Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus/malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 davcol46

davcol46

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 10 October 2011 - 07:56 PM

Transferred from http://www.bleepingcomputer.com/forums/topic421535.html/page__pid__2427201#entry2427201

Ratman suggested I post here after cleaning up 99% of the problem (see link above)as a few Google search results are still being redirected to unrelated sites. Affects both Explorer and Firefox.
I have disabled CD Emulation (no results), Checked Windows Firewall is running, Ran DDS and GMER, DDS.txt below and ATTACH.txt and GMER log (ARK.txt) are attached. MiniToolBox log (Result.txt) is also attached:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Eve at 21:18:58 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1065 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\Eve\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.perthjazzsociety.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [eNMTray.exe]
mRun: [Preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\eve\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\eve\application data\dropbox\bin\Dropbox.exe
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{5D3AFE28-D0CA-4960-B1F2-1424EEEF44FB} : DhcpNameServer = 10.1.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eve\application data\mozilla\firefox\profiles\3pagtrc8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.perthjazzsociety.com
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-2 116608]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-23 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-23 22216]
S3 eRootDrv;eRootDrv;c:\windows\system32\drivers\eRootDrv.sys [2008-1-19 7168]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-12-7 32512]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-10-06 12:44:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 03:39:39 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-02 03:00:39 -------- d-----w- c:\documents and settings\eve\local settings\application data\PackageAware
2011-09-27 04:57:00 -------- d-----w- c:\program files\AVAST Software
2011-09-27 04:57:00 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-25 06:19:09 -------- dc-h--w- c:\windows\ie8
2011-09-23 06:58:11 -------- d-----w- c:\documents and settings\eve\application data\Malwarebytes
2011-09-23 06:57:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-23 06:57:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-23 06:57:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-21 09:57:19 -------- d-----w- c:\documents and settings\all users\application data\eC11011OhOhH11011
2011-09-21 07:02:01 -------- d-----w- c:\documents and settings\eve\application data\ParetoLogic
2011-09-21 07:02:00 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-09-20 04:37:59 87040 --sha-r- c:\windows\system32\msjet40U.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 21:19:59.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 PM

Posted 15 October 2011 - 06:42 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 15 October 2011 - 10:41 PM

Thanks mole,
I am watching this topic and will check it twice a day, current time here is Sunday 16 October 11:40am
I will not touch anything. Many thanks for making contact.
davcol46

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 PM

Posted 16 October 2011 - 01:58 PM

Can you run the following two rootkit scanners

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Then

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 17 October 2011 - 02:30 AM

Hi Mole,
Ran jobs as requested. Logs follow.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-17 15:10:53
-----------------------------
15:10:53.767 OS Version: Windows 5.1.2600 Service Pack 3
15:10:53.767 Number of processors: 2 586 0xF0D
15:10:53.767 ComputerName: PJS-PC UserName: Eve
15:10:55.642 Initialize success
15:11:42.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:11:42.642 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:11:42.673 Disk 0 MBR read successfully
15:11:42.673 Disk 0 MBR scan
15:11:42.673 Disk 0 unknown MBR code
15:11:42.705 Disk 0 scanning sectors +312576705
15:11:42.986 Disk 0 scanning C:\WINDOWS\system32\drivers
15:12:08.908 Service scanning
15:12:11.923 Modules scanning
15:12:39.548 Disk 0 trace - called modules:
15:12:39.580 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
15:12:39.595 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8f5ab8]
15:12:39.595 3 CLASSPNP.SYS[f76d7fd7] -> nt!IofCallDriver -> \Device\000000bd[0x8a91df18]
15:12:39.595 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a908030]
15:12:39.595 Scan finished successfully
15:13:29.470 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eve\Desktop\MBR.dat"
15:13:29.486 The log file has been saved successfully to "C:\Documents and Settings\Eve\Desktop\aswMBR.txt"

