Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Search.exe Trojan | win-7 64bit


  • This topic is locked This topic is locked
16 replies to this topic

#1 clack12

clack12

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:11:12 PM

Posted 23 October 2011 - 10:54 AM

Last night I ran an extremely questionable .exe file and now my computer has that search.exe trojan on it. I was actually just reading about the same exact thing happening to other people on this forum. Currently I am on my 2nd computer but it was my desktop that got infected. I disconnected it from the internet by pulling out the Ethernet cable and put my desktop to sleep and only woke it up so I could get logs which I could post here.

When I woke up this morning I could hear my desktop being rather loud so I checked windows task manager and no surprise it was search.exe running at 50 cpu and my desktop was just chugging along. I then hit right click > end process and the process actually ended. However I ran a quick google search about it and read about how it re-installs it self and how bad it actually is so I decided that I needed some good help. Right after that I ran malwarebytes and here are the results. It's still there was just afraid that it wouldn't delete it properly so I just took a screen shot and posted it here. To add I have not shut-down or restarted my desktop yet, currently using 2nd computer to post this info. I just use a flash drive so I could get logs etc from infected desktop. Thank you for reading. :)


Posted Image

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by aki at 10:59:34 on 2011-10-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2108 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Winamp\Winamp\winampa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\System32\dinotify.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Winamp\Winamp\winamp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
F:\Hard Drive K\Hard drive\The documents\jtk374en\jtk374en\JoyToKey.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://movies.netflix.com/WiHome
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
mWinlogon: Userinit=userinit.exe
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\aki42\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Slawdog Smart Shutdown] C:\Program Files (x86)\Slawdog\Smart Shutdown\Smart Shutdown.exe startup
uRun: [Windows Update] C:\Users\aki42\AppData\Roaming\Microsoft\Windows\Templates\system32.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\Winamp\winampa.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~4\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~4\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
Trusted Zone: swagbucks.com\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~3\Google\GOOGLE~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\aki42\AppData\Roaming\Mozilla\Firefox\Profiles\485hnvyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2667978&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\SwarmPlugin\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\aki42\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla FirefoxINSTALL2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Whitehart: {d650973c-0444-4ac7-9d00-19e3613c83b9} - %profile%\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: CrystalFox Qute: CrystalFox_Qute@BigRedBrent - %profile%\extensions\CrystalFox_Qute@BigRedBrent
FF - Ext: Stratini: {748c4950-24f2-11de-8c30-0800200c9a66} - %profile%\extensions\{748c4950-24f2-11de-8c30-0800200c9a66}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Hide Caption Titlebar Plus: hidecaptionplus-dp@dummy.addons.mozilla.org - %profile%\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: Chromifox Extreme Carbon: cfxec@Triton - %profile%\extensions\cfxec@Triton
FF - Ext: Strata RELOADED: stratareloaded@addons.mozilla.org - %profile%\extensions\stratareloaded@addons.mozilla.org
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - %profile%\extensions\FoxdieGraphite@tanjihay.com
FF - Ext: YouTube Auto Replay: YouTubeAutoReplay@arikv.com - %profile%\extensions\YouTubeAutoReplay@arikv.com
FF - Ext: Foxdie: Foxdie@tanjihay.com - %profile%\extensions\Foxdie@tanjihay.com
FF - Ext: Bloomind FT Graphite: {8225d6f0-dfca-11df-85ca-0800200c9a66} - %profile%\extensions\{8225d6f0-dfca-11df-85ca-0800200c9a66}
FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Ext: Purity: {ea848344-1e6a-43e9-9cf8-301358888a43} - %profile%\extensions\{ea848344-1e6a-43e9-9cf8-301358888a43}
FF - Ext: Strata40: Strata40@SpewBoy.au - %profile%\extensions\Strata40@SpewBoy.au
FF - Ext: Oxygen KDE: {C1F83B1E-D6EE-11DE-B441-1AD556D89593} - %profile%\extensions\{C1F83B1E-D6EE-11DE-B441-1AD556D89593}
FF - Ext: Kempelton: kempelton-fx@arvidaxelsson.se - %profile%\extensions\kempelton-fx@arvidaxelsson.se
FF - Ext: Camifox: camifox@altmusictv.com - %profile%\extensions\camifox@altmusictv.com
FF - Ext: Stratini Super: {8479ade0-2eec-11de-8c30-0800200c9a66} - %profile%\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-11-7 24176]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
R3 VCam_WDM;e2eSoft VCam;C:\Windows\system32\DRIVERS\VCam_WDM.sys --> C:\Windows\system32\DRIVERS\VCam_WDM.sys [?]
R3 VCam_WDM01;e2eSoft VCam 01;C:\Windows\system32\DRIVERS\VCam_WDM01.sys --> C:\Windows\system32\DRIVERS\VCam_WDM01.sys [?]
R3 VCAM_WDM02;e2eSoft VCam 02;C:\Windows\system32\DRIVERS\VCAM_WDM02.sys --> C:\Windows\system32\DRIVERS\VCAM_WDM02.sys [?]
R3 VCAM_WDM03;e2eSoft VCam 03;C:\Windows\system32\DRIVERS\VCAM_WDM03.sys --> C:\Windows\system32\DRIVERS\VCAM_WDM03.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-9-9 30192]
S3 PStrip64;PStrip64;\??\C:\Windows\system32\DRIVERS\PSTRIP64.SYS --> C:\Windows\system32\DRIVERS\PSTRIP64.SYS [?]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-28 128928]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
.
=============== Created Last 30 ================
.
2011-10-22 20:04:38 236544 ----a-w- C:\Users\aki42\AppData\Roaming\Microsoft\Windows\Templates\system32.exe
2011-10-22 20:03:55 4494848 ----a-w- C:\Users\aki42\AppData\Roaming\Swagger.exe
2011-10-22 20:03:54 236544 ----a-w- C:\Users\aki42\AppData\Roaming\Server.exe
2011-10-17 02:44:43 -------- d-----w- C:\ProgramData\BlueStacks
2011-10-06 22:26:06 98528 ----a-w- C:\Windows\System32\drivers\VCAM_WDM03.sys
2011-10-06 22:26:06 98528 ----a-w- C:\Windows\System32\drivers\VCAM_WDM02.sys
2011-10-06 22:26:06 98528 ----a-w- C:\Windows\System32\drivers\VCam_WDM01.sys
2011-10-06 22:26:06 98528 ----a-w- C:\Windows\System32\drivers\VCam_WDM.sys
2011-10-06 22:26:04 -------- d-----w- C:\Users\aki42\AppData\Roaming\e2eSoft
2011-10-06 22:25:58 -------- d-----w- C:\Program Files (x86)\e2eSoft
2011-09-27 03:36:50 -------- d-----w- C:\Program Files (x86)\Veetle
2011-09-24 02:00:26 -------- d-----w- C:\Users\aki42\AppData\Roaming\runic games
2011-09-24 01:58:40 -------- d-----w- C:\Program Files (x86)\Torchlight
.
==================== Find3M ====================
.
2011-10-23 13:41:27 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-03 18:57:14 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-09-03 18:57:14 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-09-03 18:57:14 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-09-03 18:57:14 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-01 01:22:53 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
.
============= FINISH: 11:01:08.07 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 23 October 2011 - 11:11 AM

