28752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 32-bit - English 32-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-02-23 86016]
S2 PaceLicenseDServices;PACE License Services;c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2010-11-08 2647552]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302717695-730101484-3770626351-1000Core.job
- c:\users\Vanja Vlajnic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 14:44]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3302717695-730101484-3770626351-1000UA.job
- c:\users\Vanja Vlajnic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 14:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2324)
c:\users\Vanja Vlajnic\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2011-08-21 12:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-21 16:13
ComboFix2.txt 2011-08-21 00:31
ComboFix3.txt 2011-08-11 19:57
.
Pre-Run: 159,804,241,920 bytes free
Post-Run: 159,724,611,584 bytes free
.
- - End Of File - - D9051BAE36166CFB3523503E4DB4EE90
Upload was successful

Attached Files



#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:55 PM

Posted 21 August 2011 - 11:35 PM

Hi,

Yes, it can take longer time if drive to be scanned has lots of items stored or if it hasn't been defragged lately. What's the status with symptoms?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 irockthis51

irockthis51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 22 August 2011 - 10:14 AM

Hey, the symptoms are still here, I keep getting redirected, with less frequency however, but the computer is still slow as hell and this happened over the course of like a week and I haven't installed anything new or increasing the volume of the drive, that is why I am assuming it is from the the same viruses/trojans that are causing the redirect or maybe they brought their friends over. Otherwise it doesn't make sense why everything is so ridiculously slow. Once again, thanks for the help you're giving me, its greatly appreciated.

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:55 PM

Posted 22 August 2011 - 10:31 AM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 irockthis51

irockthis51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 22 August 2011 - 07:54 PM

So I ran the TDSS Scan twice and it did not come up with anything. Below is the log for the scan. I am wondering if the two trojans that I found during the ESET scan might be the cause of this? Do you think I should rerun the ESET scan and remove those? Thanks a lot for the help again man I really appreciate everything you guys do here, how did you learn all this stuff? :)