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 204):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 intelide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 cmdide.sys
0xF74D9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF7995000 dmload.sys
0xF7494000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF78A7000 UBHelper.sys
0xF7637000 VolSnap.sys
0xF78AB000 cpqarray.sys
0xF747C000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7B18000 iaStor.sys
0xF7464000 atapi.sys
0xF78AF000 aha154x.sys
0xF7717000 sparrow.sys
0xF78B3000 symc810.sys
0xF7647000 aic78xx.sys
0xF78B7000 dac960nt.sys
0xF7657000 ql10wnt.sys
0xF78BB000 amsint.sys
0xF771F000 asc.sys
0xF78BF000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78C3000 ini910u.sys
0xF7667000 ql1240.sys
0xF7677000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7997000 cd20xrnt.sys
0xF7687000 ultra.sys
0xBA747000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7697000 ql1080.sys
0xF76A7000 ql1280.sys
0xF76B7000 ql12160.sys
0xF7767000 perc2.sys
0xF7999000 perc2hib.sys
0xF776F000 hpn.sys
0xF78C7000 cbidf2k.sys
0xBA71B000 dac2w2k.sys
0xF76C7000 disk.sys
0xF76D7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA6FB000 fltmgr.sys
0xBA6E9000 sr.sys
0xBA6D2000 KSecDD.sys
0xBA645000 Ntfs.sys
0xBA618000 NDIS.sys
0xF76E7000 sisagp.sys
0xF76F7000 viaagp.sys
0xBA5FE000 Mup.sys
0xF7587000 gagp30kx.sys
0xF7577000 alim1541.sys
0xF7567000 amdagp.sys
0xF7557000 agp440.sys
0xF7547000 agpCPQ.sys
0xF7517000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA7D0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9DC0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB84C2000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB84AE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB848A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8462000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8437000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB83EB000 \SystemRoot\system32\drivers\tifm21.sys
0xB83D7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB9DBC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA7C0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79D9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7807000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF780F000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xB9DB8000 \SystemRoot\system32\DRIVERS\irenum.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA790000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8385000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79DB000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xB82B4000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7A67000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7817000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF781F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA780000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA516000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB829D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA770000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA760000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB828C000 \SystemRoot\system32\DRIVERS\psched.sys
0xB91D5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB9363000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB935B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB825C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB91C5000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79DD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB81FE000 \SystemRoot\system32\DRIVERS\update.sys
0xBA4FE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xA8925000 \SystemRoot\system32\DRIVERS\btport.sys
0xA7C41000 \SystemRoot\system32\drivers\btaudio.sys
0xA7C1D000 \SystemRoot\system32\drivers\portcls.sys
0xA8DF6000 \SystemRoot\system32\drivers\drmk.sys
0xA8DE6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8866000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x97698000 \SystemRoot\system32\drivers\RtkHDAud.sys
0x97664000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0x97572000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0x974BF000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xA891D000 \SystemRoot\System32\Drivers\Modem.SYS
0xA7DE5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA9550000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA7CFD000 \SystemRoot\System32\Drivers\Null.SYS
0xA954E000 \SystemRoot\System32\Drivers\Beep.SYS
0x974A0000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xA85CD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA85C5000 \SystemRoot\System32\drivers\vga.sys
0xA954C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA954A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA85BD000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA85B5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA7DD9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9746D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x97414000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x973EC000 \SystemRoot\system32\DRIVERS\netbt.sys
0x973C6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x973AE000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0x9738C000 \SystemRoot\System32\drivers\afd.sys
0xA87D6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9736A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xA85AD000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9733F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x972CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA806E000 \SystemRoot\System32\Drivers\Fips.SYS
0x97128000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xA805E000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xA85A5000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x97104000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB016E000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA7D7B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB0162000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA802E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAF7DC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA801E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA800E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0x9703D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAF33C000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7D43000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAEDB6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBF48D000 \SystemRoot\System32\ATMFD.DLL
0x96F96000 \SystemRoot\system32\DRIVERS\eamon.sys
0xB81DA000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xAF16E000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x96F80000 \SystemRoot\system32\DRIVERS\irda.sys
0xB7253000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB724B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAED77000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x96E95000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x96E68000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAEF47000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8672000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
0x96E2C000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
0xBA413000 \??\C:\WINDOWS\system32\drivers\int15.sys
0x96D54000 \SystemRoot\system32\DRIVERS\srv.sys
0x96E44000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x96E00000 \??\C:\WINDOWS\system32\drivers\tvicport.sys
0xF7AA3000 \??\C:\WINDOWS\system32\drivers\zntport.sys
0x9683F000 \SystemRoot\system32\drivers\wdmaud.sys
0x96B2C000 \SystemRoot\system32\drivers\sysaudio.sys
0x96500000 \SystemRoot\System32\Drivers\HTTP.sys
0x96791000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x961E0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x965E1000 \??\C:\DOCUME~1\Eve\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
524 C:\WINDOWS\system32\smss.exe
768 csrss.exe
796 C:\WINDOWS\system32\winlogon.exe
840 C:\WINDOWS\system32\services.exe
852 C:\WINDOWS\system32\lsass.exe
1024 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
1212 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1284 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1340 svchost.exe
1480 svchost.exe
1712 C:\WINDOWS\system32\spoolsv.exe
1732 C:\WINDOWS\system32\rundll32.exe
1972 svchost.exe
2004 C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
2016 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2044 svchost.exe
188 C:\WINDOWS\system32\cisvc.exe
232 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
248 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
316 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
464 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
736 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1052 C:\WINDOWS\system32\svchost.exe
1180 C:\Program Files\UltraVNC\winvnc.exe
1372 C:\WINDOWS\system32\wbem\wmiapsrv.exe
1640 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2240 alg.exe
2276 C:\WINDOWS\explorer.exe
476 wmiprvse.exe
2624 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1276 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1412 C:\WINDOWS\system32\igfxpers.exe
2644 C:\PROGRA~1\LAUNCH~1\LManager.exe
2716 C:\WINDOWS\system32\igfxsrvc.exe
2772 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
3236 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
2860 C:\Program Files\Brownie\BrStsWnd.exe
2888 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3156 C:\Documents and Settings\Eve\Application Data\Dropbox\bin\Dropbox.exe
3472 wmiprvse.exe
3704 C:\WINDOWS\system32\wbem\unsecapp.exe
3964 C:\WINDOWS\system32\igfxext.exe
968 C:\WINDOWS\system32\svchost.exe
2492 C:\WINDOWS\system32\cidaemon.exe
684 C:\WINDOWS\system32\wuauclt.exe
2992 C:\Program Files\real\realplayer\Update\realsched.exe
2788 C:\Program Files\Mozilla Firefox\firefox.exe
2384 C:\Documents and Settings\Eve\My Documents\Downloads\MBRCheck(1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`770d7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`4d613e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 PM