Hello clack12,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 clack12

clack12
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:11:12 PM

Posted 23 October 2011 - 01:11 PM

Things to include in your next reply::
1. ) TdssKiller log
13:31:32.0083 5792 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
13:31:32.0131 5792 ============================================================
13:31:32.0131 5792 Current date / time: 2011/10/23 13:31:32.0131
13:31:32.0131 5792 SystemInfo:
13:31:32.0131 5792
13:31:32.0131 5792 OS Version: 6.1.7600 ServicePack: 0.0
13:31:32.0131 5792 Product type: Workstation
13:31:32.0131 5792 ComputerName: AKI42-PC
13:31:32.0131 5792 UserName: aki42
13:31:32.0131 5792 Windows directory: C:\Windows
13:31:32.0131 5792 System windows directory: C:\Windows
13:31:32.0131 5792 Running under WOW64
13:31:32.0131 5792 Processor architecture: Intel x64
13:31:32.0132 5792 Number of processors: 2
13:31:32.0132 5792 Page size: 0x1000
13:31:32.0132 5792 Boot type: Normal boot
13:31:32.0132 5792 ============================================================
13:31:32.0767 5792 Initialize success
13:31:55.0186 2504 ============================================================
13:31:55.0186 2504 Scan started
13:31:55.0186 2504 Mode: Manual;
13:31:55.0186 2504 ============================================================
13:31:56.0315 2504 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:31:56.0319 2504 1394ohci - ok
13:31:56.0357 2504 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:31:56.0362 2504 ACPI - ok
13:31:56.0404 2504 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:31:56.0405 2504 AcpiPmi - ok
13:31:56.0501 2504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:31:56.0509 2504 adp94xx - ok
13:31:56.0577 2504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:31:56.0582 2504 adpahci - ok
13:31:56.0622 2504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:31:56.0626 2504 adpu320 - ok
13:31:56.0732 2504 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:31:56.0739 2504 AFD - ok
13:31:56.0805 2504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:31:56.0807 2504 agp440 - ok
13:31:56.0834 2504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:31:56.0835 2504 aliide - ok
13:31:56.0847 2504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:31:56.0849 2504 amdide - ok
13:31:56.0876 2504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:31:56.0879 2504 AmdK8 - ok
13:31:56.0910 2504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:31:56.0912 2504 AmdPPM - ok
13:31:56.0937 2504 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:31:56.0940 2504 amdsata - ok
13:31:56.0987 2504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:31:56.0991 2504 amdsbs - ok
13:31:57.0041 2504 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:31:57.0042 2504 amdxata - ok
13:31:57.0100 2504 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:31:57.0101 2504 AppID - ok
13:31:57.0171 2504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:31:57.0174 2504 arc - ok
13:31:57.0227 2504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:31:57.0230 2504 arcsas - ok
13:31:57.0290 2504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:57.0291 2504 AsyncMac - ok
13:31:57.0312 2504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:31:57.0314 2504 atapi - ok
13:31:57.0405 2504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:31:57.0414 2504 b06bdrv - ok
13:31:57.0472 2504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:31:57.0477 2504 b57nd60a - ok
13:31:57.0499 2504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:31:57.0500 2504 Beep - ok
13:31:57.0544 2504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:31:57.0545 2504 blbdrive - ok
13:31:57.0591 2504 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:31:57.0594 2504 bowser - ok
13:31:57.0640 2504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:31:57.0641 2504 BrFiltLo - ok
13:31:57.0665 2504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:31:57.0666 2504 BrFiltUp - ok
13:31:57.0731 2504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:31:57.0736 2504 Brserid - ok
13:31:57.0785 2504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:31:57.0786 2504 BrSerWdm - ok
13:31:57.0824 2504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:31:57.0825 2504 BrUsbMdm - ok
13:31:57.0859 2504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:31:57.0861 2504 BrUsbSer - ok
13:31:57.0916 2504 BstHdDrv - ok
13:31:57.0945 2504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:31:57.0947 2504 BTHMODEM - ok
13:31:57.0981 2504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:31:57.0984 2504 cdfs - ok
13:31:58.0029 2504 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:31:58.0031 2504 cdrom - ok
13:31:58.0099 2504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:31:58.0100 2504 circlass - ok
13:31:58.0155 2504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:31:58.0160 2504 CLFS - ok
13:31:58.0224 2504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:31:58.0225 2504 CmBatt - ok
13:31:58.0245 2504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:31:58.0246 2504 cmdide - ok
13:31:58.0344 2504 cmuda3 (8f4be02699ed644e89c7818d965b30a3) C:\Windows\system32\drivers\cmudax3.sys
13:31:58.0371 2504 cmuda3 - ok
13:31:58.0410 2504 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:31:58.0417 2504 CNG - ok
13:31:58.0461 2504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:31:58.0464 2504 Compbatt - ok
13:31:58.0506 2504 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:31:58.0507 2504 CompositeBus - ok
13:31:58.0560 2504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:31:58.0561 2504 crcdisk - ok
13:31:58.0617 2504 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:31:58.0620 2504 DfsC - ok
13:31:58.0644 2504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:31:58.0645 2504 discache - ok
13:31:58.0694 2504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:31:58.0696 2504 Disk - ok
13:31:58.0765 2504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:31:58.0766 2504 drmkaud - ok
13:31:58.0827 2504 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:58.0854 2504 DXGKrnl - ok
13:31:58.0892 2504 E100B (a6db3a7828b456a574243066e2e77d8c) C:\Windows\system32\DRIVERS\efe5b32e.sys
13:31:58.0896 2504 E100B - ok
13:31:58.0990 2504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:31:59.0059 2504 ebdrv - ok
13:31:59.0116 2504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:31:59.0134 2504 elxstor - ok
13:31:59.0155 2504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:31:59.0156 2504 ErrDev - ok
13:31:59.0206 2504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:31:59.0211 2504 exfat - ok
13:31:59.0234 2504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:31:59.0237 2504 fastfat - ok
13:31:59.0275 2504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:31:59.0277 2504 fdc - ok
13:31:59.0334 2504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:31:59.0336 2504 FileInfo - ok
