Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs and TDSSKiller not starting


  • This topic is locked This topic is locked
18 replies to this topic

#1 Ciarusus

Ciarusus

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 14 October 2011 - 12:32 AM

I've recently just got rid of some malware that resurfaced from years ago. Things like google redirect bug and also services such as my audio shutting down. This was a problem I also reported here at the time, in which you guys helped me remove of and I was very grateful. Following the same advice I got rid of it using TDSSKiller and also did a scan on malwarebytes.

However I then started noticing suspicious activity going on my computer. Google redirect did not go away, and soon pop-ups would start appearing asking me to confirm the download of files including random quicktime movies. Well my suspicions were confirmed when I left my laptop to go out and came back a few hours later to find my desktop gone and "system recovery" installed on my computer. I did a malware bytes scan to remove it, but found I still could not open TDSSKiller, along with skype, and the majority of my work programs. My start menu also has half of it missing, I can only browse through my programs. Every time I restart Firefox asks me to set it as the default browser when I already have it set. Also iexplore.exe runs in the background taking up to 100k resources if left alone.

I have tried to scan with GMER however I got an error message about "temp/kgayifod.sys." "Cannot create a stable subkey under a volatile parent key." I took what it did scan and will post it here, along with an mbam log which I can post if requested. Thank you for your time.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Blank at 22:48:46 on 2011-10-13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.83 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [D3DOverrider] "c:\program files\rivatuner v2.24 msi master overclocking arena 2009 edition\tools\d3doverrider\D3DOverrider.exe" /s
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\blank\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Download with PodWorks Platinum - c:\program files\imtoo\podworks platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3BBF370B-4EA2-48BA-BF11-38610FF7BA34} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Trend Micro Anti-Spyware Shell Extension: {03a80b1d-5c6a-42c2-9dfb-81b6005d8023} - c:\program files\trend micro\tmas\sshook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\blank\application data\mozilla\firefox\profiles\4j1j61n5.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\blank\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {a2cb6f9c-80e2-413e-a900-d7c8b7f52f1b} - %profile%\extensions\{a2cb6f9c-80e2-413e-a900-d7c8b7f52f1b}
FF - Ext: XUL Cache: {64f66bf2-cdc5-4b4c-ac19-62224a41d351} - %profile%\extensions\{64f66bf2-cdc5-4b4c-ac19-62224a41d351}
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-2-13 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-9-5 4807536]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-7-30 33792]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-9-1 226304]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-6-29 1120960]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-9-5 10752]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2010-7-31 50048]
.
=============== Created Last 30 ================
.
2011-10-14 04:26:04 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-14 02:36:43 -------- d-----w- c:\program files\ESET
2011-10-11 08:52:21 -------- d-----w- c:\documents and settings\blank\application data\redsn0w
2011-10-07 07:34:16 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-07 00:03:37 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-10-07 00:03:37 57856 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-06 19:10:06 -------- d-----w- c:\documents and settings\blank\local settings\application data\Unity
2011-10-06 19:02:24 -------- d-----w- c:\program files\Unity
2011-10-04 10:00:54 -------- d-----w- c:\documents and settings\blank\.shsh
2011-10-04 09:30:44 -------- d-----w- c:\documents and settings\blank\application data\WindSolutions
2011-10-04 09:30:43 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions
2011-10-04 09:26:45 -------- d-----w- c:\documents and settings\blank\local settings\application data\Macroplant
2011-10-04 09:18:41 -------- d-----w- c:\documents and settings\blank\application data\ImTOO
2011-10-04 03:02:51 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-04 03:02:51 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-04 03:01:42 -------- d-----w- c:\program files\iPod
2011-10-04 03:01:29 -------- d-----w- c:\program files\iTunes
2011-10-04 03:01:29 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-04 02:59:48 -------- d-----w- c:\documents and settings\blank\local settings\application data\Apple
2011-10-04 02:58:56 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-10-04 02:58:56 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-10-04 02:54:08 -------- d-----w- c:\documents and settings\blank\local settings\application data\Apple Computer
2011-10-04 02:43:08 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-10-04 02:43:07 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-10-04 02:43:07 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-10-04 02:43:06 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-09-23 08:14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-10-10 22:44:43 2828 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-09-12 19:01:03 0 ---ha-w- c:\documents and settings\blank\vwqwhlcpam.tmp
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 22:56:35.70 ===============