Posted 17 October 2011 - 05:07 PM

Please run TDSSKiller next

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 17 October 2011 - 08:59 PM

Hi Mole,
Downloaded and ran TDSSKiller ok. No malicious objects found.
Contents of report.txt follow:

09:50:27.0937 1416 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
09:50:28.0812 1416 ============================================================
09:50:28.0812 1416 Current date / time: 2011/10/18 09:50:28.0812
09:50:28.0812 1416 SystemInfo:
09:50:28.0812 1416
09:50:28.0812 1416 OS Version: 5.1.2600 ServicePack: 3.0
09:50:28.0812 1416 Product type: Workstation
09:50:28.0812 1416 ComputerName: PJS-PC
09:50:28.0812 1416 UserName: Eve
09:50:28.0812 1416 Windows directory: C:\WINDOWS
09:50:28.0812 1416 System windows directory: C:\WINDOWS
09:50:28.0812 1416 Processor architecture: Intel x86
09:50:28.0812 1416 Number of processors: 2
09:50:28.0812 1416 Page size: 0x1000
09:50:28.0812 1416 Boot type: Normal boot
09:50:28.0812 1416 ============================================================
09:50:29.0406 1416 Initialize success
09:50:46.0265 0612 ============================================================
09:50:46.0265 0612 Scan started
09:50:46.0265 0612 Mode: Manual;
09:50:46.0265 0612 ============================================================
09:50:46.0609 0612 Abiosdsk - ok
09:50:46.0656 0612 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:50:46.0703 0612 abp480n5 - ok
09:50:46.0765 0612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:50:46.0765 0612 ACPI - ok
09:50:46.0781 0612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:50:46.0828 0612 ACPIEC - ok
09:50:46.0843 0612 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:50:46.0906 0612 adpu160m - ok
09:50:46.0937 0612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:50:46.0953 0612 aec - ok
09:50:47.0000 0612 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:50:47.0046 0612 AegisP - ok
09:50:47.0093 0612 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:50:47.0093 0612 AFD - ok
09:50:47.0109 0612 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:50:47.0109 0612 agp440 - ok
09:50:47.0125 0612 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:50:47.0125 0612 agpCPQ - ok
09:50:47.0140 0612 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:50:47.0203 0612 Aha154x - ok
09:50:47.0234 0612 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:50:47.0234 0612 aic78u2 - ok
09:50:47.0250 0612 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:50:47.0250 0612 aic78xx - ok
09:50:47.0265 0612 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:50:47.0312 0612 AliIde - ok
09:50:47.0328 0612 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:50:47.0390 0612 alim1541 - ok
09:50:47.0390 0612 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:50:47.0406 0612 amdagp - ok
09:50:47.0421 0612 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:50:47.0421 0612 amsint - ok
09:50:47.0468 0612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:50:47.0468 0612 Arp1394 - ok
09:50:47.0484 0612 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:50:47.0484 0612 asc - ok
09:50:47.0500 0612 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:50:47.0515 0612 asc3350p - ok
09:50:47.0531 0612 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:50:47.0531 0612 asc3550 - ok
09:50:47.0562 0612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:50:47.0562 0612 AsyncMac - ok
09:50:47.0578 0612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:50:47.0593 0612 atapi - ok
09:50:47.0593 0612 Atdisk - ok
09:50:47.0625 0612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:50:47.0625 0612 Atmarpc - ok
09:50:47.0656 0612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:50:47.0656 0612 audstub - ok
09:50:47.0687 0612 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:50:47.0687 0612 b57w2k - ok
09:50:47.0718 0612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:50:47.0718 0612 Beep - ok
09:50:47.0781 0612 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
09:50:47.0796 0612 btaudio - ok
09:50:47.0828 0612 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
09:50:47.0921 0612 BTDriver - ok
09:50:47.0953 0612 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:50:47.0968 0612 BthEnum - ok
09:50:48.0000 0612 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:50:48.0000 0612 BthPan - ok
09:50:48.0046 0612 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
09:50:48.0046 0612 BTHPORT - ok
09:50:48.0093 0612 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:50:48.0093 0612 BTHUSB - ok
09:50:48.0171 0612 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:50:48.0171 0612 BTKRNL - ok
09:50:48.0218 0612 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:50:48.0234 0612 BTWDNDIS - ok
09:50:48.0250 0612 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:50:48.0250 0612 btwhid - ok
09:50:48.0265 0612 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
09:50:48.0265 0612 BTWUSB - ok
09:50:48.0296 0612 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:50:48.0296 0612 cbidf - ok
09:50:48.0312 0612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:50:48.0328 0612 cbidf2k - ok