13:31:59.0362 2504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:31:59.0364 2504 Filetrace - ok
13:31:59.0391 2504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:31:59.0394 2504 flpydisk - ok
13:31:59.0439 2504 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:31:59.0445 2504 FltMgr - ok
13:31:59.0476 2504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:31:59.0479 2504 FsDepends - ok
13:31:59.0521 2504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:59.0524 2504 Fs_Rec - ok
13:31:59.0605 2504 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
13:31:59.0609 2504 fvevol - ok
13:31:59.0659 2504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:31:59.0661 2504 gagp30kx - ok
13:31:59.0764 2504 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:31:59.0766 2504 GEARAspiWDM - ok
13:31:59.0874 2504 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:31:59.0876 2504 hamachi - ok
13:31:59.0935 2504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:31:59.0936 2504 hcw85cir - ok
13:31:59.0997 2504 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:32:00.0002 2504 HdAudAddService - ok
13:32:00.0084 2504 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:32:00.0085 2504 HDAudBus - ok
13:32:00.0131 2504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:00.0134 2504 HidBatt - ok
13:32:00.0184 2504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:32:00.0186 2504 HidBth - ok
13:32:00.0216 2504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:32:00.0217 2504 HidIr - ok
13:32:00.0321 2504 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:32:00.0322 2504 HidUsb - ok
13:32:00.0395 2504 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:32:00.0397 2504 HpSAMD - ok
13:32:00.0479 2504 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:32:00.0490 2504 HTTP - ok
13:32:00.0562 2504 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:32:00.0564 2504 hwpolicy - ok
13:32:00.0611 2504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:32:00.0614 2504 i8042prt - ok
13:32:00.0667 2504 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:32:00.0674 2504 iaStorV - ok
13:32:00.0742 2504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:32:00.0745 2504 iirsp - ok
13:32:00.0804 2504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:32:00.0805 2504 intelide - ok
13:32:00.0890 2504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:32:00.0890 2504 intelppm - ok
13:32:00.0984 2504 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:00.0986 2504 IpFilterDriver - ok
13:32:01.0056 2504 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:32:01.0057 2504 IPMIDRV - ok
13:32:01.0134 2504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:32:01.0137 2504 IPNAT - ok
13:32:01.0214 2504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:32:01.0215 2504 IRENUM - ok
13:32:01.0240 2504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:32:01.0244 2504 isapnp - ok
13:32:01.0297 2504 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:32:01.0301 2504 iScsiPrt - ok
13:32:01.0397 2504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:01.0400 2504 kbdclass - ok
13:32:01.0447 2504 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:01.0449 2504 kbdhid - ok
13:32:01.0492 2504 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:32:01.0495 2504 KSecDD - ok
13:32:01.0555 2504 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:32:01.0559 2504 KSecPkg - ok
13:32:01.0604 2504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:32:01.0605 2504 ksthunk - ok
13:32:01.0695 2504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:32:01.0697 2504 lltdio - ok
13:32:01.0799 2504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:01.0801 2504 LSI_FC - ok
13:32:01.0855 2504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:01.0857 2504 LSI_SAS - ok
13:32:01.0911 2504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:01.0914 2504 LSI_SAS2 - ok
13:32:01.0962 2504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:01.0965 2504 LSI_SCSI - ok
13:32:02.0009 2504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:32:02.0011 2504 luafv - ok
13:32:02.0069 2504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:32:02.0071 2504 megasas - ok
13:32:02.0124 2504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:02.0129 2504 MegaSR - ok
13:32:02.0187 2504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:32:02.0189 2504 Modem - ok
13:32:02.0241 2504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:32:02.0242 2504 monitor - ok
13:32:02.0311 2504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:32:02.0312 2504 mouclass - ok
13:32:02.0382 2504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:32:02.0384 2504 mouhid - ok
13:32:02.0427 2504 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:32:02.0429 2504 mountmgr - ok
13:32:02.0481 2504 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:32:02.0485 2504 mpio - ok
13:32:02.0542 2504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:32:02.0544 2504 mpsdrv - ok
13:32:02.0599 2504 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:32:02.0601 2504 MRxDAV - ok
13:32:02.0674 2504 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:02.0677 2504 mrxsmb - ok
13:32:02.0739 2504 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:02.0744 2504 mrxsmb10 - ok
13:32:02.0791 2504 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:02.0794 2504 mrxsmb20 - ok
13:32:02.0817 2504 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:32:02.0820 2504 msahci - ok
13:32:02.0861 2504 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:32:02.0864 2504 msdsm - ok
13:32:02.0920 2504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:32:02.0922 2504 Msfs - ok
13:32:02.0974 2504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:32:02.0976 2504 mshidkmdf - ok
13:32:02.0997 2504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:32:02.0999 2504 msisadrv - ok
13:32:03.0041 2504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:03.0044 2504 MSKSSRV - ok
13:32:03.0105 2504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:03.0106 2504 MSPCLOCK - ok
13:32:03.0162 2504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:32:03.0164 2504 MSPQM - ok
13:32:03.0217 2504 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:32:03.0224 2504 MsRPC - ok
13:32:03.0249 2504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:32:03.0250 2504 mssmbios - ok
13:32:03.0272 2504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:32:03.0274 2504 MSTEE - ok
13:32:03.0292 2504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:03.0295 2504 MTConfig - ok
13:32:03.0339 2504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:32:03.0340 2504 Mup - ok
13:32:03.0400 2504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:03.0406 2504 NativeWifiP - ok
13:32:03.0477 2504 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:32:03.0502 2504 NDIS - ok
13:32:03.0526 2504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:03.0529 2504 NdisCap - ok