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-13 23:30:44
Windows 5.1.2600 Service Pack 2
Running: 6lt9hcr4.exe; Driver: C:\DOCUME~1\Blank\LOCALS~1\Temp\kgayifod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x12 0x27 0xFB 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x69 0x61 0x9B 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0xCD 0xC0 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x12 0x27 0xFB 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x69 0x61 0x9B 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0xCD 0xC0 0x00 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Blank\Cookies\blank@www.mevio[2].txt 269 bytes
File C:\Documents and Settings\Blank\Cookies\blank@rfihub[2].txt 6880 bytes
File C:\Documents and Settings\Blank\Cookies\blank@tap2-cdn.rubiconproject[1].txt 514 bytes
File C:\Documents and Settings\Blank\Cookies\blank@meebo[3].txt 396 bytes
File C:\Documents and Settings\Blank\Cookies\blank@mevio[2].txt 0 bytes
File C:\Documents and Settings\Blank\Cookies\blank@mmismm[2].txt 92 bytes
File C:\Documents and Settings\Blank\Local Settings\Temporary Internet Files\Content.IE5\3IGQJ9Y5\xd_receiver[1].htm 591 bytes
File C:\Documents and Settings\Blank\Local Settings\Temporary Internet Files\Content.IE5\6F31DG7H\crossdomain[9].xml 204 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:14 PM

Posted 16 October 2011 - 02:23 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ciarusus

Ciarusus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 16 October 2011 - 08:46 PM

Thanks for the reply.

I ran combofix, it asked me to install the recovery console which I did. After all the stages were done it restarted my computer and produced a log. I still can not open the programs that weren't working before (Skype, TDSSKiller, Corel Painter). iexplore also still runs in the background, up to 300k resources if I leave it alone. I also still have the google redirect bug. Here is the log:

ComboFix 11-10-16.02 - Blank 10/16/2011 18:20:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.470 [GMT -6:00]
Running from: c:\documents and settings\Blank\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{64f66bf2-cdc5-4b4c-ac19-62224a41d351}
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{64f66bf2-cdc5-4b4c-ac19-62224a41d351}\chrome\xulcache.jar
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{64f66bf2-cdc5-4b4c-ac19-62224a41d351}\defaults\preferences\xulcache.js
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{64f66bf2-cdc5-4b4c-ac19-62224a41d351}\install.rdf
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{a2cb6f9c-80e2-413e-a900-d7c8b7f52f1b}
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{a2cb6f9c-80e2-413e-a900-d7c8b7f52f1b}\chrome\xulcache.jar
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{a2cb6f9c-80e2-413e-a900-d7c8b7f52f1b}\defaults\preferences\xulcache.js
c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\extensions\{a2cb6f9c-80e2-413e-a900-d7c8b7f52f1b}\install.rdf
c:\documents and settings\Blank\Start Menu\Programs\System Restore
c:\documents and settings\Blank\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\Blank\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\documents and settings\Blank\vwqwhlcpam.tmp
c:\program files\Drop Down Deals
c:\windows\kb835221.exe
c:\windows\kb913800.exe
c:\windows\setup.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\Thumbs.db
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsmedia10-kb917734-x86-enu.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb888321-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\windowsxp-kb892130-enu-x86.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893357-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896428-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900466-x86-enu.exe
c:\windows\windowsxp-kb900485-v2-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb904706-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb908531-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910437-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb911280-x86-enu.exe
c:\windows\windowsxp-kb911562-x86-enu.exe
c:\windows\windowsxp-kb911567-x86-enu.exe
c:\windows\windowsxp-kb911927-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\windowsxp-kb912945-x86-enu.exe
c:\windows\windowsxp-kb914388-x86-enu.exe
c:\windows\windowsxp-kb914389-x86-enu.exe
c:\windows\windowsxp-kb916281-x86-enu.exe
c:\windows\windowsxp-kb917159-x86-enu.exe
c:\windows\windowsxp-kb917344-x86-enu.exe
c:\windows\windowsxp-kb917953-x86-enu.exe
c:\windows\windowsxp-kb918439-x86-enu.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-16 05:52 . 2011-10-16 05:52 -------- d-----w- c:\program files\WinSCP
2011-10-16 05:27 . 2011-10-16 05:39 -------- d-----w- c:\documents and settings\Blank\Application Data\CoreFTP
2011-10-16 05:27 . 2011-10-16 05:40 -------- d-----w- c:\program files\CoreFTP
2011-10-14 05:41 . 2011-10-14 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2011-10-14 02:36 . 2011-10-14 02:36 -------- d-----w- c:\program files\ESET
2011-10-11 08:52 . 2011-10-11 08:55 -------- d-----w- c:\documents and settings\Blank\Application Data\redsn0w
2011-10-07 07:34 . 2011-10-07 07:34 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-07 00:03 . 2006-03-15 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-10-07 00:03 . 2006-03-15 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-06 19:10 . 2011-10-06 19:10 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Unity
