Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Qooqlle Virus infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 sammy_1212

sammy_1212

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 14 September 2011 - 11:06 PM

Hello!

My computer has been infected with the qooqlle virus for a while now, both Google Chrome and Internet explorer get redirected to not very nice websites. I installed AVG but it hasn't been able to detect and remove the virus...I have tried all the steps mentioned in this post except for the last OTL step which involved putting in some codes... http://www.bleepingcomputer.com/forums/topic380274.html/page__p__2163232__hl__qooqlle__fromsearch__1#entry2163232

Oh and I run Windows 7 OS, not sure if it's 32bit or 64bit...

Please help ASAP, let me know if you need me to include a DDS log.

Thank you!!! :)

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:33 PM

Posted 14 September 2011 - 11:23 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 sammy_1212

sammy_1212
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 15 September 2011 - 08:39 AM

Hello,

Here's the problem description again: Internet Explorer and Google Chrome's home page keeps resetting to qooqlle.com every time I restart my computer.
Here is the DDS log (I've also attached the DDS- attach.txt file and GMER- ark.txt file)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Ammu at 5:13:08 on 2011-09-15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1762 [GMT -7:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Autodesk\SketchBook Pro 2011\SketchBookSnapshot.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgsrmax.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.qooqlle.com/
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.6\dealioToolbarIE.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.6\dealioToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\ammu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Bamboo Dock] "c:\program files\bamboo dock\bamboo dock\Bamboo Dock.exe"
uRun: [AdobeBridge]
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [Facebook Update] "c:\users\ammu\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [GProton] %ALLUSERSPROFILE%\GProton.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sketch~1.lnk - c:\program files\autodesk\sketchbook pro 2011\SketchBookSnapshot.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 125.22.47.125 125.22.47.100 192.168.1.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9} : DhcpNameServer = 125.22.47.125 125.22.47.100 192.168.1.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\352796378647960223E6460264C6F6F627 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\35279637864796027427F657E6460266C6F6F62702 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\3527963786479602F46666963656 : DhcpNameServer = 192.168.50.3 192.168.50.5
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\35279637864796E433D243 : DhcpNameServer = 192.168.40.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\35279637864796E433D253 : DhcpNameServer = 192.168.20.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\37279637864796 : DhcpNameServer = 8.8.8.8 121.242.190.180 125.22.47.125
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-8-16 5264736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-4-8 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-4-8 416112]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-1 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-6 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-12 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-6 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-8 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-17 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-09-14 14:40:04 -------- d-----w- c:\program files\freecordertoolbar
2011-09-14 14:39:24 -------- d-----w- c:\program files\Freecorder
2011-09-06 19:58:08 -------- d-----w- c:\programdata\Uniblue
2011-09-02 03:08:30 -------- d--h--w- C:\$AVG
2011-09-02 02:35:15 -------- d-----w- c:\users\ammu\appdata\roaming\AVG2012
2011-09-02 02:34:38 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-09-02 02:34:38 -------- d-----w- c:\program files\AVG Secure Search
2011-09-02 02:34:35 -------- d--h--w- c:\programdata\Common Files
2011-09-02 02:33:36 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-02 02:33:36 -------- d-----w- c:\programdata\AVG2012
2011-09-02 02:32:59 -------- d-----w- c:\program files\AVG
2011-09-02 02:23:20 -------- d-----w- c:\programdata\MFAData
2011-08-31 19:39:40 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a43fbeda-3996-4612-914b-829971cb4195}\mpengine.dll
2011-08-30 06:00:58 -------- d-----w- c:\program files\Comical
2011-08-25 05:43:04 -------- d-----w- c:\users\ammu\appdata\roaming\Autodesk
2011-08-25 05:43:03 -------- d-----w- c:\programdata\Alias
2011-08-25 05:42:55 -------- d-----w- c:\program files\Autodesk
2011-08-25 05:40:36 -------- d-----w- C:\Autodesk
2011-08-25 04:03:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 03:08:33 -------- d-----w- c:\program files\Dealio Toolbar
2011-08-24 03:08:33 -------- d-----w- c:\program files\common files\Spigot
2011-08-24 03:08:33 -------- d-----w- c:\program files\Application Updater
2011-08-18 21:07:18 -------- d-----w- c:\users\ammu\appdata\roaming\Fontographer
2011-08-18 21:07:13 -------- d-----w- c:\program files\common files\Fontlab
2011-08-18 21:07:11 -------- d-----w- c:\program files\Fontlab
.
==================== Find3M ====================
.
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 08:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14:12 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14:12 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 5:15:16.83 ===============