09:50:48.0359 0612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:50:48.0359 0612 CCDECODE - ok
09:50:48.0375 0612 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:50:48.0375 0612 cd20xrnt - ok
09:50:48.0406 0612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:50:48.0406 0612 Cdaudio - ok
09:50:48.0421 0612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:50:48.0421 0612 Cdfs - ok
09:50:48.0437 0612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:50:48.0437 0612 Cdrom - ok
09:50:48.0453 0612 Changer - ok
09:50:48.0515 0612 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:50:48.0515 0612 CmBatt - ok
09:50:48.0531 0612 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:50:48.0531 0612 CmdIde - ok
09:50:48.0546 0612 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:50:48.0562 0612 Compbatt - ok
09:50:48.0578 0612 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:50:48.0578 0612 Cpqarray - ok
09:50:48.0609 0612 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:50:48.0656 0612 dac2w2k - ok
09:50:48.0671 0612 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:50:48.0671 0612 dac960nt - ok
09:50:48.0718 0612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:50:48.0718 0612 Disk - ok
09:50:48.0750 0612 DKbFltr (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
09:50:48.0750 0612 DKbFltr - ok
09:50:48.0828 0612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:50:48.0890 0612 dmboot - ok
09:50:48.0921 0612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:50:48.0921 0612 dmio - ok
09:50:48.0937 0612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:50:48.0937 0612 dmload - ok
09:50:48.0984 0612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:50:48.0984 0612 DMusic - ok
09:50:49.0015 0612 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:50:49.0015 0612 dpti2o - ok
09:50:49.0031 0612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:50:49.0031 0612 drmkaud - ok
09:50:49.0078 0612 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:50:49.0078 0612 eamon - ok
09:50:49.0156 0612 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
09:50:49.0156 0612 ehdrv - ok
09:50:49.0187 0612 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
09:50:49.0187 0612 epfwtdir - ok
09:50:49.0218 0612 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
09:50:49.0218 0612 EpmPsd - ok
09:50:49.0250 0612 EpmShd (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys
09:50:49.0250 0612 EpmShd - ok
09:50:49.0296 0612 eRootDrv (766c6bf944ff1aef4ada3682667d7572) C:\WINDOWS\system32\DRIVERS\eRootDrv.sys
09:50:49.0296 0612 eRootDrv - ok
09:50:49.0375 0612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:50:49.0375 0612 Fastfat - ok
09:50:49.0406 0612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:50:49.0406 0612 Fdc - ok
09:50:49.0453 0612 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
09:50:49.0453 0612 FETNDIS - ok
09:50:49.0468 0612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:50:49.0484 0612 Fips - ok
09:50:49.0515 0612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:50:49.0515 0612 Flpydisk - ok
09:50:49.0546 0612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:50:49.0546 0612 FltMgr - ok
09:50:49.0578 0612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:50:49.0578 0612 Fs_Rec - ok
09:50:49.0593 0612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:50:49.0609 0612 Ftdisk - ok
09:50:49.0625 0612 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
09:50:49.0625 0612 gagp30kx - ok
09:50:49.0656 0612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:50:49.0671 0612 Gpc - ok
09:50:49.0703 0612 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:50:49.0703 0612 HDAudBus - ok
09:50:49.0750 0612 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:50:49.0750 0612 HidUsb - ok
09:50:49.0765 0612 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:50:49.0765 0612 hpn - ok
09:50:49.0828 0612 HSFHWAZL (7d33d2b81bd8b4bc51b536b113295d51) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:50:49.0828 0612 HSFHWAZL - ok
09:50:49.0875 0612 HSF_DPV (fb6ad8a16e22c91d5978b26e0300a331) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:50:49.0890 0612 HSF_DPV - ok
09:50:49.0953 0612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:50:49.0953 0612 HTTP - ok
09:50:49.0984 0612 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:50:49.0984 0612 i2omgmt - ok
09:50:50.0000 0612 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:50:50.0015 0612 i2omp - ok
09:50:50.0031 0612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:50:50.0031 0612 i8042prt - ok
09:50:50.0328 0612 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:50:50.0406 0612 ialm - ok
09:50:50.0453 0612 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:50:50.0453 0612 iaStor - ok
09:50:50.0515 0612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:50:50.0515 0612 Imapi - ok
09:50:50.0546 0612 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:50:50.0546 0612 ini910u - ok
09:50:50.0609 0612 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys
09:50:50.0609 0612 int15 - ok
09:50:50.0687 0612 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
09:50:50.0687 0612 int15.sys - ok