2011-10-06 19:02 . 2011-10-06 19:10 -------- d-----w- c:\program files\Unity
2011-10-04 10:00 . 2011-10-04 10:01 -------- d-----w- c:\documents and settings\Blank\.shsh
2011-10-04 09:30 . 2011-10-04 09:47 -------- d-----w- c:\documents and settings\Blank\Application Data\WindSolutions
2011-10-04 09:30 . 2011-10-04 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2011-10-04 09:26 . 2011-10-04 09:26 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Macroplant
2011-10-04 09:18 . 2011-10-04 09:18 -------- d-----w- c:\documents and settings\Blank\Application Data\ImTOO
2011-10-04 03:03 . 2011-10-04 08:27 -------- d-----w- c:\documents and settings\Blank\Application Data\Apple Computer
2011-10-04 03:02 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-04 03:02 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-04 03:01 . 2011-10-04 03:01 -------- d-----w- c:\program files\iPod
2011-10-04 03:01 . 2011-10-04 03:02 -------- d-----w- c:\program files\iTunes
2011-10-04 03:01 . 2011-10-04 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-04 02:59 . 2011-10-04 02:59 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Apple
2011-10-04 02:59 . 2011-10-04 02:59 -------- d-----w- c:\program files\Apple Software Update
2011-10-04 02:59 . 2011-10-04 02:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-04 02:58 . 2011-05-10 14:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-10-04 02:58 . 2011-05-10 14:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-10-04 02:57 . 2011-10-11 08:45 -------- d-----w- c:\program files\Common Files\Apple
2011-10-04 02:57 . 2011-10-04 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-10-04 02:54 . 2011-10-04 03:03 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Apple Computer
2011-10-04 02:43 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-10-04 02:43 . 2004-08-04 04:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-10-04 02:43 . 2004-08-04 04:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-10-04 02:43 . 2004-08-04 06:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-09-23 08:14 . 2011-09-23 08:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 22:44 . 2010-07-11 03:49 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-08-31 23:00 . 2011-02-13 22:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-29 322352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"D3DOverrider"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe" [2009-08-22 102400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Blank\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-6-28 2278240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2010-06-29 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-06-08 12:52 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2008-02-15 18:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2008-02-15 18:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2008-02-15 18:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 21:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-08-10 22:17 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-05-03 09:56 36975 ----a-w- c:\program files\Java\jre1.5.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2006-02-14 19:11 176128 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-06-29 08:20 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 04:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2005-06-13 22:42 258048 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 00:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Immaterial And Missing Power\\RollCaster.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Eternal Fighter Zero Memorial 4.02\\EFZdotNET_EX-5.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57292:TCP"= 57292:TCP:Pando Media Booster
"57292:UDP"= 57292:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"6889:TCP"= 6889:TCP:League of Legends Launcher
"6889:UDP"= 6889:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"59039:TCP"= 59039:TCP:Pando Media Booster
"59039:UDP"= 59039:UDP:Pando Media Booster
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/13/2011 5:03 AM 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/29/2010 11:22 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [9/5/2011 5:02 PM 4807536]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [7/30/2010 9:24 AM 33792]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/1/2006 3:56 PM 226304]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/5/2011 4:36 PM 10752]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [7/31/2010 2:56 AM 50048]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-02-04 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: Download with PodWorks Platinum - c:\program files\ImTOO\PodWorks Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 8.8.8.8
FF - ProfilePath - c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys
AddRemove-Hisoutensoku English - c:\th123\uninstall_th123e.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 19:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderHooks.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
.
**************************************************************************
.
Completion time: 2011-10-16 19:40:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-17 01:39
.
Pre-Run: 19,973,210,112 bytes free
Post-Run: 20,447,420,416 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CBDDB977B832F55211173E82C5A50EAB