Thank you so much :) I really really appreciate the help :)

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 19 September 2011 - 11:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419025 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:33 PM

Posted 20 September 2011 - 04:23 AM

Hi, if you still need help, post the requested logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 sammy_1212

sammy_1212
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 20 September 2011 - 08:53 AM

Hello,

Sorry for the delay in posting the logs. I encountered a problem when I ran GMER, it scans for a while and then there's a Blue screen error message and my computer restarts!! It has happened twice, the message that pops up after the restart is - "Windows has recovered from an unexpected shutdown" and i get options to check for solutions. GMER ran fine the first time I tried it; The ark file is attached to my first post in this thread.

As I've mentioned earlier, I've been having problems with the qooqlle virus,the homepages of Google Chrome and Internet Explorer reset to qooqlle.com after every restart!

I was able to get the DDS logs again - here they are:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Ammu at 5:54:09 on 2011-09-20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1664 [GMT -7:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Autodesk\SketchBook Pro 2011\SketchBookSnapshot.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgsrmax.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Ammu\AppData\Local\Temp\Rar$EX19.384\gmer.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Users\Ammu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.qooqlle.com/
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.6\dealioToolbarIE.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.6\dealioToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files\freecordertoolbar\vmntemplateX.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\ammu\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Bamboo Dock] "c:\program files\bamboo dock\bamboo dock\Bamboo Dock.exe"
uRun: [AdobeBridge]
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [Facebook Update] "c:\users\ammu\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [GProton] %ALLUSERSPROFILE%\GProton.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sketch~1.lnk - c:\program files\autodesk\sketchbook pro 2011\SketchBookSnapshot.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 125.22.47.125 125.22.47.100 192.168.1.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9} : DhcpNameServer = 125.22.47.125 125.22.47.100 192.168.1.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\352796378647960223E6460264C6F6F627 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\35279637864796027427F657E6460266C6F6F62702 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\3527963786479602C4962627162797 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\3527963786479602F46666963656 : DhcpNameServer = 192.168.50.3 192.168.50.5
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\35279637864796E433D243 : DhcpNameServer = 192.168.40.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\35279637864796E433D253 : DhcpNameServer = 192.168.20.1
TCP: Interfaces\{7C5FB2C0-6063-4093-8D24-43D4F82328D9}\37279637864796 : DhcpNameServer = 8.8.8.8 121.242.190.180 125.22.47.125
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-8-19 2399560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-4-8 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-4-8 416112]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-1 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-6 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-12 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-6 136176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-8 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-17 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-09-18 10:32:40 -------- d-----w- c:\program files\Conduit
2011-09-18 10:32:37 -------- d-----w- c:\users\ammu\appdata\local\Conduit
2011-09-14 14:40:04 -------- d-----w- c:\program files\freecordertoolbar
2011-09-14 14:39:24 -------- d-----w- c:\program files\Freecorder
2011-09-06 19:58:08 -------- d-----w- c:\programdata\Uniblue
2011-09-02 03:08:30 -------- d--h--w- C:\$AVG
2011-09-02 02:35:15 -------- d-----w- c:\users\ammu\appdata\roaming\AVG2012
2011-09-02 02:34:38 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-09-02 02:34:38 -------- d-----w- c:\program files\AVG Secure Search
2011-09-02 02:34:35 -------- d--h--w- c:\programdata\Common Files
2011-09-02 02:33:36 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-02 02:33:36 -------- d-----w- c:\programdata\AVG2012
2011-09-02 02:32:59 -------- d-----w- c:\program files\AVG
2011-09-02 02:23:20 -------- d-----w- c:\programdata\MFAData
2011-08-31 19:39:40 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a43fbeda-3996-4612-914b-829971cb4195}\mpengine.dll
2011-08-30 06:00:58 -------- d-----w- c:\program files\Comical
2011-08-25 05:43:04 -------- d-----w- c:\users\ammu\appdata\roaming\Autodesk
2011-08-25 05:43:03 -------- d-----w- c:\programdata\Alias
2011-08-25 05:42:55 -------- d-----w- c:\program files\Autodesk
2011-08-25 05:40:36 -------- d-----w- C:\Autodesk
2011-08-25 04:03:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 03:08:33 -------- d-----w- c:\program files\Dealio Toolbar
2011-08-24 03:08:33 -------- d-----w- c:\program files\common files\Spigot
2011-08-24 03:08:33 -------- d-----w- c:\program files\Application Updater
.
==================== Find3M ====================
.
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 08:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14:12 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14:12 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 5:54:43.93 ===============


Thankyou sooo much!! :)

Attached Files



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:33 PM

Posted 20 September 2011 - 09:30 AM

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 sammy_1212

sammy_1212
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 20 September 2011 - 09:38 AM

Hi, it didn't find anything!