13:32:03.0561 2504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:03.0562 2504 NdisTapi - ok
13:32:03.0615 2504 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:03.0617 2504 Ndisuio - ok
13:32:03.0645 2504 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:03.0647 2504 NdisWan - ok
13:32:03.0707 2504 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:32:03.0710 2504 NDProxy - ok
13:32:03.0739 2504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:32:03.0741 2504 NetBIOS - ok
13:32:03.0781 2504 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:32:03.0785 2504 NetBT - ok
13:32:03.0904 2504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:03.0905 2504 nfrd960 - ok
13:32:03.0961 2504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:32:03.0962 2504 Npfs - ok
13:32:04.0011 2504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:32:04.0012 2504 nsiproxy - ok
13:32:04.0087 2504 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:32:04.0122 2504 Ntfs - ok
13:32:04.0167 2504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:32:04.0169 2504 Null - ok
13:32:04.0476 2504 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:32:04.0745 2504 nvlddmkm - ok
13:32:04.0819 2504 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:32:04.0821 2504 nvraid - ok
13:32:04.0887 2504 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:32:04.0891 2504 nvstor - ok
13:32:04.0971 2504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:32:04.0975 2504 nv_agp - ok
13:32:05.0027 2504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:32:05.0029 2504 ohci1394 - ok
13:32:05.0084 2504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:32:05.0086 2504 Parport - ok
13:32:05.0137 2504 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:32:05.0140 2504 partmgr - ok
13:32:05.0199 2504 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:32:05.0202 2504 pci - ok
13:32:05.0260 2504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:32:05.0261 2504 pciide - ok
13:32:05.0312 2504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:05.0317 2504 pcmcia - ok
13:32:05.0371 2504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:32:05.0372 2504 pcw - ok
13:32:05.0431 2504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:32:05.0450 2504 PEAUTH - ok
13:32:05.0554 2504 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:05.0556 2504 PptpMiniport - ok
13:32:05.0602 2504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:32:05.0605 2504 Processor - ok
13:32:05.0686 2504 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:32:05.0689 2504 Psched - ok
13:32:05.0765 2504 PStrip64 (23eed24b0a780863df35b500c4ea0733) C:\Windows\system32\DRIVERS\PSTRIP64.SYS
13:32:05.0766 2504 PStrip64 - ok
13:32:05.0835 2504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:32:05.0870 2504 ql2300 - ok
13:32:05.0911 2504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:05.0914 2504 ql40xx - ok
13:32:05.0964 2504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:32:05.0965 2504 QWAVEdrv - ok
13:32:06.0011 2504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:06.0012 2504 RasAcd - ok
13:32:06.0067 2504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:06.0069 2504 RasAgileVpn - ok
13:32:06.0105 2504 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:06.0109 2504 Rasl2tp - ok
13:32:06.0165 2504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:06.0167 2504 RasPppoe - ok
13:32:06.0204 2504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:06.0206 2504 RasSstp - ok
13:32:06.0252 2504 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:06.0259 2504 rdbss - ok
13:32:06.0281 2504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:06.0284 2504 rdpbus - ok
13:32:06.0301 2504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:06.0302 2504 RDPCDD - ok
13:32:06.0366 2504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:32:06.0366 2504 RDPENCDD - ok
13:32:06.0402 2504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:32:06.0404 2504 RDPREFMP - ok
13:32:06.0456 2504 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:32:06.0461 2504 RDPWD - ok
13:32:06.0530 2504 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:32:06.0534 2504 rdyboost - ok
13:32:06.0639 2504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:32:06.0641 2504 rspndr - ok
13:32:06.0777 2504 SbieDrv (e6c0ea194b4a98f6645502a52359e0ac) C:\Program Files\Sandboxie\SbieDrv.sys
13:32:06.0781 2504 SbieDrv - ok
13:32:06.0830 2504 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:32:06.0832 2504 sbp2port - ok
13:32:06.0857 2504 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:32:06.0859 2504 scfilter - ok
13:32:06.0905 2504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:32:06.0907 2504 secdrv - ok
13:32:06.0967 2504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:32:06.0970 2504 Serenum - ok
13:32:07.0022 2504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:32:07.0025 2504 Serial - ok
13:32:07.0074 2504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:32:07.0075 2504 sermouse - ok
13:32:07.0116 2504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:32:07.0117 2504 sffdisk - ok
13:32:07.0144 2504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:32:07.0145 2504 sffp_mmc - ok
13:32:07.0191 2504 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:32:07.0192 2504 sffp_sd - ok
13:32:07.0240 2504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:07.0241 2504 sfloppy - ok
13:32:07.0299 2504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:07.0301 2504 SiSRaid2 - ok
13:32:07.0341 2504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:07.0344 2504 SiSRaid4 - ok
13:32:07.0385 2504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:32:07.0387 2504 Smb - ok
13:32:07.0700 2504 SNP2STD (87e3e14f4a0d7c52ba3c0317320cd954) C:\Windows\system32\DRIVERS\snp2sxp.sys
13:32:07.0944 2504 SNP2STD - ok
13:32:07.0990 2504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:32:07.0992 2504 spldr - ok
13:32:08.0104 2504 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
13:32:08.0104 2504 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
13:32:08.0109 2504 sptd ( LockedFile.Multi.Generic ) - warning
13:32:08.0109 2504 sptd - detected LockedFile.Multi.Generic (1)
13:32:08.0161 2504 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
13:32:08.0169 2504 srv - ok
13:32:08.0200 2504 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
13:32:08.0206 2504 srv2 - ok
13:32:08.0232 2504 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:08.0236 2504 srvnet - ok
13:32:08.0331 2504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:32:08.0332 2504 stexstor - ok
13:32:08.0375 2504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:32:08.0376 2504 swenum - ok
13:32:08.0460 2504 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
13:32:08.0461 2504 taphss - ok
13:32:08.0651 2504 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
13:32:08.0694 2504 Tcpip - ok
13:32:08.0784 2504 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:08.0796 2504 TCPIP6 - ok