Edited by Ciarusus, 16 October 2011 - 08:50 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:14 PM

Posted 16 October 2011 - 09:21 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ciarusus

Ciarusus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 16 October 2011 - 11:41 PM

Sorry if there's some misunderstanding here, but as I said I still can't run TDSSKiller.

When I click it, my cursor might change for a little bit, and then nothing happens.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:14 PM

Posted 16 October 2011 - 11:56 PM

Hello

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ciarusus

Ciarusus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 October 2011 - 12:32 AM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


...

...

...

...

...

...

...

...

...

...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e



...

...

...

...

...

...

...

...

...

...

...

...

..

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:14 PM

Posted 17 October 2011 - 12:47 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ciarusus

Ciarusus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 October 2011 - 01:02 AM

FixTDSS says that an infected MBR was detected. I repaired and restarted. TDSS Killer along with all my other programs are now working! Google redirect and iexplore also appears to be gone. This was a major help to me, thank you. :thumbsup:

Here is my TDSSKiller log:

23:57:41.0984 3732 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
23:57:42.0796 3732 ============================================================
23:57:42.0796 3732 Current date / time: 2011/10/16 23:57:42.0796
23:57:42.0796 3732 SystemInfo:
23:57:42.0796 3732
23:57:42.0796 3732 OS Version: 5.1.2600 ServicePack: 2.0
23:57:42.0796 3732 Product type: Workstation
23:57:42.0796 3732 ComputerName: VALUED-11599CE5
23:57:42.0796 3732 UserName: Blank
23:57:42.0796 3732 Windows directory: C:\WINDOWS
23:57:42.0796 3732 System windows directory: C:\WINDOWS
23:57:42.0796 3732 Processor architecture: Intel x86
23:57:42.0796 3732 Number of processors: 2
23:57:42.0796 3732 Page size: 0x1000
23:57:42.0796 3732 Boot type: Normal boot
23:57:42.0796 3732 ============================================================
23:57:45.0515 3732 Initialize success
23:57:59.0343 1656 ============================================================
23:57:59.0343 1656 Scan started
23:57:59.0343 1656 Mode: Manual;
23:57:59.0343 1656 ============================================================
23:58:00.0203 1656 Abiosdsk - ok
23:58:00.0218 1656 abp480n5 - ok
23:58:00.0281 1656 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:58:00.0281 1656 ACPI - ok
23:58:00.0296 1656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:58:00.0296 1656 ACPIEC - ok
23:58:00.0343 1656 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
23:58:00.0343 1656 adfs - ok
23:58:00.0359 1656 adpu160m - ok
23:58:00.0421 1656 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:58:00.0421 1656 aec - ok
23:58:00.0484 1656 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:58:00.0484 1656 AegisP - ok
23:58:00.0546 1656 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:58:00.0562 1656 AFD - ok
23:58:00.0562 1656 Aha154x - ok
23:58:00.0578 1656 aic78u2 - ok
23:58:00.0593 1656 aic78xx - ok
23:58:00.0609 1656 AliIde - ok
23:58:00.0625 1656 amsint - ok
23:58:00.0656 1656 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
23:58:00.0671 1656 ApfiltrService - ok
23:58:00.0703 1656 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:58:00.0703 1656 Arp1394 - ok
23:58:00.0718 1656 asc - ok
23:58:00.0718 1656 asc3350p - ok
23:58:00.0734 1656 asc3550 - ok
23:58:00.0796 1656 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:58:00.0796 1656 AsyncMac - ok
23:58:00.0812 1656 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:58:00.0812 1656 atapi - ok
23:58:00.0890 1656 Atdisk - ok
23:58:00.0921 1656 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:58:00.0921 1656 Atmarpc - ok
23:58:00.0968 1656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:58:00.0968 1656 audstub - ok
23:58:01.0015 1656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:58:01.0015 1656 Beep - ok
23:58:01.0062 1656 catchme - ok
23:58:01.0109 1656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:58:01.0109 1656 cbidf2k - ok
23:58:01.0125 1656 cd20xrnt - ok
23:58:01.0140 1656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:58:01.0156 1656 Cdaudio - ok
23:58:01.0187 1656 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:58:01.0187 1656 Cdfs - ok
23:58:01.0218 1656 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:58:01.0218 1656 Cdrom - ok
23:58:01.0234 1656 Changer - ok
23:58:01.0265 1656 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:58:01.0265 1656 CmBatt - ok
23:58:01.0281 1656 CmdIde - ok
23:58:01.0296 1656 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:58:01.0296 1656 Compbatt - ok
23:58:01.0312 1656 Cpqarray - ok
23:58:01.0328 1656 dac2w2k - ok
23:58:01.0343 1656 dac960nt - ok
23:58:01.0359 1656 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:58:01.0359 1656 Disk - ok
23:58:01.0453 1656 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:58:01.0484 1656 dmboot - ok
23:58:01.0609 1656 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
23:58:01.0609 1656 DMICall - ok
23:58:01.0671 1656 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:58:01.0687 1656 dmio - ok
23:58:01.0718 1656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:58:01.0718 1656 dmload - ok
23:58:01.0750 1656 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:58:01.0765 1656 DMusic - ok
23:58:01.0765 1656 dpti2o - ok
23:58:01.0781 1656 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:58:01.0781 1656 drmkaud - ok
23:58:01.0859 1656 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:58:01.0859 1656 Fastfat - ok
23:58:01.0890 1656 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
23:58:01.0890 1656 Fdc - ok
23:58:01.0921 1656 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:58:01.0921 1656 Fips - ok
23:58:01.0953 1656 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:58:01.0953 1656 Flpydisk - ok
23:58:01.0968 1656 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:58:01.0968 1656 FltMgr - ok
23:58:01.0984 1656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:58:01.0984 1656 Fs_Rec - ok
23:58:02.0031 1656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:58:02.0031 1656 Ftdisk - ok
23:58:02.0078 1656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:58:02.0078 1656 GEARAspiWDM - ok
23:58:02.0109 1656 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:58:02.0109 1656 Gpc - ok
23:58:02.0171 1656 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:58:02.0171 1656 HDAudBus - ok
23:58:02.0250 1656 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:58:02.0250 1656 hidusb - ok