Here's the TDSSkiller log -


2011/09/20 07:35:16.0262 5024 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/20 07:35:18.0286 5024 ================================================================================
2011/09/20 07:35:18.0286 5024 SystemInfo:
2011/09/20 07:35:18.0287 5024
2011/09/20 07:35:18.0287 5024 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/20 07:35:18.0287 5024 Product type: Workstation
2011/09/20 07:35:18.0288 5024 ComputerName: AMMU-PC
2011/09/20 07:35:18.0288 5024 UserName: Ammu
2011/09/20 07:35:18.0288 5024 Windows directory: C:\Windows
2011/09/20 07:35:18.0288 5024 System windows directory: C:\Windows
2011/09/20 07:35:18.0289 5024 Processor architecture: Intel x86
2011/09/20 07:35:18.0289 5024 Number of processors: 2
2011/09/20 07:35:18.0289 5024 Page size: 0x1000
2011/09/20 07:35:18.0289 5024 Boot type: Normal boot
2011/09/20 07:35:18.0289 5024 ================================================================================
2011/09/20 07:35:21.0110 5024 Initialize success
2011/09/20 07:35:59.0222 5456 ================================================================================
2011/09/20 07:35:59.0223 5456 Scan started
2011/09/20 07:35:59.0223 5456 Mode: Manual;
2011/09/20 07:35:59.0223 5456 ================================================================================
2011/09/20 07:36:00.0530 5456 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/20 07:36:00.0654 5456 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/09/20 07:36:00.0743 5456 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/20 07:36:00.0824 5456 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/20 07:36:00.0958 5456 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/09/20 07:36:01.0099 5456 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/20 07:36:01.0165 5456 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/20 07:36:01.0210 5456 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/20 07:36:01.0318 5456 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/09/20 07:36:01.0425 5456 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/09/20 07:36:01.0526 5456 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/20 07:36:01.0587 5456 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/20 07:36:01.0688 5456 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/20 07:36:01.0762 5456 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/09/20 07:36:01.0812 5456 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/20 07:36:01.0868 5456 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/20 07:36:01.0947 5456 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/20 07:36:02.0021 5456 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/09/20 07:36:02.0082 5456 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/20 07:36:02.0151 5456 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/09/20 07:36:02.0211 5456 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/09/20 07:36:02.0426 5456 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/20 07:36:02.0488 5456 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/20 07:36:02.0552 5456 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/20 07:36:02.0633 5456 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/20 07:36:02.0783 5456 athr (8a6f60baa4660bcfa1919e29e89acf89) C:\Windows\system32\DRIVERS\athr.sys
2011/09/20 07:36:03.0164 5456 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/20 07:36:03.0506 5456 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2011/09/20 07:36:03.0607 5456 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/20 07:36:03.0661 5456 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/09/20 07:36:03.0708 5456 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/20 07:36:03.0795 5456 AVGIDSShim (44d562825d811eea3c8cd6140cbad5d0) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/09/20 07:36:03.0863 5456 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/09/20 07:36:03.0919 5456 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/09/20 07:36:03.0994 5456 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/09/20 07:36:04.0070 5456 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/09/20 07:36:04.0178 5456 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/20 07:36:04.0269 5456 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/20 07:36:04.0363 5456 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/20 07:36:04.0497 5456 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/20 07:36:04.0597 5456 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/20 07:36:04.0648 5456 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/20 07:36:04.0686 5456 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/20 07:36:04.0811 5456 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/20 07:36:04.0878 5456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/20 07:36:04.0959 5456 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/20 07:36:05.0034 5456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/20 07:36:05.0166 5456 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/09/20 07:36:05.0248 5456 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/20 07:36:05.0333 5456 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/20 07:36:05.0430 5456 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
2011/09/20 07:36:05.0557 5456 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
2011/09/20 07:36:05.0647 5456 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/20 07:36:05.0737 5456 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/20 07:36:05.0804 5456 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/20 07:36:05.0855 5456 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/20 07:36:05.0928 5456 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/20 07:36:05.0972 5456 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/20 07:36:06.0027 5456 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/20 07:36:06.0077 5456 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/20 07:36:06.0133 5456 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/20 07:36:06.0212 5456 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/20 07:36:06.0318 5456 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/09/20 07:36:06.0435 5456 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/09/20 07:36:06.0500 5456 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/20 07:36:06.0571 5456 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/20 07:36:06.0691 5456 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/20 07:36:06.0782 5456 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/20 07:36:06.0963 5456 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/20 07:36:07.0264 5456 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/20 07:36:07.0355 5456 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/20 07:36:07.0515 5456 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/20 07:36:07.0608 5456 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/20 07:36:07.0696 5456 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/20 07:36:07.0844 5456 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/20 07:36:07.0949 5456 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/20 07:36:08.0059 5456 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/20 07:36:08.0162 5456 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/20 07:36:08.0289 5456 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/20 07:36:08.0379 5456 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/09/20 07:36:08.0488 5456 