13:32:08.0846 2504 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:32:08.0847 2504 tcpipreg - ok
13:32:08.0919 2504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:32:08.0920 2504 TDPIPE - ok
13:32:08.0966 2504 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:32:08.0967 2504 TDTCP - ok
13:32:09.0036 2504 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:32:09.0039 2504 tdx - ok
13:32:09.0092 2504 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:32:09.0094 2504 TermDD - ok
13:32:09.0166 2504 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:09.0167 2504 tssecsrv - ok
13:32:09.0235 2504 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:09.0237 2504 tunnel - ok
13:32:09.0305 2504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:32:09.0307 2504 uagp35 - ok
13:32:09.0380 2504 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:32:09.0386 2504 udfs - ok
13:32:09.0447 2504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:32:09.0450 2504 uliagpkx - ok
13:32:09.0517 2504 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:32:09.0520 2504 umbus - ok
13:32:09.0579 2504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:32:09.0580 2504 UmPass - ok
13:32:09.0669 2504 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:32:09.0671 2504 usbaudio - ok
13:32:09.0721 2504 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:09.0724 2504 usbccgp - ok
13:32:09.0789 2504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:32:09.0792 2504 usbcir - ok
13:32:09.0826 2504 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:32:09.0827 2504 usbehci - ok
13:32:09.0897 2504 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:32:09.0904 2504 usbhub - ok
13:32:09.0974 2504 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:32:09.0975 2504 usbohci - ok
13:32:10.0041 2504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:32:10.0042 2504 usbprint - ok
13:32:10.0091 2504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:32:10.0094 2504 usbscan - ok
13:32:10.0142 2504 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:10.0142 2504 USBSTOR - ok
13:32:10.0194 2504 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:32:10.0195 2504 usbuhci - ok
13:32:10.0279 2504 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
13:32:10.0282 2504 usbvideo - ok
13:32:10.0395 2504 VBoxDrv (0d0fb2ee4333aa6808592a2ab0ebdd0f) C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:32:10.0399 2504 VBoxDrv - ok
13:32:10.0455 2504 VBoxNetAdp (626f0a31303b999ea4999138ac63c3e9) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:32:10.0459 2504 VBoxNetAdp - ok
13:32:10.0540 2504 VBoxNetFlt (44023cd9a22b91e0704b41fc2fdeef77) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
13:32:10.0542 2504 VBoxNetFlt - ok
13:32:10.0640 2504 VBoxUSBMon (d31ef2f40e092501f2752a5ba766f193) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:32:10.0641 2504 VBoxUSBMon - ok
13:32:10.0709 2504 VCam_WDM (43d9865927afecdd291343dddcf72be2) C:\Windows\system32\DRIVERS\VCam_WDM.sys
13:32:10.0711 2504 VCam_WDM - ok
13:32:10.0784 2504 VCam_WDM01 (84d4b02881dd258abc1f923c99a97ac9) C:\Windows\system32\DRIVERS\VCam_WDM01.sys
13:32:10.0786 2504 VCam_WDM01 - ok
13:32:10.0840 2504 VCAM_WDM02 (5c2708b9f2ca3129146ea48b541e06ba) C:\Windows\system32\DRIVERS\VCAM_WDM02.sys
13:32:10.0844 2504 VCAM_WDM02 - ok
13:32:10.0902 2504 VCAM_WDM03 (b266f3a827e19306862b3e25fbbdd6f1) C:\Windows\system32\DRIVERS\VCAM_WDM03.sys
13:32:10.0905 2504 VCAM_WDM03 - ok
13:32:10.0976 2504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:32:10.0977 2504 vdrvroot - ok
13:32:11.0041 2504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:11.0044 2504 vga - ok
13:32:11.0099 2504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:32:11.0101 2504 VgaSave - ok
13:32:11.0151 2504 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:32:11.0156 2504 vhdmp - ok
13:32:11.0197 2504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:32:11.0199 2504 viaide - ok
13:32:11.0236 2504 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:32:11.0239 2504 volmgr - ok
13:32:11.0285 2504 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:32:11.0291 2504 volmgrx - ok
13:32:11.0341 2504 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:32:11.0346 2504 volsnap - ok
13:32:11.0409 2504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:32:11.0411 2504 vsmraid - ok
13:32:11.0437 2504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:32:11.0440 2504 vwifibus - ok
13:32:11.0472 2504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:32:11.0475 2504 WacomPen - ok
13:32:11.0515 2504 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:11.0517 2504 WANARP - ok
13:32:11.0534 2504 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:11.0535 2504 Wanarpv6 - ok
13:32:11.0601 2504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:32:11.0602 2504 Wd - ok
13:32:11.0664 2504 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
13:32:11.0666 2504 WDC_SAM - ok
13:32:11.0705 2504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:32:11.0725 2504 Wdf01000 - ok
13:32:11.0791 2504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:11.0793 2504 WfpLwf - ok
13:32:11.0820 2504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:32:11.0823 2504 WIMMount - ok
13:32:11.0920 2504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:32:11.0921 2504 WmiAcpi - ok
13:32:11.0966 2504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:32:11.0968 2504 ws2ifsl - ok
13:32:12.0015 2504 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:32:12.0018 2504 WudfPf - ok
13:32:12.0050 2504 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:12.0053 2504 WUDFRd - ok
13:32:12.0170 2504 X6va005 - ok
13:32:12.0228 2504 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
13:32:12.0230 2504 xusb21 - ok
13:32:12.0276 2504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:32:12.0283 2504 \Device\Harddisk0\DR0 - ok
13:32:12.0289 2504 MBR (0x1B8) (da5d756577cf64a1cd3fd470b8172937) \Device\Harddisk1\DR1
13:32:12.0506 2504 \Device\Harddisk1\DR1 - ok
13:32:12.0513 2504 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR6
13:32:14.0925 2504 \Device\Harddisk2\DR6 - ok
13:32:14.0941 2504 Boot (0x1200) (4b5723e7545c4c4aa319c1115c154fb0) \Device\Harddisk0\DR0\Partition0
13:32:14.0943 2504 \Device\Harddisk0\DR0\Partition0 - ok
13:32:14.0948 2504 Boot (0x1200) (f64565cf2219cfe55dc25ad956bcca37) \Device\Harddisk1\DR1\Partition0
13:32:14.0949 2504 \Device\Harddisk1\DR1\Partition0 - ok
13:32:14.0958 2504 Boot (0x1200) (cf44877621657c30652496d2a9181f99) \Device\Harddisk2\DR6\Partition0
13:32:14.0958 2504 \Device\Harddisk2\DR6\Partition0 - ok
13:32:14.0961 2504 ============================================================
13:32:14.0961 2504 Scan finished
13:32:14.0961 2504 ============================================================
13:32:14.0980 3276 Detected object count: 1
13:32:14.0980 3276 Actual detected object count: 1
13:33:38.0724 3276 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:33:38.0725 3276 sptd ( LockedFile.Multi.Generic ) - User select action: Skip