23:58:02.0265 1656 hpn - ok
23:58:02.0296 1656 HSFHWAZL (be0a81f4337367ce94bb20e65b3d57c8) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:58:02.0312 1656 HSFHWAZL - ok
23:58:02.0375 1656 HSF_DPV (b46aa158f25ccbf03b12971b4c7f4723) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:58:02.0390 1656 HSF_DPV - ok
23:58:02.0468 1656 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:58:02.0468 1656 HTTP - ok
23:58:02.0484 1656 i2omgmt - ok
23:58:02.0500 1656 i2omp - ok
23:58:02.0546 1656 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:58:02.0546 1656 i8042prt - ok
23:58:02.0890 1656 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:58:03.0140 1656 ialm - ok
23:58:03.0265 1656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:58:03.0265 1656 Imapi - ok
23:58:03.0281 1656 ini910u - ok
23:58:03.0515 1656 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:58:03.0562 1656 IntcAzAudAddService - ok
23:58:03.0656 1656 IntelIde - ok
23:58:03.0718 1656 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:58:03.0718 1656 intelppm - ok
23:58:03.0781 1656 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:58:03.0781 1656 Ip6Fw - ok
23:58:03.0796 1656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:58:03.0796 1656 IpFilterDriver - ok
23:58:03.0828 1656 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:58:03.0828 1656 IpInIp - ok
23:58:03.0875 1656 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:58:03.0875 1656 IpNat - ok
23:58:03.0968 1656 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:58:03.0968 1656 IPSec - ok
23:58:04.0000 1656 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:58:04.0000 1656 IRENUM - ok
23:58:04.0046 1656 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:58:04.0046 1656 isapnp - ok
23:58:04.0093 1656 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:58:04.0093 1656 Kbdclass - ok
23:58:04.0140 1656 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:58:04.0140 1656 kbdhid - ok
23:58:04.0203 1656 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:58:04.0203 1656 kmixer - ok
23:58:04.0281 1656 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
23:58:04.0296 1656 KSecDD - ok
23:58:04.0312 1656 lbrtfdc - ok
23:58:04.0328 1656 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
23:58:04.0328 1656 libusb0 - ok
23:58:04.0390 1656 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:58:04.0390 1656 mdmxsdk - ok
23:58:04.0437 1656 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:58:04.0437 1656 MHNDRV - ok
23:58:04.0453 1656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:58:04.0453 1656 mnmdd - ok
23:58:04.0500 1656 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:58:04.0500 1656 Modem - ok
23:58:04.0531 1656 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:58:04.0531 1656 Mouclass - ok
23:58:04.0562 1656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:58:04.0562 1656 mouhid - ok
23:58:04.0578 1656 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:58:04.0578 1656 MountMgr - ok
23:58:04.0578 1656 mraid35x - ok
23:58:04.0656 1656 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:58:04.0656 1656 MRxDAV - ok
23:58:04.0718 1656 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:58:04.0734 1656 MRxSmb - ok
23:58:04.0828 1656 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:58:04.0828 1656 Msfs - ok
23:58:04.0875 1656 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:58:04.0875 1656 MSKSSRV - ok
23:58:04.0921 1656 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:58:04.0921 1656 MSPCLOCK - ok
23:58:04.0953 1656 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:58:04.0953 1656 MSPQM - ok
23:58:04.0968 1656 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:58:04.0968 1656 mssmbios - ok
23:58:05.0000 1656 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:58:05.0000 1656 Mup - ok
23:58:05.0015 1656 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:58:05.0031 1656 NDIS - ok
23:58:05.0062 1656 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:58:05.0062 1656 NdisTapi - ok
23:58:05.0125 1656 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:58:05.0125 1656 Ndisuio - ok
23:58:05.0156 1656 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:58:05.0156 1656 NdisWan - ok
23:58:05.0187 1656 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:58:05.0187 1656 NDProxy - ok
23:58:05.0203 1656 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:58:05.0203 1656 NetBIOS - ok
23:58:05.0234 1656 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:58:05.0234 1656 NetBT - ok
23:58:05.0375 1656 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
23:58:05.0406 1656 NETw3x32 - ok
23:58:05.0515 1656 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:58:05.0515 1656 NIC1394 - ok
23:58:05.0546 1656 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:58:05.0562 1656 Npfs - ok
23:58:05.0593 1656 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:58:05.0609 1656 Ntfs - ok
23:58:05.0671 1656 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
23:58:05.0671 1656 NuidFltr - ok
23:58:05.0734 1656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:58:05.0734 1656 Null - ok
23:58:05.0765 1656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:58:05.0765 1656 NwlnkFlt - ok
23:58:05.0781 1656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:58:05.0781 1656 NwlnkFwd - ok
23:58:05.0796 1656 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:58:05.0796 1656 ohci1394 - ok
23:58:05.0828 1656 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
23:58:05.0843 1656 Parport - ok
23:58:05.0875 1656 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:58:05.0875 1656 PartMgr - ok
23:58:05.0921 1656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:58:05.0921 1656 ParVdm - ok
23:58:05.0953 1656 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
23:58:05.0953 1656 pavboot - ok
23:58:06.0000 1656 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:58:06.0000 1656 PCI - ok
23:58:06.0046 1656 PCIDump - ok
23:58:06.0062 1656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:58:06.0062 1656 PCIIde - ok
23:58:06.0109 1656 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:58:06.0109 1656 Pcmcia - ok
23:58:06.0109 1656 PDCOMP - ok
23:58:06.0125 1656 PDFRAME - ok
23:58:06.0140 1656 PDRELI - ok
23:58:06.0156 1656 PDRFRAME - ok
23:58:06.0156 1656 perc2 - ok
23:58:06.0171 1656 perc2hib - ok
23:58:06.0234 1656 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:58:06.0234 1656 PptpMiniport - ok
23:58:06.0250 1656 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:58:06.0250 1656 PSched - ok
23:58:06.0281 1656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:58:06.0281 1656 Ptilink - ok
23:58:06.0328 1656 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:58:06.0328 1656 PxHelp20 - ok