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/20 07:36:08.0581 5456 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/20 07:36:08.0677 5456 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/20 07:36:08.0860 5456 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/20 07:36:08.0973 5456 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/09/20 07:36:09.0052 5456 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/20 07:36:09.0115 5456 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/20 07:36:09.0180 5456 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/20 07:36:09.0249 5456 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/20 07:36:09.0331 5456 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/20 07:36:09.0467 5456 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/09/20 07:36:09.0531 5456 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/20 07:36:09.0613 5456 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/09/20 07:36:09.0685 5456 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/20 07:36:09.0749 5456 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/20 07:36:09.0844 5456 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/09/20 07:36:09.0931 5456 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/20 07:36:10.0052 5456 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/20 07:36:10.0129 5456 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/20 07:36:10.0224 5456 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/20 07:36:10.0331 5456 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/20 07:36:10.0376 5456 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/20 07:36:10.0434 5456 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/20 07:36:10.0485 5456 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/20 07:36:10.0552 5456 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/20 07:36:10.0619 5456 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/20 07:36:10.0685 5456 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/20 07:36:10.0764 5456 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/20 07:36:10.0828 5456 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/20 07:36:10.0968 5456 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/20 07:36:11.0093 5456 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/20 07:36:11.0158 5456 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/20 07:36:11.0247 5456 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/20 07:36:11.0328 5456 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/20 07:36:11.0408 5456 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/20 07:36:11.0504 5456 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/20 07:36:11.0595 5456 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/20 07:36:11.0670 5456 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/20 07:36:11.0737 5456 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/20 07:36:11.0796 5456 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/20 07:36:11.0852 5456 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/20 07:36:11.0904 5456 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/09/20 07:36:11.0966 5456 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/20 07:36:12.0037 5456 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/20 07:36:12.0101 5456 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/09/20 07:36:12.0188 5456 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/20 07:36:12.0256 5456 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/20 07:36:12.0322 5456 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/20 07:36:12.0385 5456 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/20 07:36:12.0437 5456 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/20 07:36:12.0542 5456 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/20 07:36:12.0615 5456 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/20 07:36:12.0675 5456 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/20 07:36:12.0767 5456 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/20 07:36:12.0811 5456 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/20 07:36:12.0831 5456 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/20 07:36:12.0876 5456 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/20 07:36:12.0912 5456 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/20 07:36:12.0955 5456 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/20 07:36:13.0003 5456 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/20 07:36:13.0059 5456 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/20 07:36:13.0168 5456 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/20 07:36:13.0249 5456 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/09/20 07:36:13.0299 5456 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/20 07:36:13.0356 5456 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/20 07:36:13.0422 5456 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/20 07:36:13.0509 5456 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/20 07:36:13.0591 5456 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/09/20 07:36:13.0664 5456 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/20 07:36:13.0749 5456 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/20 07:36:13.0937 5456 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/20 07:36:14.0004 5456 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/20 07:36:14.0075 5456 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/20 07:36:14.0185 5456 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/09/20 07:36:14.0281 5456 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/20 07:36:14.0360 5456 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/09/20 07:36:14.0448 5456 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/09/20 07:36:14.0528 5456 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/20 07:36:14.0602 5456 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/20 07:36:14.0737 5456 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/20 07:36:14.0811 5456 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/09/20 07:36:14.0898 5456 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/20 07:36:14.0977 5456 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/09/20 07:36:15.0021 5456 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/20 07:36:15.0070 5456 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/20 07:36:15.0118 5456 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/20 07:36:15.0180 5456 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/20 07:36:15.0440 5456 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/20 07:36:15.0495 5456 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/20 07:36:15.0591 5456 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/20 07:36:15.0709 5456 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/20 07:36:15.0801 5456 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/20 07:36:15.0874 5456 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/20 07:36:15.0913 5456 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/20 07:36:15.0978 5456 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/20 07:36:16.0056 5456 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/20 07:36:16.0143 5456 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/20 07:36:16.0208 5456 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/20 07:36:16.0273 5456 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/20 07:36:16.0330 5456 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/20 