2.) Combofix.txt



ComboFix 11-10-23.01 - aki42 10/23/2011 13:41:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2463 [GMT -4:00]
Running from: c:\users\aki42\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Save
c:\program files (x86)\Save\Dr_punchems.d2s
c:\program files (x86)\Save\Dr_punchems.key
c:\program files (x86)\Save\Dr_punchems.ma0
c:\program files (x86)\Save\Dr_punchems.ma1
c:\program files (x86)\Save\Dr_punchems.ma2
c:\program files (x86)\Save\Dr_punchems.ma3
c:\program files (x86)\Save\Dr_punchems.map
c:\program files (x86)\Save\Dr_punchems100219.bak
c:\program files (x86)\Save\Dr_punchems100222.bak
c:\program files (x86)\Save\Dr_punchems100228.bak
c:\program files (x86)\Save\Dr_punchems122249.bak
c:\program files (x86)\Save\Dr_punchems122256.bak
c:\program files (x86)\Save\Dr_spiderman.d2s
c:\program files (x86)\Save\Dr_spiderman.key
c:\program files (x86)\Save\Dr_spiderman.ma0
c:\program files (x86)\Save\Dr_spiderman.map
c:\users\aki42\AppData\Roaming\chrtmp
c:\users\aki42\AppData\Roaming\Microsoft\Windows\Templates\cdkeys.txt
c:\users\aki42\AppData\Roaming\server.exe
c:\users\aki42\AppData\Roaming\Swagger.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 17:52 . 2011-10-23 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-23 17:52 . 2011-10-23 17:52 -------- d-----w- c:\users\Mcx1-AKI42-PC\AppData\Local\temp
2011-10-22 20:04 . 2011-10-22 20:03 236544 ----a-w- c:\users\aki42\AppData\Roaming\Microsoft\Windows\Templates\system32.exe
2011-10-17 02:44 . 2011-10-17 02:49 -------- d-----w- c:\programdata\BlueStacks
2011-10-09 05:55 . 2011-10-09 05:55 -------- d-----w- c:\program files (x86)\Safari
2011-10-09 05:53 . 2011-10-09 05:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-06 22:26 . 2010-07-01 02:00 98528 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys
2011-10-06 22:26 . 2010-07-01 02:00 98528 ----a-w- c:\windows\system32\drivers\VCam_WDM01.sys
2011-10-06 22:26 . 2010-07-01 02:00 98528 ----a-w- c:\windows\system32\drivers\VCAM_WDM02.sys
2011-10-06 22:26 . 2010-07-01 01:59 98528 ----a-w- c:\windows\system32\drivers\VCAM_WDM03.sys
2011-10-06 22:26 . 2011-10-06 22:26 -------- d-----w- c:\users\aki42\AppData\Roaming\e2eSoft
2011-10-06 22:25 . 2011-10-06 22:25 -------- d-----w- c:\program files (x86)\e2eSoft
2011-09-27 03:36 . 2011-09-27 03:36 -------- d-----w- c:\program files (x86)\Veetle
2011-09-24 02:00 . 2011-09-24 02:00 -------- d-----w- c:\users\aki42\AppData\Roaming\runic games
2011-09-24 01:58 . 2011-09-24 01:58 -------- d-----w- c:\program files (x86)\Torchlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 18:57 . 2011-09-03 18:57 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-03 18:57 . 2011-09-03 18:57 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-09-03 18:57 . 2011-09-03 18:57 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-03 18:57 . 2011-09-03 18:57 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-31 21:00 . 2010-12-27 04:35 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 01:22 . 2011-03-21 07:17 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-07-26 07:01 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"cdloader"="c:\users\aki42\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Slawdog Smart Shutdown"="c:\program files (x86)\Slawdog\Smart Shutdown\Smart Shutdown.exe" [2005-09-09 446464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\Winamp\winampa.exe" [2008-04-01 36352]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-09 30192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-09 30192]
R3 PStrip64;PStrip64;c:\windows\system32\DRIVERS\PSTRIP64.SYS [x]
R3 X6va005;X6va005;c:\users\aki42\AppData\Local\Temp\005CA50.tmp [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [x]
S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [x]
S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [x]
S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://movies.netflix.com/WiHome
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm
Trusted Zone: swagbucks.com\www
FF - ProfilePath - c:\users\aki42\AppData\Roaming\Mozilla\Firefox\Profiles\485hnvyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2667978&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla FirefoxINSTALL2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Whitehart: {d650973c-0444-4ac7-9d00-19e3613c83b9} - %profile%\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: CrystalFox Qute: CrystalFox_Qute@BigRedBrent - %profile%\extensions\CrystalFox_Qute@BigRedBrent
FF - Ext: Stratini: {748c4950-24f2-11de-8c30-0800200c9a66} - %profile%\extensions\{748c4950-24f2-11de-8c30-0800200c9a66}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Hide Caption Titlebar Plus: hidecaptionplus-dp@dummy.addons.mozilla.org - %profile%\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: Chromifox Extreme Carbon: cfxec@Triton - %profile%\extensions\cfxec@Triton
FF - Ext: Strata RELOADED: stratareloaded@addons.mozilla.org - %profile%\extensions\stratareloaded@addons.mozilla.org
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - %profile%\extensions\FoxdieGraphite@tanjihay.com
FF - Ext: YouTube Auto Replay: YouTubeAutoReplay@arikv.com - %profile%\extensions\YouTubeAutoReplay@arikv.com
FF - Ext: Foxdie: Foxdie@tanjihay.com - %profile%\extensions\Foxdie@tanjihay.com
FF - Ext: Bloomind FT Graphite: {8225d6f0-dfca-11df-85ca-0800200c9a66} - %profile%\extensions\{8225d6f0-dfca-11df-85ca-0800200c9a66}
FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Ext: Purity: {ea848344-1e6a-43e9-9cf8-301358888a43} - %profile%\extensions\{ea848344-1e6a-43e9-9cf8-301358888a43}
FF - Ext: Strata40: Strata40@SpewBoy.au - %profile%\extensions\Strata40@SpewBoy.au
FF - Ext: Oxygen KDE: {C1F83B1E-D6EE-11DE-B441-1AD556D89593} - %profile%\extensions\{C1F83B1E-D6EE-11DE-B441-1AD556D89593}
FF - Ext: Kempelton: kempelton-fx@arvidaxelsson.se - %profile%\extensions\kempelton-fx@arvidaxelsson.se
FF - Ext: Camifox: camifox@altmusictv.com - %profile%\extensions\camifox@altmusictv.com
FF - Ext: Stratini Super: {8479ade0-2eec-11de-8c30-0800200c9a66} - %profile%\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\aki42\AppData\Local\Temp\005CA50.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1031432549-3350438524-973840302-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{582EF2D9-BB5E-7249-2525-0C743E850C4F}*]
"haaopapjcllicigb"=hex:6a,61,63,65,6f,6d,70,6e,6e,67,64,65,6a,70,61,65,6d,62,
6b,64,00,01
"iagpbccjhplgfcacfc"=hex:6a,61,66,65,63,6e,6f,68,67,64,6d,64,62,6e,69,6f,66,6e,
66,65,00,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-23 14:01:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 18:01
.
Pre-Run: 59,097,718,784 bytes free
Post-Run: 60,694,069,248 bytes free
.
- - End Of File - - 3EDF179C12F642C700A35E1B92B6D447





3.)How is your machine running now?
I think it got rid of everything. Tds killer found one thing Had to skip. It seems combofix took care of everything. The computer seems to be running fine now. Thank you so much for the quick reply I really appericate it!

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 23 October 2011 - 02:08 PM

Hello,

Yes your logs look alot better but there is still some work to do.


1.
Please re-run Tdsskiller. This time please select whatever option it gives you. Cure,Quarantine or Delete. Then post that log.


2.
Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:

http://www.benedelman.org/spyware/ask-toolbars/
http://vil.nai.com/vil/content/v_185490.htm


I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Ask Toolbar.


3.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\users\aki42\AppData\Local\Temp\005CA50.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-

Driver::
X6va005


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


4.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


5.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Things to include in your next reply::
Combofix.txt
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 clack12

clack12
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:11:12 PM

Posted 24 October 2011 - 09:25 AM

2nd edit: Alright I got a new question for you I ran tdskiller and it only found one thing.
Posted Image
I could either skip, copy to quarantine, or delete I took a screen shot. I just wanted to be sure which was the right choice before I mess up anything. Thanks again for the effort and help.


recent edit:

Things to include in your next reply::
1) Combofix.txt



ComboFix 11-10-23.02 - aki42 10/23/2011 18:26:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2347 [GMT -4:00]
Running from: c:\users\aki42\Desktop\ComboFix.exe
Command switches used :: c:\users\aki42\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\aki42\AppData\Local\Temp\005CA50.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Service_X6va005
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 22:37 . 2011-10-23 22:37 -------- d-----w- c:\users\Mcx1-AKI42-PC\AppData\Local\temp
2011-10-22 20:04 . 2011-10-22 20:03 236544 ----a-w- c:\users\aki42\AppData\Roaming\Microsoft\Windows\Templates\system32.exe
2011-10-17 02:44 . 2011-10-17 02:49 -------- d-----w- c:\programdata\BlueStacks
2011-10-09 05:55 . 2011-10-09 05:55 -------- d-----w- c:\program files (x86)\Safari
2011-10-09 05:53 . 2011-10-09 05:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-06 22:26 . 2010-07-01 02:00 98528 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys
2011-10-06 22:26 . 2010-07-01 02:00 98528 ----a-w- c:\windows\system32\drivers\VCam_WDM01.sys
2011-10-06 22:26 . 2010-07-01 02:00 98528 ----a-w- c:\windows\system32\drivers\VCAM_WDM02.sys
2011-10-06 22:26 . 2010-07-01 01:59 98528 ----a-w- c:\windows\system32\drivers\VCAM_WDM03.sys
2011-10-06 22:26 . 2011-10-06 22:26 -------- d-----w- c:\users\aki42\AppData\Roaming\e2eSoft
2011-10-06 22:25 . 2011-10-06 22:25 -------- d-----w- c:\program files (x86)\e2eSoft
2011-09-27 03:36 . 2011-09-27 03:36 -------- d-----w- c:\program files (x86)\Veetle
2011-09-24 02:00 . 2011-09-24 02:00 -------- d-----w- c:\users\aki42\AppData\Roaming\runic games
2011-09-24 01:58 . 2011-09-24 01:58 -------- d-----w- c:\program files (x86)\Torchlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 18:57 . 2011-09-03 18:57 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-03 18:57 . 2011-09-03 18:57 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-09-03 18:57 . 2011-09-03 18:57 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-03 18:57 . 2011-09-03 18:57 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-31 21:00 . 2010-12-27 04:35 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 01:22 . 2011-03-21 07:17 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-07-26 07:01 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-23_17.55.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:46 . 2011-10-23 17:58 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-10-30 06:07 . 2011-10-23 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-30 06:07 . 2011-09-09 10:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-30 06:07 . 2011-09-09 10:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-30 06:07 . 2011-10-23 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-23 17:54 . 2011-10-23 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-23 22:38 . 2011-10-23 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-23 22:38 . 2011-10-23 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-23 17:54 . 2011-10-23 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-10-23 15:02 659580 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-23 17:58 659580 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-23 17:58 120508 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-23 15:02 120508 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2011-08-15 00:47 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-10-23 17:57 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"cdloader"="c:\users\aki42\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Slawdog Smart Shutdown"="c:\program files (x86)\Slawdog\Smart Shutdown\Smart Shutdown.exe" [2005-09-09 446464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\Winamp\winampa.exe" [2008-04-01 36352]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-09-09 30192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-09 30192]
R3 PStrip64;PStrip64;c:\windows\system32\DRIVERS\PSTRIP64.SYS [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [x]
S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [x]
S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [x]
S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"combofix"="c:\combofix\CF2020.3XE" [2009-07-14 344576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://movies.netflix.com/WiHome
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm
Trusted Zone: swagbucks.com\www
FF - ProfilePath - c:\users\aki42\AppData\Roaming\Mozilla\Firefox\Profiles\485hnvyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2667978&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla FirefoxINSTALL2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Whitehart: {d650973c-0444-4ac7-9d00-19e3613c83b9} - %profile%\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: CrystalFox Qute: CrystalFox_Qute@BigRedBrent - %profile%\extensions\CrystalFox_Qute@BigRedBrent
FF - Ext: Stratini: {748c4950-24f2-11de-8c30-0800200c9a66} - %profile%\extensions\{748c4950-24f2-11de-8c30-0800200c9a66}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Hide Caption Titlebar Plus: hidecaptionplus-dp@dummy.addons.mozilla.org - %profile%\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: Chromifox Extreme Carbon: cfxec@Triton - %profile%\extensions\cfxec@Triton
FF - Ext: Strata RELOADED: stratareloaded@addons.mozilla.org - %profile%\extensions\stratareloaded@addons.mozilla.org
FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - %profile%\extensions\FoxdieGraphite@tanjihay.com
FF - Ext: YouTube Auto Replay: YouTubeAutoReplay@arikv.com - %profile%\extensions\YouTubeAutoReplay@arikv.com
FF - Ext: Foxdie: Foxdie@tanjihay.com - %profile%\extensions\Foxdie@tanjihay.com
FF - Ext: Bloomind FT Graphite: {8225d6f0-dfca-11df-85ca-0800200c9a66} - %profile%\extensions\{8225d6f0-dfca-11df-85ca-0800200c9a66}
FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Ext: Purity: {ea848344-1e6a-43e9-9cf8-301358888a43} - %profile%\extensions\{ea848344-1e6a-43e9-9cf8-301358888a43}
FF - Ext: Strata40: Strata40@SpewBoy.au - %profile%\extensions\Strata40@SpewBoy.au
FF - Ext: Oxygen KDE: {C1F83B1E-D6EE-11DE-B441-1AD556D89593} - %profile%\extensions\{C1F83B1E-D6EE-11DE-B441-1AD556D89593}
FF - Ext: Kempelton: kempelton-fx@arvidaxelsson.se - %profile%\extensions\kempelton-fx@arvidaxelsson.se
FF - Ext: Camifox: camifox@altmusictv.com - %profile%\extensions\camifox@altmusictv.com
FF - Ext: Stratini Super: {8479ade0-2eec-11de-8c30-0800200c9a66} - %profile%\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1031432549-3350438524-973840302-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{582EF2D9-BB5E-7249-2525-0C743E850C4F}*]
"haaopapjcllicigb"=hex:6a,61,63,65,6f,6d,70,6e,6e,67,64,65,6a,70,61,65,6d,62,
6b,64,00,01
"iagpbccjhplgfcacfc"=hex:6a,61,66,65,63,6e,6f,68,67,64,6d,64,62,6e,69,6f,66,6e,
66,65,00,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-23 18:44:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 22:44
ComboFix2.txt 2011-10-23 18:01
.
Pre-Run: 59,996,889,088 bytes free
Post-Run: 59,534,733,312 bytes free
.
- - End Of File - - 1F2A27EBFCFB67C23373110334E36697










2.) MBAM log



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8005

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/23/2011 7:20:33 PM
mbam-log-2011-10-23 (19-20-33).txt

Scan type: Quick scan
Objects scanned: 196505
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