2011/08/22 20:39:48.0062 3460 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/22 20:39:48.0296 3460 ================================================================================
2011/08/22 20:39:48.0296 3460 SystemInfo:
2011/08/22 20:39:48.0296 3460
2011/08/22 20:39:48.0296 3460 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/22 20:39:48.0296 3460 Product type: Workstation
2011/08/22 20:39:48.0296 3460 ComputerName: VANJAVLAJNIC-PC
2011/08/22 20:39:48.0296 3460 UserName: Vanja Vlajnic
2011/08/22 20:39:48.0296 3460 Windows directory: C:\Windows
2011/08/22 20:39:48.0296 3460 System windows directory: C:\Windows
2011/08/22 20:39:48.0296 3460 Processor architecture: Intel x86
2011/08/22 20:39:48.0296 3460 Number of processors: 2
2011/08/22 20:39:48.0296 3460 Page size: 0x1000
2011/08/22 20:39:48.0296 3460 Boot type: Normal boot
2011/08/22 20:39:48.0296 3460 ================================================================================
2011/08/22 20:39:51.0228 3460 Initialize success
2011/08/22 20:39:54.0692 3340 ================================================================================
2011/08/22 20:39:54.0692 3340 Scan started
2011/08/22 20:39:54.0692 3340 Mode: Manual;
2011/08/22 20:39:54.0692 3340 ================================================================================
2011/08/22 20:39:57.0718 3340 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/22 20:39:59.0278 3340 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/22 20:40:00.0807 3340 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/22 20:40:01.0977 3340 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/22 20:40:03.0365 3340 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/22 20:40:04.0779 3340 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/22 20:40:06.0744 3340 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/08/22 20:40:07.0805 3340 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/22 20:40:08.0804 3340 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/22 20:40:10.0192 3340 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/22 20:40:11.0268 3340 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/22 20:40:12.0579 3340 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/22 20:40:14.0092 3340 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/22 20:40:15.0122 3340 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/22 20:40:16.0182 3340 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/22 20:40:17.0914 3340 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/22 20:40:19.0100 3340 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/22 20:40:20.0660 3340 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/22 20:40:22.0079 3340 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/22 20:40:23.0483 3340 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/22 20:40:24.0653 3340 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/22 20:40:26.0042 3340 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/22 20:40:27.0539 3340 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/22 20:40:29.0177 3340 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/22 20:40:30.0581 3340 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/22 20:40:32.0095 3340 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/22 20:40:33.0155 3340 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/22 20:40:34.0419 3340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/22 20:40:35.0480 3340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/22 20:40:36.0665 3340 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/22 20:40:38.0257 3340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/22 20:40:39.0598 3340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/22 20:40:40.0675 3340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/22 20:40:41.0829 3340 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/22 20:40:43.0342 3340 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/22 20:40:44.0575 3340 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/08/22 20:40:45.0729 3340 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/22 20:40:46.0353 3340 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/22 20:40:47.0320 3340 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/22 20:40:48.0459 3340 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/22 20:40:49.0723 3340 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/22 20:40:51.0095 3340 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/22 20:40:52.0531 3340 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/22 20:40:53.0888 3340 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/22 20:40:55.0229 3340 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/08/22 20:40:56.0587 3340 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/22 20:40:58.0037 3340 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/22 20:40:59.0192 3340 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/22 20:41:00.0643 3340 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/22 20:41:01.0922 3340 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/22 20:41:03.0934 3340 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/22 20:41:05.0541 3340 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/22 20:41:06.0789 3340 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/22 20:41:08.0099 3340 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/22 20:41:09.0332 3340 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/22 20:41:10.0673 3340 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/22 20:41:11.0828 3340 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/22 20:41:12.0998 3340 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/22 20:41:14.0308 3340 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/22 20:41:15.0572 3340 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/22 20:41:16.0945 3340 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/22 20:41:17.0943 3340 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/22 20:41:19.0316 3340 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/22 20:41:20.0611 3340 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/22 20:41:22.0124 3340 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/22 20:41:23.0590 3340 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/22 20:41:25.0010 3340 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/22 20:41:26.0242 3340 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/22 20:41:27.0287 3340 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/22 20:41:28.0489 3340 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/22 20:41:29.0643 3340 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/22 20:41:31.0234 3340 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/22 20:41:32.0560 3340 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/22 20:41:33.0715 3340 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/22 20:41:35.0228 3340 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/08/22 20:41:36.0273 3340 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/22 20:41:38.0426 3340 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/22 20:41:39.0830 3340 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/22 20:41:40.0703 3340 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/22 20:41:42.0029 3340 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/22 20:41:43.0059 3340 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/22 20:41:44.0151 3340 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/22 20:41:45.0243 3340 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/22 20:41:46.0647 3340 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/22 20:41:47.0957 3340 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/22 20:41:48.0893 3340 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/22 20:41:50.0063 3340 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/08/22 20:41:51.0202 3340 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/08/22 20:41:52.0263 3340 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/22 20:41:53.0324 3340 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/22 20:41:54.0478 3340 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/22 20:41:55.0898 3340 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/22 20:41:56.0990 3340 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/22 20:41:58.0082 3340 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/22 20:41:59.0143 3340 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/22 20:42:00.0562 3340 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/22 20:42:01.0904 3340 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/22 20:42:03.0479 3340 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/22 20:42:05.0492 3340 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/22 20:42:08.0674 3340 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/22 20:42:10.0078 3340 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/22 20:42:11.0108 3340 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/22 20:42:11.0701 3340 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/22 20:42:13.0479 3340 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/22 20:42:14.0961 3340 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/22 20:42:16.0225 3340 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/22 20:42:17.0457 3340 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/22 20:42:17.0800 3340 MpKslf6f74358 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D688200-F4A3-4A5D-9506-E58E2E086099}\MpKslf6f74358.sys