07:36:16.0392 5456 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/20 07:36:16.0472 5456 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/09/20 07:36:16.0538 5456 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/20 07:36:16.0599 5456 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/20 07:36:16.0647 5456 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/09/20 07:36:16.0748 5456 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/09/20 07:36:16.0847 5456 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/20 07:36:16.0970 5456 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/20 07:36:17.0065 5456 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/09/20 07:36:17.0121 5456 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/20 07:36:17.0215 5456 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/20 07:36:17.0287 5456 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/20 07:36:17.0397 5456 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/20 07:36:17.0507 5456 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/20 07:36:17.0603 5456 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/20 07:36:17.0654 5456 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/20 07:36:17.0705 5456 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/20 07:36:17.0822 5456 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/20 07:36:17.0873 5456 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/20 07:36:17.0933 5456 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/20 07:36:17.0987 5456 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/20 07:36:18.0074 5456 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/09/20 07:36:18.0138 5456 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/20 07:36:18.0192 5456 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/20 07:36:18.0252 5456 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/20 07:36:18.0376 5456 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/20 07:36:18.0490 5456 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/09/20 07:36:18.0555 5456 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/20 07:36:18.0632 5456 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/20 07:36:18.0709 5456 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/20 07:36:18.0771 5456 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/20 07:36:18.0826 5456 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/20 07:36:18.0890 5456 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/20 07:36:19.0150 5456 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
2011/09/20 07:36:19.0292 5456 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/20 07:36:19.0412 5456 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/20 07:36:19.0514 5456 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/09/20 07:36:19.0570 5456 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/09/20 07:36:19.0632 5456 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/20 07:36:19.0690 5456 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/20 07:36:19.0863 5456 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/20 07:36:19.0944 5456 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/20 07:36:20.0005 5456 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/20 07:36:20.0052 5456 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/20 07:36:20.0216 5456 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/20 07:36:20.0287 5456 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/20 07:36:20.0360 5456 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/20 07:36:20.0506 5456 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/20 07:36:20.0576 5456 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/20 07:36:20.0666 5456 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/20 07:36:20.0748 5456 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/20 07:36:20.0794 5456 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/20 07:36:20.0835 5456 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/20 07:36:20.0901 5456 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/20 07:36:20.0976 5456 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/09/20 07:36:21.0059 5456 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/20 07:36:21.0148 5456 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/20 07:36:21.0232 5456 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/20 07:36:21.0296 5456 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/20 07:36:21.0344 5456 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/20 07:36:21.0397 5456 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/09/20 07:36:21.0454 5456 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/20 07:36:21.0508 5456 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/20 07:36:21.0569 5456 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/20 07:36:21.0608 5456 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/20 07:36:21.0670 5456 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/20 07:36:21.0730 5456 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/20 07:36:21.0802 5456 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/20 07:36:21.0866 5456 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/20 07:36:21.0950 5456 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/20 07:36:22.0016 5456 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/20 07:36:22.0086 5456 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/20 07:36:22.0191 5456 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/09/20 07:36:22.0269 5456 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/09/20 07:36:22.0323 5456 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/20 07:36:22.0402 5456 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/09/20 07:36:22.0463 5456 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/20 07:36:22.0507 5456 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/20 07:36:22.0636 5456 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/20 07:36:22.0713 5456 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/20 07:36:22.0888 5456 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/20 07:36:22.0970 5456 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/20 07:36:23.0135 5456 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/20 07:36:23.0246 5456 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/20 07:36:23.0381 5456 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/20 07:36:23.0494 5456 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/20 07:36:23.0586 5456 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/20 07:36:23.0859 5456 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/20 07:36:23.0937 5456 Boot (0x1200) (73a93a91d2cf376fa649cc8ee2e34e1d) \Device\Harddisk0\DR0\Partition0
2011/09/20 07:36:24.0011 5456 Boot (0x1200) (a7de45bc5a5a5f390fd740cc0becc581) \Device\Harddisk0\DR0\Partition1
2011/09/20 07:36:24.0051 5456 Boot (0x1200) (720ffd3cf440d4a3a9fbe8601d7c1fe1) \Device\Harddisk0\DR0\Partition2
2011/09/20 07:36:24.0091 5456 Boot (0x1200) (c01b9a8c84f8f9220dcd0e4230654ad3) \Device\Harddisk0\DR0\Partition3
2011/09/20 07:36:24.0109 5456 ================================================================================
2011/09/20 07:36:24.0109 5456 Scan finished
2011/09/20 07:36:24.0109 5456 ================================================================================
2011/09/20 07:36:24.0139 4656 Detected object count: 0
2011/09/20 07:36:24.0139 4656 Actual detected object count: 0
2011/09/20 07:36:36.0397 4500 Deinitialize success