23:58:06.0328 1656 ql1080 - ok
23:58:06.0343 1656 Ql10wnt - ok
23:58:06.0359 1656 ql12160 - ok
23:58:06.0375 1656 ql1240 - ok
23:58:06.0375 1656 ql1280 - ok
23:58:06.0390 1656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:58:06.0390 1656 RasAcd - ok
23:58:06.0421 1656 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:58:06.0421 1656 Rasl2tp - ok
23:58:06.0437 1656 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:58:06.0437 1656 RasPppoe - ok
23:58:06.0453 1656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:58:06.0453 1656 Raspti - ok
23:58:06.0515 1656 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:58:06.0515 1656 Rdbss - ok
23:58:06.0562 1656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:58:06.0562 1656 RDPCDD - ok
23:58:06.0625 1656 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:58:06.0625 1656 rdpdr - ok
23:58:06.0687 1656 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:58:06.0687 1656 RDPWD - ok
23:58:06.0765 1656 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:58:06.0765 1656 redbook - ok
23:58:06.0875 1656 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
23:58:06.0875 1656 RivaTuner32 - ok
23:58:06.0984 1656 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:58:06.0984 1656 s24trans - ok
23:58:07.0046 1656 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:58:07.0046 1656 SASDIFSV - ok
23:58:07.0062 1656 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:58:07.0062 1656 SASKUTIL - ok
23:58:07.0156 1656 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:58:07.0156 1656 Secdrv - ok
23:58:07.0218 1656 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
23:58:07.0218 1656 Serial - ok
23:58:07.0281 1656 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:58:07.0281 1656 Sfloppy - ok
23:58:07.0296 1656 Simbad - ok
23:58:07.0343 1656 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
23:58:07.0343 1656 SNC - ok
23:58:07.0375 1656 Sparrow - ok
23:58:07.0406 1656 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:58:07.0406 1656 splitter - ok
23:58:07.0484 1656 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
23:58:07.0484 1656 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
23:58:07.0500 1656 sptd ( LockedFile.Multi.Generic ) - warning
23:58:07.0500 1656 sptd - detected LockedFile.Multi.Generic (1)
23:58:07.0578 1656 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:58:07.0578 1656 sr - ok
23:58:07.0640 1656 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:58:07.0656 1656 Srv - ok
23:58:07.0843 1656 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:58:07.0843 1656 swenum - ok
23:58:07.0875 1656 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:58:07.0875 1656 swmidi - ok
23:58:07.0890 1656 symc810 - ok
23:58:07.0906 1656 symc8xx - ok
23:58:07.0984 1656 SYMIDSCO - ok
23:58:08.0031 1656 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
23:58:08.0031 1656 symlcbrd - ok
23:58:08.0046 1656 sym_hi - ok
23:58:08.0062 1656 sym_u3 - ok
23:58:08.0078 1656 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:58:08.0078 1656 sysaudio - ok
23:58:08.0156 1656 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:58:08.0156 1656 Tcpip - ok
23:58:08.0234 1656 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:58:08.0234 1656 TDPIPE - ok
23:58:08.0250 1656 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:58:08.0250 1656 TDTCP - ok
23:58:08.0265 1656 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:58:08.0265 1656 TermDD - ok
23:58:08.0312 1656 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
23:58:08.0312 1656 ti21sony - ok
23:58:08.0328 1656 TosIde - ok
23:58:08.0390 1656 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:58:08.0390 1656 Udfs - ok
23:58:08.0421 1656 ultra - ok
23:58:08.0437 1656 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:58:08.0453 1656 Update - ok
23:58:08.0500 1656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:58:08.0500 1656 USBAAPL - ok
23:58:08.0562 1656 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
23:58:08.0562 1656 usbaudio - ok
23:58:08.0609 1656 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:58:08.0625 1656 usbccgp - ok
23:58:08.0656 1656 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:58:08.0671 1656 usbehci - ok
23:58:08.0703 1656 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:58:08.0703 1656 usbhub - ok
23:58:08.0750 1656 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:58:08.0750 1656 usbprint - ok
23:58:08.0796 1656 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:58:08.0796 1656 usbscan - ok
23:58:08.0859 1656 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:58:08.0859 1656 usbstor - ok
23:58:08.0875 1656 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:58:08.0875 1656 usbuhci - ok
23:58:08.0984 1656 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:58:08.0984 1656 VgaSave - ok
23:58:09.0000 1656 ViaIde - ok
23:58:09.0046 1656 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:58:09.0062 1656 VolSnap - ok
23:58:09.0125 1656 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
23:58:09.0125 1656 wacmoumonitor - ok
23:58:09.0187 1656 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
23:58:09.0187 1656 wacommousefilter - ok
23:58:09.0234 1656 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
23:58:09.0234 1656 wacomvhid - ok
23:58:09.0250 1656 WacomVKHid - ok
23:58:09.0312 1656 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:58:09.0312 1656 Wanarp - ok
23:58:09.0375 1656 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:58:09.0375 1656 Wdf01000 - ok
23:58:09.0390 1656 WDICA - ok
23:58:09.0453 1656 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:58:09.0453 1656 wdmaud - ok
23:58:09.0578 1656 winachsf (317dc24899ad7a06e3430bf45f292989) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:58:09.0593 1656 winachsf - ok
23:58:09.0750 1656 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys
23:58:09.0750 1656 xusb20 - ok
23:58:09.0796 1656 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
23:58:09.0796 1656 xusb21 - ok
23:58:09.0859 1656 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23:58:09.0859 1656 yukonwxp - ok
23:58:09.0890 1656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:58:10.0093 1656 \Device\Harddisk0\DR0 - ok
23:58:10.0093 1656 Boot (0x1200) (bb3ee0434675d97437e02f740b9c2c7a) \Device\Harddisk0\DR0\Partition0
23:58:10.0109 1656 \Device\Harddisk0\DR0\Partition0 - ok
23:58:10.0109 1656 ============================================================
23:58:10.0109 1656 Scan finished
23:58:10.0109 1656 ============================================================
23:58:10.0109 0556 Detected object count: 1
23:58:10.0109 0556 Actual detected object count: 1
23:58:24.0437 0556 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:58:24.0437 0556 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:14 PM