2011/08/22 20:42:18.0924 3340 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/22 20:42:20.0437 3340 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/22 20:42:21.0638 3340 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/22 20:42:22.0746 3340 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/22 20:42:23.0900 3340 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/22 20:42:24.0727 3340 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/22 20:42:25.0257 3340 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/22 20:42:25.0772 3340 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/22 20:42:26.0349 3340 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/22 20:42:26.0926 3340 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/22 20:42:27.0613 3340 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/22 20:42:28.0190 3340 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/22 20:42:28.0736 3340 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/22 20:42:29.0329 3340 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/22 20:42:29.0875 3340 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/22 20:42:30.0421 3340 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/22 20:42:30.0967 3340 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/22 20:42:31.0513 3340 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/22 20:42:32.0043 3340 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/22 20:42:32.0995 3340 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/22 20:42:33.0572 3340 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/22 20:42:34.0118 3340 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/22 20:42:34.0648 3340 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/22 20:42:35.0179 3340 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/22 20:42:35.0756 3340 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/22 20:42:36.0302 3340 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/22 20:42:36.0848 3340 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/22 20:42:37.0394 3340 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/22 20:42:38.0392 3340 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/08/22 20:42:39.0110 3340 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/22 20:42:39.0656 3340 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/22 20:42:40.0233 3340 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/22 20:42:40.0779 3340 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/22 20:42:41.0356 3340 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/22 20:42:41.0949 3340 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/22 20:42:42.0495 3340 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/22 20:42:43.0026 3340 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/22 20:42:43.0790 3340 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/22 20:42:44.0320 3340 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/22 20:42:44.0944 3340 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/22 20:42:45.0506 3340 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/22 20:42:46.0052 3340 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/22 20:42:46.0614 3340 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/22 20:42:47.0160 3340 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/22 20:42:47.0706 3340 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/22 20:42:48.0236 3340 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/22 20:42:48.0922 3340 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/22 20:42:49.0702 3340 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/22 20:42:50.0248 3340 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/22 20:42:50.0826 3340 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/22 20:42:51.0403 3340 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/22 20:42:52.0027 3340 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/22 20:42:52.0588 3340 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/22 20:42:53.0134 3340 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/22 20:42:53.0712 3340 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/22 20:42:54.0304 3340 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/22 20:42:55.0038 3340 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/22 20:42:55.0615 3340 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/22 20:42:56.0176 3340 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/22 20:42:56.0722 3340 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/22 20:42:57.0268 3340 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/22 20:42:57.0814 3340 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/08/22 20:42:58.0360 3340 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/22 20:42:58.0906 3340 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/22 20:42:59.0562 3340 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/22 20:43:00.0123 3340 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/22 20:43:00.0685 3340 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/22 20:43:01.0324 3340 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/22 20:43:01.0870 3340 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/08/22 20:43:02.0432 3340 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/22 20:43:02.0978 3340 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/22 20:43:03.0555 3340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/22 20:43:04.0101 3340 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/22 20:43:04.0632 3340 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/22 20:43:05.0162 3340 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/22 20:43:05.0755 3340 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/08/22 20:43:06.0270 3340 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/08/22 20:43:06.0784 3340 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/22 20:43:07.0315 3340 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/22 20:43:07.0845 3340 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/22 20:43:08.0407 3340 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/22 20:43:08.0984 3340 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/22 20:43:09.0530 3340 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/22 20:43:10.0076 3340 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/22 20:43:10.0638 3340 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/22 20:43:11.0230 3340 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/08/22 20:43:11.0792 3340 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/22 20:43:12.0369 3340 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/22 20:43:13.0243 3340 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/22 20:43:13.0836 3340 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/22 20:43:14.0413 3340 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/22 20:43:15.0006 3340 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/22 20:43:15.0583 3340 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/22 20:43:16.0129 3340 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/08/22 20:43:16.0659 3340 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/22 20:43:17.0876 3340 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/08/22 20:43:18.0531 3340 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/22 20:43:19.0077 3340 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/22 20:43:19.0639 3340 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/22 20:43:20.0169 3340 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/22 20:43:20.0715 3340 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/22 20:43:21.0246 3340 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/22 20:43:21.0885 3340 TPkd (a685ea497fb6a6f4ffee705caf185096) C:\Windows\system32\drivers\TPkd.sys
2011/08/22 20:43:22.0509 3340 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/22 20:43:23.0055 3340 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/22 20:43:24.0163 3340 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/22 20:43:24.0709 3340 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/22 20:43:25.0270 3340 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/22 20:43:25.0863 3340 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/22 20:43:26.0409 3340 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/08/22 20:43:26.0955 3340 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/22 20:43:27.0501 3340 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
2011/08/22 20:43:28.0016 3340 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/22 20:43:28.0578 3340 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/22 20:43:29.0139 3340 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/22 20:43:29.0685 3340 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/08/22 20:43:30.0231 3340 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/22 20:43:30.0762 3340 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/22 20:43:31.0292 3340 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/22 20:43:31.0900 3340 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/22 20:43:32.0478 3340 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/22 20:43:33.0024 3340 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/22 20:43:34.0053 3340 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/22 20:43:34.0630 3340 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/22 20:43:35.0192 3340 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/22 20:43:35.0738 3340 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/22 20:43:36.0268 3340 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/08/22 20:43:36.0814 3340 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/22 20:43:37.0345 3340 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/22 20:43:37.0906 3340 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/22 20:43:38.0437 3340 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/22 20:43:39.0014 3340 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/22 20:43:39.0576 3340 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/08/22 20:43:40.0137 3340 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/22 20:43:40.0699 3340 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/22 20:43:40.0714 3340 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/22 20:43:41.0354 3340 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/22 20:43:41.0916 3340 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/22 20:43:42.0524 3340 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/22 20:43:43.0070 3340 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/22 20:43:43.0710 3340 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/22 20:43:44.0334 3340 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/22 20:43:44.0926 3340 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/22 20:43:45.0535 3340 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/22 20:43:46.0112 3340 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/08/22 20:43:46.0190 3340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/22 20:43:46.0221 3340 Boot (0x1200) (b2f26b84482d01d69aa5a8b40809a806) \Device\Harddisk0\DR0\Partition0
2011/08/22 20:43:46.0237 3340 ================================================================================
2011/08/22 20:43:46.0237 3340 Scan finished
2011/08/22 20:43:46.0237 3340 ================================================================================
2011/08/22 20:43:46.0268 3716 Detected object count: 0
2011/08/22 20:43:46.0268 3716 Actual detected object count: 0
2011/08/22 20:52:21.0287 3496 Deinitialize success