Thanks :)

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:33 PM

Posted 20 September 2011 - 10:17 AM

That is always a good thing. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 sammy_1212

sammy_1212
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 20 September 2011 - 01:28 PM

Hello again,

I ran combofix twice because the first time, it got stuck right at the end on the 'creating log files' message for about ten mins, also AVG had enabled itself again! I closed it, logged off and came back on and ran it again...this time the whole thing came through quickly. I hope this didn't mess things up...but here's the log anyway -


ComboFix 11-09-20.04 - Ammu 09/20/2011 11:05:59.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1866 [GMT -7:00]
Running from: c:\users\Ammu\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.6\config.ini
c:\program files\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\programdata\GProton.exe
c:\programdata\Microsoft\Crypto\DSS\MachineKeys\MachineKeys.exe
c:\programdata\Microsoft\Crypto\RSA\MachineKeys\MachineKeys.exe
c:\users\Ammu\Documents\~WRD3165.tmp
c:\users\Ammu\Documents\~WRL0417.tmp
c:\users\Ammu\Documents\~WRL1287.tmp
c:\users\Ammu\Documents\~WRL1430.tmp
c:\users\Ammu\Documents\~WRL1916.tmp
c:\users\Ammu\Documents\~WRL2714.tmp
c:\users\Ammu\Documents\~WRL3229.tmp
c:\users\Ammu\Documents\~WRL3600.tmp
c:\windows\7Loader.TAG
c:\windows\system32\mfc100deu.dll
c:\windows\Tasks\Tasks.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))
.
.
2011-09-20 18:17 . 2011-09-20 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-18 10:32 . 2011-09-18 10:32 -------- d-----w- c:\program files\Conduit
2011-09-18 10:32 . 2011-09-18 10:32 -------- d-----w- c:\users\Ammu\AppData\Local\Conduit
2011-09-14 14:40 . 2011-09-14 14:40 -------- d-----w- c:\program files\freecordertoolbar
2011-09-14 14:39 . 2011-09-18 10:32 -------- d-----w- c:\program files\Freecorder
2011-09-06 19:58 . 2011-09-06 19:58 -------- d-----w- c:\programdata\Uniblue
2011-09-02 03:08 . 2011-09-02 03:08 -------- d-----w- C:\$AVG
2011-09-02 02:35 . 2011-09-02 02:35 -------- d-----w- c:\users\Ammu\AppData\Roaming\AVG2012
2011-09-02 02:34 . 2011-09-02 02:34 -------- d-----w- c:\program files\AVG Secure Search
2011-09-02 02:34 . 2011-09-02 02:34 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-09-02 02:34 . 2011-09-02 02:34 -------- d--h--w- c:\programdata\Common Files
2011-09-02 02:33 . 2011-09-20 12:41 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-02 02:33 . 2011-09-02 02:47 -------- d-----w- c:\programdata\AVG2012
2011-09-02 02:32 . 2011-09-02 02:32 -------- d-----w- c:\program files\AVG
2011-09-02 02:23 . 2011-09-20 12:41 -------- d-----w- c:\programdata\MFAData
2011-08-31 19:39 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A43FBEDA-3996-4612-914B-829971CB4195}\mpengine.dll
2011-08-30 06:00 . 2011-08-30 06:00 -------- d-----w- c:\program files\Comical
2011-08-25 05:43 . 2011-08-25 05:43 -------- d-----w- c:\users\Ammu\AppData\Roaming\Autodesk
2011-08-25 05:43 . 2011-08-25 05:44 -------- d-----w- c:\programdata\Alias
2011-08-25 05:42 . 2011-08-25 05:42 -------- d-----w- c:\program files\Autodesk
2011-08-25 05:41 . 2011-08-25 05:41 -------- d-----w- c:\program files\Common Files\InstallShield
2011-08-25 05:40 . 2011-08-25 05:40 -------- d-----w- C:\Autodesk
2011-08-25 04:03 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 03:08 . 2011-08-24 03:08 -------- d-----w- c:\program files\Common Files\Spigot
2011-08-24 03:08 . 2011-08-24 03:08 -------- d-----w- c:\program files\Application Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-22 04:56 . 2011-08-11 16:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37 . 2011-08-11 16:44 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-11 16:44 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-11 16:44 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-11 16:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 16:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 16:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 16:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 16:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14 . 2011-07-11 08:14 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-09 02:26 . 2011-08-11 16:44 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 04:38 . 2011-08-11 16:44 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38 . 2011-08-11 16:44 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 23:54 175912 ----a-w- c:\program files\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 20:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-02 02:34 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-02 1451336]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-12 14940040]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-07 39408]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
"Facebook Update"="c:\users\Ammu\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-12 137536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-05-12 629848]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-02 218440]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-25 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBook Pro 2011\SketchBookSnapshot.exe [2011-7-21 720384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-01 5265248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-11 16240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-17 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-07-11 32464]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-08-19 2399560]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 4869488]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 416112]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-02 246600]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 70237951
*Deregistered* - 70237951
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-20 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2002-01-18 19:22]
.
2011-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1802067988-2745940071-1226160592-1000Core.job
- c:\users\Ammu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 21:57]
.
2011-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1802067988-2745940071-1226160592-1000UA.job
- c:\users\Ammu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-12 21:57]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 02:42]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-07 02:42]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1802067988-2745940071-1226160592-1000Core.job
- c:\users\Ammu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 08:39]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1802067988-2745940071-1226160592-1000UA.job
- c:\users\Ammu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 08:39]
.
2011-09-17 c:\windows\Tasks\HPCeeScheduleForAmmu.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 125.22.47.125 125.22.47.100 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Bamboo Dock - c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-GProton - c:\programdata\GProton.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1802067988-2745940071-1226160592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1802067988-2745940071-1226160592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3096)
c:\users\Ammu\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-09-20 11:20:36
ComboFix-quarantined-files.txt 2011-09-20 18:20
.
Pre-Run: 1,509,998,592 bytes free
Post-Run: 1,750,388,736 bytes free
.
- - End Of File - - 96C1B56E345006EB4E1C807B4064ABE1