Posted 17 October 2011 - 01:13 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ciarusus

Ciarusus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 October 2011 - 02:28 AM

Computer seems to be running better then it was before. The start menu still isn't all there but I simply replaced them manually.

Combofix log:

ComboFix 11-10-16.03 - Blank 10/17/2011 0:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.449 [GMT -6:00]
Running from: c:\documents and settings\Blank\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blank\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 05:15 . 2010-09-07 21:39 150392 ----a-w- C:\junction.exe
2011-10-16 05:52 . 2011-10-16 05:52 -------- d-----w- c:\program files\WinSCP
2011-10-16 05:27 . 2011-10-16 05:39 -------- d-----w- c:\documents and settings\Blank\Application Data\CoreFTP
2011-10-16 05:27 . 2011-10-16 05:40 -------- d-----w- c:\program files\CoreFTP
2011-10-14 05:41 . 2011-10-14 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2011-10-14 02:36 . 2011-10-14 02:36 -------- d-----w- c:\program files\ESET
2011-10-11 08:52 . 2011-10-11 08:55 -------- d-----w- c:\documents and settings\Blank\Application Data\redsn0w
2011-10-07 07:34 . 2011-10-07 07:34 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-07 00:03 . 2006-03-15 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2011-10-07 00:03 . 2006-03-15 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-06 19:10 . 2011-10-06 19:10 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Unity
2011-10-06 19:02 . 2011-10-06 19:10 -------- d-----w- c:\program files\Unity
2011-10-04 10:00 . 2011-10-04 10:01 -------- d-----w- c:\documents and settings\Blank\.shsh
2011-10-04 09:30 . 2011-10-04 09:47 -------- d-----w- c:\documents and settings\Blank\Application Data\WindSolutions
2011-10-04 09:30 . 2011-10-04 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2011-10-04 09:26 . 2011-10-04 09:26 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Macroplant
2011-10-04 09:18 . 2011-10-04 09:18 -------- d-----w- c:\documents and settings\Blank\Application Data\ImTOO
2011-10-04 03:03 . 2011-10-04 08:27 -------- d-----w- c:\documents and settings\Blank\Application Data\Apple Computer
2011-10-04 03:02 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-04 03:02 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-04 03:01 . 2011-10-04 03:01 -------- d-----w- c:\program files\iPod
2011-10-04 03:01 . 2011-10-04 03:02 -------- d-----w- c:\program files\iTunes
2011-10-04 03:01 . 2011-10-04 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-10-04 02:59 . 2011-10-04 02:59 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Apple
2011-10-04 02:59 . 2011-10-04 02:59 -------- d-----w- c:\program files\Apple Software Update
2011-10-04 02:59 . 2011-10-04 02:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-10-04 02:58 . 2011-05-10 14:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-10-04 02:58 . 2011-05-10 14:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-10-04 02:57 . 2011-10-11 08:45 -------- d-----w- c:\program files\Common Files\Apple
2011-10-04 02:57 . 2011-10-04 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-10-04 02:54 . 2011-10-04 03:03 -------- d-----w- c:\documents and settings\Blank\Local Settings\Application Data\Apple Computer
2011-10-04 02:43 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-10-04 02:43 . 2004-08-04 04:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-10-04 02:43 . 2004-08-04 04:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-10-04 02:43 . 2004-08-04 06:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-09-23 08:14 . 2011-09-23 08:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 05:59 . 2010-07-11 03:49 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-08-31 23:00 . 2011-02-13 22:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-17_01.22.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-17 05:55 . 2011-10-17 05:55 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat
+ 2011-10-17 05:55 . 2011-10-17 05:55 16384 c:\windows\Temp\Perflib_Perfdata_120.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-29 322352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"D3DOverrider"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe" [2009-08-22 102400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Blank\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-6-28 2278240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= "c:\program files\Trend Micro\Tmas\sshook.dll" [2010-06-29 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-06-08 12:52 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2008-02-15 18:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2008-02-15 18:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2008-02-15 18:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 21:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-08-10 22:17 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-05-03 09:56 36975 ----a-w- c:\program files\Java\jre1.5.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2006-02-14 19:11 176128 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-06-29 08:20 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 04:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2005-06-13 22:42 258048 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 00:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Immaterial And Missing Power\\RollCaster.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Eternal Fighter Zero Memorial 4.02\\EFZdotNET_EX-5.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57292:TCP"= 57292:TCP:Pando Media Booster
"57292:UDP"= 57292:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"6889:TCP"= 6889:TCP:League of Legends Launcher
"6889:UDP"= 6889:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"59039:TCP"= 59039:TCP:Pando Media Booster
"59039:UDP"= 59039:UDP:Pando Media Booster
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/13/2011 5:03 AM 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/29/2010 11:22 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [9/5/2011 5:02 PM 4807536]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [7/30/2010 9:24 AM 33792]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/1/2006 3:56 PM 226304]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/5/2011 4:36 PM 10752]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [7/31/2010 2:56 AM 50048]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14894517
*Deregistered* - 14894517
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-02-04 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: Download with PodWorks Platinum - c:\program files\ImTOO\PodWorks Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 8.8.8.8
FF - ProfilePath - c:\documents and settings\Blank\Application Data\Mozilla\Firefox\Profiles\4j1j61n5.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 00:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderHooks.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-10-17 00:51:16
ComboFix-quarantined-files.txt 2011-10-17 06:51
ComboFix2.txt 2011-10-17 01:40
.
Pre-Run: 20,277,149,696 bytes free
Post-Run: 20,469,587,968 bytes free
.
- - End Of File - - FA4A17654557053223CCF31EF8B28E51