09:50:50.0906 0612 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:50:50.0968 0612 IntcAzAudAddService - ok
09:50:50.0984 0612 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:50:50.0984 0612 IntelIde - ok
09:50:51.0031 0612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:50:51.0031 0612 intelppm - ok
09:50:51.0078 0612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:50:51.0078 0612 Ip6Fw - ok
09:50:51.0125 0612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:50:51.0125 0612 IpFilterDriver - ok
09:50:51.0187 0612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:50:51.0187 0612 IpInIp - ok
09:50:51.0234 0612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:50:51.0281 0612 IpNat - ok
09:50:51.0328 0612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:50:51.0328 0612 IPSec - ok
09:50:51.0375 0612 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
09:50:51.0375 0612 irda - ok
09:50:51.0390 0612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:50:51.0390 0612 IRENUM - ok
09:50:51.0453 0612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:50:51.0453 0612 isapnp - ok
09:50:51.0500 0612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:50:51.0546 0612 Kbdclass - ok
09:50:51.0593 0612 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:50:51.0593 0612 kbdhid - ok
09:50:51.0640 0612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:50:51.0640 0612 kmixer - ok
09:50:51.0671 0612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:50:51.0671 0612 KSecDD - ok
09:50:51.0687 0612 lbrtfdc - ok
09:50:51.0750 0612 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
09:50:51.0750 0612 MBAMProtector - ok
09:50:51.0796 0612 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:50:51.0812 0612 mdmxsdk - ok
09:50:51.0859 0612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:50:51.0859 0612 mnmdd - ok
09:50:51.0906 0612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:50:51.0906 0612 Modem - ok
09:50:51.0937 0612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:50:51.0937 0612 Mouclass - ok
09:50:51.0984 0612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:50:51.0984 0612 mouhid - ok
09:50:52.0015 0612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:50:52.0015 0612 MountMgr - ok
09:50:52.0031 0612 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:50:52.0031 0612 mraid35x - ok
09:50:52.0046 0612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:50:52.0046 0612 MRxDAV - ok
09:50:52.0125 0612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:50:52.0125 0612 MRxSmb - ok
09:50:52.0203 0612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:50:52.0203 0612 Msfs - ok
09:50:52.0234 0612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:50:52.0234 0612 MSKSSRV - ok
09:50:52.0265 0612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:50:52.0265 0612 MSPCLOCK - ok
09:50:52.0312 0612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:50:52.0312 0612 MSPQM - ok
09:50:52.0359 0612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:50:52.0406 0612 mssmbios - ok
09:50:52.0437 0612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:50:52.0437 0612 MSTEE - ok
09:50:52.0468 0612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:50:52.0468 0612 Mup - ok
09:50:52.0515 0612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:50:52.0515 0612 NABTSFEC - ok
09:50:52.0578 0612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:50:52.0578 0612 NDIS - ok
09:50:52.0609 0612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:50:52.0609 0612 NdisIP - ok
09:50:52.0656 0612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:50:52.0656 0612 NdisTapi - ok
09:50:52.0687 0612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:50:52.0687 0612 Ndisuio - ok
09:50:52.0718 0612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:50:52.0718 0612 NdisWan - ok
09:50:52.0765 0612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:50:52.0765 0612 NDProxy - ok
09:50:52.0781 0612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:50:52.0781 0612 NetBIOS - ok
09:50:52.0812 0612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:50:52.0828 0612 NetBT - ok
09:50:52.0984 0612 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:50:53.0015 0612 NETw4x32 - ok
09:50:53.0062 0612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:50:53.0062 0612 NIC1394 - ok
09:50:53.0125 0612 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
09:50:53.0171 0612 NPF - ok
09:50:53.0187 0612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:50:53.0187 0612 Npfs - ok
09:50:53.0218 0612 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:50:53.0234 0612 NSCIRDA - ok
09:50:53.0296 0612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:50:53.0296 0612 Ntfs - ok
09:50:53.0359 0612 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
09:50:53.0359 0612 NTIDrvr - ok
09:50:53.0390 0612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:50:53.0390 0612 Null - ok
09:50:53.0421 0612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:50:53.0421 0612 NwlnkFlt - ok
09:50:53.0453 0612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:50:53.0453 0612 NwlnkFwd - ok