thank you :)

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:33 PM

Posted 20 September 2011 - 01:51 PM

How are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 sammy_1212

sammy_1212
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 20 September 2011 - 10:31 PM

Hello,

qooqlle is GONE!!! :D :D :D yaaay! homepages are back to google.com or whatever :) Thanks!

Is this it or will it need more cleaning up?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:33 PM

Posted 21 September 2011 - 02:09 AM

Hi, good to hear that!

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 sammy_1212

sammy_1212
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 21 September 2011 - 12:28 PM

Hi,

I uninstalled utorrent! here's the log -


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7761

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/21/2011 10:20:34 AM
mbam-log-2011-09-21 (10-20-34).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 630234
Time elapsed: 4 hour(s), 45 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Ammu\downloads\adobe flash professional cs5 v11.0.0.485 + keygen {archon}\adobe flash professional cs5 v11.0.0.485\adobe flash professional cs5 v11.0.0.485\your software here\Keygen\adobe.flash.professional.cs5.keymaker-embrace.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\program files\av digital talking parrot\dealiokit1-stub-0.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\LocalLow\application updater\temp\~wt1FEE.tmp (PUP.Dealio.TB) -> Quarantined and deleted successfully.
d:\program files\betterjpeg\betterjpeg.exe (Malware.NSPack) -> Quarantined and deleted successfully.
d:\Users\hp\documents\downloads\installer_cdisplay_english (1).exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
d:\Users\hp\documents\downloads\installer_cdisplay_english.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:33 PM

Posted 21 September 2011 - 12:41 PM

Hi, the detected files were remnants. Lets do one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users