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:14 PM

Posted 17 October 2011 - 02:56 AM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ciarusus

Ciarusus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 October 2011 - 01:31 PM

µTorrent
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0.7
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
CCleaner
Combined Community Codec Pack 2010-10-10
Connect
Content
Corel Painter 11
Corel Painter 11 - ICA
Corel Painter 11 - IPM
ESET Online Scanner v3
Game Booster
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB900466)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
IconHandler 32 bit
ImageStation
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java™ 6 Update 22
JDownloader
kuler
LAN Setting Utility
Langauge
League of Legends
LibUSB-Win32-0.1.10.1
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Malwarebytes' Anti-Malware version 1.51.2.1300
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
mMHouse
Mozilla Firefox (3.6.6)
mPfMgr
mProSafe
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
NSIS IaMP English
Office 2003 Trial Assistant
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.5.01
OpenOffice.org 3.3
osu!
Panda ActiveScan 2.0
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
QuickTime
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Search Enhancement by AOL Search
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Setting Utility Series
Skype Toolbars
Skype™ 5.3
Soft Data Fax Modem with SmartCP
Sonic Encoders
SONIC MEGA COLLECTION PLUS
SonicStage 4.0
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Suite Shared Configuration CS4
SUPERAntiSpyware
Symantec KB-DocID:2003093015493306
Trend Micro Anti-Spyware
Trillian
Unity
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Backup Utility
VAIO Breeze Wallpaper
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Media Tutorial
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
Ventrilo Client
Wacom Tablet
WBFS Manager 3.0
WebFldrs XP
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Connect
Windows Media Format Runtime
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888321
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
WinSCP 4.3.5
Wireless Switch Setting Utility

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:14 PM

Posted 17 October 2011 - 02:14 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • Adobe Reader 7.0.7
      J2SE Runtime Environment 5.0 Update 7
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]



If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Ciarusus

Ciarusus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 17 October 2011 - 06:49 PM

ESET Log:

C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP110\A0058700.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP110\A0058739.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP111\A0059740.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP111\A0059769.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP111\A0059797.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP112\A0060870.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP113\A0060884.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP114\A0060936.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP114\A0062915.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP116\A0063941.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP118\A0064077.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP119\A0065105.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP119\A0065130.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP121\A0065233.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP127\A0065498.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP127\A0065535.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP128\A0065585.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP129\A0065640.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP137\A0072438.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP137\A0072475.dll Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP137\A0072476.dll a variant of Win32/Kryptik.TGT trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP137\A0072477.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP137\A0072478.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP137\A0072482.dll Win32/Adware.Yontoo.A application
C:\System Volume Information\_restore{98F833F7-368A-46D0-8190-E8CC52059E7E}\RP137\A0072485.dll Win32/Adware.Yontoo.A application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users