09:50:53.0484 0612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:50:53.0484 0612 ohci1394 - ok
09:50:53.0531 0612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:50:53.0546 0612 Parport - ok
09:50:53.0562 0612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:50:53.0562 0612 PartMgr - ok
09:50:53.0593 0612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:50:53.0640 0612 ParVdm - ok
09:50:53.0656 0612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:50:53.0671 0612 PCI - ok
09:50:53.0687 0612 PCIDump - ok
09:50:53.0703 0612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:50:53.0703 0612 PCIIde - ok
09:50:53.0718 0612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:50:53.0812 0612 Pcmcia - ok
09:50:53.0828 0612 PDCOMP - ok
09:50:53.0859 0612 PDFRAME - ok
09:50:53.0875 0612 PDRELI - ok
09:50:53.0890 0612 PDRFRAME - ok
09:50:53.0906 0612 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:50:53.0906 0612 perc2 - ok
09:50:53.0921 0612 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:50:53.0937 0612 perc2hib - ok
09:50:53.0968 0612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:50:53.0968 0612 PptpMiniport - ok
09:50:54.0000 0612 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:50:54.0046 0612 Processor - ok
09:50:54.0078 0612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:50:54.0078 0612 PSched - ok
09:50:54.0140 0612 psdfilter (32338659e9da79055406f2157cd0e1df) C:\WINDOWS\system32\Drivers\psdfilter.sys
09:50:54.0140 0612 psdfilter - ok
09:50:54.0156 0612 psdvdisk (4c7947014674df40b7af52342a9157d0) C:\WINDOWS\system32\Drivers\psdvdisk.sys
09:50:54.0203 0612 psdvdisk - ok
09:50:54.0218 0612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:50:54.0218 0612 Ptilink - ok
09:50:54.0250 0612 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:50:54.0250 0612 ql1080 - ok
09:50:54.0265 0612 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:50:54.0265 0612 Ql10wnt - ok
09:50:54.0281 0612 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:50:54.0281 0612 ql12160 - ok
09:50:54.0296 0612 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:50:54.0312 0612 ql1240 - ok
09:50:54.0328 0612 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:50:54.0328 0612 ql1280 - ok
09:50:54.0359 0612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:50:54.0359 0612 RasAcd - ok
09:50:54.0375 0612 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:50:54.0375 0612 Rasirda - ok
09:50:54.0390 0612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:50:54.0390 0612 Rasl2tp - ok
09:50:54.0421 0612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:50:54.0421 0612 RasPppoe - ok
09:50:54.0437 0612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:50:54.0437 0612 Raspti - ok
09:50:54.0468 0612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:50:54.0468 0612 Rdbss - ok
09:50:54.0500 0612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:50:54.0500 0612 RDPCDD - ok
09:50:54.0531 0612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:50:54.0531 0612 rdpdr - ok
09:50:54.0593 0612 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:50:54.0593 0612 RDPWD - ok
09:50:54.0625 0612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:50:54.0625 0612 redbook - ok
09:50:54.0687 0612 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:50:54.0687 0612 RFCOMM - ok
09:50:54.0765 0612 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:50:54.0765 0612 s24trans - ok
09:50:54.0890 0612 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:50:54.0890 0612 SASDIFSV - ok
09:50:54.0937 0612 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
09:50:54.0937 0612 SASENUM - ok
09:50:54.0953 0612 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
09:50:54.0953 0612 SASKUTIL - ok
09:50:55.0015 0612 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:50:55.0156 0612 sdbus - ok
09:50:55.0203 0612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:50:55.0218 0612 Secdrv - ok
09:50:55.0250 0612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:50:55.0250 0612 Serial - ok
09:50:55.0296 0612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:50:55.0296 0612 Sfloppy - ok
09:50:55.0312 0612 Simbad - ok
09:50:55.0359 0612 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:50:55.0359 0612 sisagp - ok
09:50:55.0390 0612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:50:55.0390 0612 SLIP - ok
09:50:55.0515 0612 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
09:50:55.0546 0612 SNP2UVC - ok
09:50:55.0593 0612 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:50:55.0593 0612 SONYPVU1 - ok
09:50:55.0625 0612 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:50:55.0671 0612 Sparrow - ok
09:50:55.0703 0612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:50:55.0703 0612 splitter - ok
09:50:55.0734 0612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:50:55.0734 0612 sr - ok
09:50:55.0765 0612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:50:55.0781 0612 Srv - ok
09:50:55.0828 0612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:50:55.0828 0612 streamip - ok
09:50:55.0843 0612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:50:55.0843 0612 swenum - ok