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:55 PM

Posted 23 August 2011 - 11:12 AM

Hi again,

Let's run one more tool.

Download aswMBR to your desktop. Double click the aswMBR.exe to run it. Click the Scan button to start scan.

On completion of the scan click save log, save it to your desktop and post in your next reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 irockthis51

irockthis51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 23 August 2011 - 04:47 PM

Hey man heres the log from aswMBR. An interesting thing happened when I ran the scan the first time, it randomly restarted my computer, i dont think it was part of the scan because its not like the scan started back up when the computer restarted, I got that screen that asks if you want to start windows in safe mode or to start it up normally. I started up windows normally and then ran the scan again with no problems and here is the log from the second time around because it never finished the first time:


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-23 17:43:42
-----------------------------
17:43:42.286 OS Version: Windows 6.1.7601 Service Pack 1
17:43:42.286 Number of processors: 2 586 0xF0D
17:43:42.286 ComputerName: VANJAVLAJNIC-PC UserName: Vanja Vlajnic
17:44:03.908 Initialize success
17:44:09.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
17:44:09.328 Disk 0 Vendor: ST9250827AS 3.AAB Size: 238475MB BusType: 11
17:44:11.372 Disk 0 MBR read successfully
17:44:11.372 Disk 0 MBR scan
17:44:11.372 Disk 0 Windows 7 default MBR code
17:44:11.387 Disk 0 scanning sectors +488394752
17:44:11.496 Disk 0 scanning C:\Windows\system32\drivers
17:44:19.328 Service scanning
17:44:22.385 Service MpKslb1d2df19 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D688200-F4A3-4A5D-9506-E58E2E086099}\MpKslb1d2df19.sys **LOCKED** 32
17:44:22.385 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
17:44:23.040 Modules scanning
17:44:41.994 Disk 0 trace - called modules:
17:44:42.026 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
17:44:42.026 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d73328]
17:44:42.041 3 CLASSPNP.SYS[8ae1759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x858d5030]
17:44:42.041 Scan finished successfully
17:44:54.131 Disk 0 MBR has been saved successfully to "C:\Users\Vanja Vlajnic\Desktop\MBR.dat"
17:44:54.147 The log file has been saved successfully to "C:\Users\Vanja Vlajnic\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users