09:50:55.0875 0612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:50:55.0875 0612 swmidi - ok
09:50:55.0906 0612 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:50:55.0906 0612 symc810 - ok
09:50:55.0921 0612 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:50:55.0921 0612 symc8xx - ok
09:50:55.0953 0612 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:50:55.0953 0612 sym_hi - ok
09:50:55.0968 0612 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:50:55.0984 0612 sym_u3 - ok
09:50:56.0015 0612 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:50:56.0015 0612 SynTP - ok
09:50:56.0046 0612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:50:56.0062 0612 sysaudio - ok
09:50:56.0140 0612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:50:56.0140 0612 Tcpip - ok
09:50:56.0171 0612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:50:56.0171 0612 TDPIPE - ok
09:50:56.0203 0612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:50:56.0203 0612 TDTCP - ok
09:50:56.0234 0612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:50:56.0234 0612 TermDD - ok
09:50:56.0281 0612 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
09:50:56.0296 0612 tifm21 - ok
09:50:56.0312 0612 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:50:56.0312 0612 TosIde - ok
09:50:56.0375 0612 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
09:50:56.0375 0612 tvicport - ok
09:50:56.0390 0612 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
09:50:56.0390 0612 UBHelper - ok
09:50:56.0421 0612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:50:56.0437 0612 Udfs - ok
09:50:56.0453 0612 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:50:56.0453 0612 ultra - ok
09:50:56.0484 0612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:50:56.0500 0612 Update - ok
09:50:56.0546 0612 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:50:56.0546 0612 USBAAPL - ok
09:50:56.0609 0612 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
09:50:56.0609 0612 usbbus - ok
09:50:56.0640 0612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:50:56.0640 0612 usbccgp - ok
09:50:56.0687 0612 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
09:50:56.0687 0612 UsbDiag - ok
09:50:56.0718 0612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:50:56.0718 0612 usbehci - ok
09:50:56.0750 0612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:50:56.0750 0612 usbhub - ok
09:50:56.0796 0612 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
09:50:56.0796 0612 USBModem - ok
09:50:56.0828 0612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:50:56.0843 0612 usbprint - ok
09:50:56.0859 0612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:50:56.0921 0612 usbscan - ok
09:50:56.0937 0612 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:50:56.0937 0612 usbstor - ok
09:50:56.0968 0612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:50:57.0015 0612 usbuhci - ok
09:50:57.0046 0612 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:50:57.0046 0612 usbvideo - ok
09:50:57.0078 0612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:50:57.0125 0612 VgaSave - ok
09:50:57.0171 0612 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:50:57.0171 0612 viaagp - ok
09:50:57.0187 0612 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:50:57.0187 0612 ViaIde - ok
09:50:57.0203 0612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:50:57.0218 0612 VolSnap - ok
09:50:57.0250 0612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:50:57.0296 0612 Wanarp - ok
09:50:57.0343 0612 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
09:50:57.0343 0612 WDC_SAM - ok
09:50:57.0359 0612 WDICA - ok
09:50:57.0390 0612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:50:57.0406 0612 wdmaud - ok
09:50:57.0468 0612 winachsf (9692ab8ba2dcd649a86b1b9b81154278) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:50:57.0484 0612 winachsf - ok
09:50:57.0531 0612 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:50:57.0531 0612 WmiAcpi - ok
09:50:57.0609 0612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:50:57.0609 0612 WS2IFSL - ok
09:50:57.0640 0612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:50:57.0640 0612 WSTCODEC - ok
09:50:57.0687 0612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:50:57.0687 0612 WudfPf - ok
09:50:57.0718 0612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:50:57.0718 0612 WudfRd - ok
09:50:57.0765 0612 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
09:50:57.0765 0612 zntport - ok
09:50:57.0828 0612 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
09:50:59.0562 0612 \Device\Harddisk0\DR0 - ok
09:50:59.0625 0612 Boot (0x1200) (249260b88fd521f80340c812e7199e67) \Device\Harddisk0\DR0\Partition0
09:50:59.0625 0612 \Device\Harddisk0\DR0\Partition0 - ok
09:50:59.0640 0612 Boot (0x1200) (eefe09835744b5d94e783795275df061) \Device\Harddisk0\DR0\Partition1
09:50:59.0640 0612 \Device\Harddisk0\DR0\Partition1 - ok
09:50:59.0640 0612 ============================================================
09:50:59.0640 0612 Scan finished
09:50:59.0640 0612 ============================================================
09:50:59.0656 2320 Detected object count: 0
09:50:59.0656 2320 Actual detected object count: 0

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 PM

Posted 18 October 2011 - 04:29 PM

Okay, let's see what we've got then

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 19 October 2011 - 09:34 AM

Hi Mole,
All worked as described. ComoboFix.txt log file follows:

ComboFix 11-10-19.03 - Eve 19/10/2011 22:06:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1136 [GMT 8:00]
Running from: c:\documents and settings\Eve\Desktop\ComFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Eve\Application Data\PriceGong
c:\documents and settings\Eve\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Eve\Application Data\PriceGong\Data\z.xml
c:\windows\BACKUP.17597621.killproc.exe
c:\windows\regedit.com
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\install.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-09 06:52 . 2011-10-09 06:52 -------- d-----w- c:\documents and settings\Eve\Local Settings\Application Data\Mozilla
2011-10-06 12:44 . 2011-10-11 02:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 09:09 . 2011-10-02 09:10 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-02 03:39 . 2011-10-02 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-02 03:00 . 2011-10-02 03:00 -------- d-----w- c:\documents and settings\Eve\Local Settings\Application Data\PackageAware
2011-09-27 04:57 . 2011-09-27 04:57 -------- d-----w- c:\program files\AVAST Software
2011-09-27 04:57 . 2011-09-27 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-25 06:19 . 2011-09-25 06:19 -------- dc-h--w- c:\windows\ie8
2011-09-23 06:58 . 2011-09-23 06:58 -------- d-----w- c:\documents and settings\Eve\Application Data\Malwarebytes
2011-09-23 06:57 . 2011-09-23 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-23 06:57 . 2011-09-23 06:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 06:57 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-21 09:57 . 2011-09-21 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\eC11011OhOhH11011
2011-09-21 07:02 . 2011-09-21 07:02 -------- d-----w- c:\documents and settings\Eve\Application Data\ParetoLogic
2011-09-21 07:02 . 2011-09-21 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-09-20 04:37 . 2011-09-20 04:37 87040 --sha-r- c:\windows\system32\msjet40U.dll
2011-09-20 04:37 . 2011-09-20 04:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 03:41 . 2007-10-09 04:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 03:41 . 2004-08-05 03:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 03:41 . 2004-08-05 03:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-05 03:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-22 23:48 . 2007-04-18 12:31 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-05 03:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-05 03:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-05 03:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-12-01 23:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-29 06:53 . 2011-10-09 06:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Eve\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Eve\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Eve\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Eve\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2004-02-15 622661]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-24 274608]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-05-19 3618104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\Eve\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Eve\Application Data\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-27 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 06:23 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2007-03-02 03:25 208896 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 04:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-12 02:51 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 14:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-05-28 07:56 342528 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 03:44 475136 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2007-07-11 06:07 421888 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 15:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 14:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-05 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 02:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-05 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-05 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 10:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 14:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-28 23:32 16132608 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 03:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-24 03:04 274608 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"MWAgent"=2 (0x2)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"EPSONStatusAgent2"=2 (0x2)
"EpsonBidirectionalService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Documents and Settings\\Eve\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21/12/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21/12/2010 1:47 PM 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 11:39 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2/07/2010 11:29 AM 116608]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/01/2011 4:41 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23/09/2011 2:57 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/09/2011 2:57 PM 22216]
S3 eRootDrv;eRootDrv;c:\windows\system32\drivers\eRootDrv.sys [19/01/2008 8:13 PM 7168]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 4:51 PM 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2011-10-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2459829863-2733905395-1113437818-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]
.
2011-10-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2459829863-2733905395-1113437818-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 03:33]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.perthjazzsociety.com/
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\Eve\Application Data\Mozilla\Firefox\Profiles\3pagtrc8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.perthjazzsociety.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-eNMTray.exe - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
eNMTray.exe = ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3988)
c:\windows\system32\WININET.dll
c:\documents and settings\Eve\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-10-19 22:23:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 14:23
.
Pre-Run: 45,602,316,288 bytes free
Post-Run: 45,591,457,792 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /Execute /fastdetect
.
- - End Of File - - 2D9FE8DE533061B80742D6569E1318D5

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 PM

Posted 19 October 2011 - 05:02 PM

A couple of things to remove

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\windows\system32\msjet40U.dll
Folder::
c:\documents and settings\All Users\Application Data\eC11011OhOhH11011


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 19 October 2011 - 11:21 PM

Mole,
I have problems getting this done, even though I disabled the real-time protection in both Malwarebytes and ESET NOD32, ESET did a Start-up Scan as I was preparing to run ComFix and I couldn't kill either your job or the scan, so the ComboFix scan ran anyway. On reboot ESET auto started again and again I couldn't kill it.
Also, on reboot Malwarebytes started and downloaded an update. Should I uninstall ESET and Malwarebytes and run the ComFix again?
davcol46

#12 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 20 October 2011 - 03:35 AM

Mole,
Forgot to add the log to my last reply.
comboFix.txt log is attached.
davcol46

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 PM

Posted 20 October 2011 - 01:51 PM

No need to run Combofix again. It removed the rootkit that had infected a system file just fine.

Can you visit ESET and use the online scanner - this is different to Nod32 which targets viruses, this targets other areas.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#14 davcol46

davcol46
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 21 October 2011 - 04:01 AM

Hi mole,
Looking good now. I ran ESET Online as per your instructions, log is:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=e27ca8eb9c35b143a54ee26d20b76bb6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-21 07:20:41
# local_time=2011-10-21 03:20:41 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8199 39157077 100 100 20998 25424858 0 0
# scanned=82217
# found=1
# cleaned=1
# scan_time=6538
# nod_component=V3 Build:0x30000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\msjet40U.dll.vir a variant of Win32/Kryptik.TMS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

many thanks for your help. I appreciated your very prompt and fully detailed replies.
No misdirections on either Explorer or Firefox now.
kind regards,
davcol46

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:26 PM

Posted 21 October 2011 - 04:10 PM

We are there! Please follow the final instructions to clear up our mess

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it davcol46, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users