3.) Eset log


C:\Program Files (x86)\Stardock\ObjectDockPlus2\Keygen.exe a variant of Win32/HackTool.Patcher.J application cleaned by deleting - quarantined
C:\Program Files (x86)\Steam\steamapps\aki42\team fortress 2\config\html\f_000829 JS/Exploit.Agent.NCQ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\aki42\AppData\Roaming\server.exe.vir a variant of MSIL/PSW.Agent.NCC trojan cleaned by deleting - quarantined
C:\Users\aki42\AppData\Roaming\Microsoft\Windows\Templates\system32.exe a variant of MSIL/PSW.Agent.NCC trojan cleaned by deleting - quarantined
C:\Users\aki42\Downloads\Avast!.Internet.Security. 5.0.594+Crack.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
C:\Users\aki42\Downloads\cnet_CamStudio_Setup_v2_6b_r294_(build_24Oct2010)_exe(2).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\aki42\Downloads\cnet_CamStudio_Setup_v2_6b_r294_(build_24Oct2010)_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\aki42\Downloads\cnet_VCam_v5_1_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\aki42\Downloads\FLS.9.0_Crack.part1.rar Win32/OpenCandy application deleted - quarantined
C:\Users\aki42\Downloads\JDownloaderINTSetup_3.zip Win32/OpenCandy application deleted - quarantined
C:\Users\aki42\Downloads\Object_Dock.rar a variant of Win32/HackTool.Patcher.J application deleted - quarantined
C:\Users\aki42\Downloads\ODver20.rar a variant of Win32/HackTool.Patcher.J application deleted - quarantined
C:\Users\aki42\Downloads\SoftonicDownloader_for_swarmplayer.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\aki42\Downloads\Swagger+1.2.rar multiple threats deleted - quarantined
C:\Users\aki42\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\Users\aki42\Downloads\Avast!.Internet.Security. 5.0.594+Crack\Avast!.Internet.Security. 5.0.594+Crack\avast! Pro AV + IS 5.0.594 Final + Crack (Till 2020)\Crack\ashBase.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
C:\Users\aki42\Downloads\Object_Dock\Object_Dock\Object_Dock\Stardock.ObjectDock.Plus.v2.0.50727\Keygen.exe a variant of Win32/HackTool.Patcher.J application cleaned by deleting - quarantined
C:\Users\aki42\Downloads\ODver20\Stardock.ObjectDock.Plus.v2.0.50727\Keygen.exe a variant of Win32/HackTool.Patcher.J application cleaned by deleting - quarantined
C:\Users\aki42\Videos\DivX Movies\New folder\keygen.exe a variant of Win32/Keygen.AO application cleaned by deleting - quarantined
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application cleaned by deleting - quarantined
F:\Hard Drive C\Hard Drive C .afterfirstformat\Application Data\Sun\Java\Deployment\cache\6(2).0\3(2)\76911fc3-4475cde7 multiple threats deleted - quarantined
F:\Hard Drive C\Hard Drive C .afterfirstformat\Application Data\Sun\Java\Deployment\cache\6(2).0\63(2)\775493bf-4ff9a8e4 a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
F:\Hard Drive C\Hard Drive C .afterfirstformat\Desktop\Downloads\Rar\ProxyCap_3.15.PiXeL.DrEaM_BTVideo.rar Win32/HackTool.Patcher.A application deleted - quarantined
F:\Hard Drive C\Hard Drive C .afterfirstformat\Desktop\Downloads\Rar\VM_.v7.0.1.227600EMB.part1.rar a variant of Win32/Keygen.BN application deleted - quarantined
F:\Hard Drive C\Hard Drive C .afterfirstformat\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
F:\Hard Drive C\Hard Drive C .afterfirstformat\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application cleaned by deleting - quarantined
F:\Hard Drive C\Hard Drive C .afterfirstformat\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\aki422\Application Data\Sun\Java\Deployment\cache\6.0\61\25e72a3d-2318411a multiple threats deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\aki422\Local Settings\Temp\jar_cache5652970204497312010.tmp multiple threats deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TargetSaver.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeWinPop2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl6.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl7.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\disable-ie.bat BAT/KillFiles.NBI trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\Desktop\EPLite_v100_Final_D2v112\EasyLoad.exe a variant of Win32/HackTool.Inject.H application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\Desktop\Z Misc Installers\envisions_beyond.exe probably a variant of Win32/Agent.KULIAWJ trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\Desktop\Z Misc Installers\MediaInfo_GUI_0.7.24_Windows_i386.exe Win32/OpenCandy application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\Desktop\Z Misc Installers\VirtumundoBeGone.exe Win32/PrcView application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\Desktop\ZIP FOLDER\EPLite_v100_Final_D2v112(2).zip a variant of Win32/HackTool.Inject.H application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\Local Settings\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\My Documents\Stuff\Move\CRACK\keygen.exe a variant of Win32/Keygen.AO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\My Documents\Stuff\Move\Windows Keygens\Key Finder 1.5 Beta 3.exe a variant of Win32/PSWTool.RAS.A application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\My Documents\Stuff\Move\Windows Keygens\Key Finder.exe Win32/PSWTool.RAS.A application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\My Documents\Stuff\Move\Windows Keygens\Rock XP 2.0.exe Win32/PSWTool.RAS.A application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\My Documents\Stuff\Move\Windows Keygens\Windows 2003 & XP Anti Product Activation Crack 1.1.exe a variant of Win32/HackTool.Patcher.B application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\My Documents\Stuff\Move\Windows Keygens\Windows 2003 & XP Anti Product Activation Crack 1.6.2.zip Win32/HackTool.WpaKill.A application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Documents and Settings\Owner\My Documents\Stuff\Move\Windows Keygens\Windows 2003 & XP Anti Product Activation Crack 1.8 Beta 2.rar a variant of Win32/HackTool.Patcher.O application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Common Files\wiuq\wiuqd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Common Files\wiuq\wiuqd\wiuqc.dll probably a variant of Win32/Agent.ELFKWHS trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Diablo II\EPLite_v100_Final_D2v112.zip a variant of Win32/HackTool.Inject.H application deleted - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Diablo II\EPLite_v100_Final_D2v112\EasyLoad.exe a variant of Win32/HackTool.Inject.H application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Diablo II--\Plugin\zoid.dll probably a variant of Win32/Adware.Virtumonde.KUYSYXT application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Messenger\mevenag22011.exe Win32/Adware.Agent.NCD application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\s?mbols\nslookup.exe probably a variant of Win32/Adware.PurityScan application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\Program Files\Winamp\Plugins\JammiX\IZotope_Ozone_DX_VST_RTAS_v3.08-H2O.zip probably a variant of Win32/Agent.IOCKSGQ trojan deleted - quarantined
F:\Hard Drive C\HP_PAVILION\VundoFix Backups\juvejuwi.dll.bad a variant of Win32/Adware.Virtumonde.NDN application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\VundoFix Backups\komemote.dll.bad a variant of Win32/Adware.Virtumonde.NDI application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\LOOK\asappsrv.txt Win32/Adware.CommAd application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\ghhkj.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\jjllm.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\klkkj.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\mmllm.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\mmllm.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\nowuvudu.dll.tmp a variant of Win32/Adware.Virtumonde.NDI application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\pifosapu.dll.tmp Win32/Adware.Virtumonde application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\pufegogu.dll.tmp Win32/Adware.Virtumonde application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\siliyajo.dll a variant of Win32/Adware.Virtumonde.NDM application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\sodayitu.dll a variant of Win32/Adware.Virtumonde.NDM application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\sodetuje.dll.tmp a variant of Win32/Adware.Virtumonde.NDI application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\soyuhuho.dll.tmp Win32/Adware.Virtumonde application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\vyadd.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\vyadd.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\wetovuve.dll.tmp Win32/Adware.Virtumonde application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\yikotoya.dll.tmp Win32/Adware.Virtumonde application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\zobedagu.dll.tmp a variant of Win32/Adware.Virtumonde.NDM application cleaned by deleting - quarantined
F:\Hard Drive C\HP_PAVILION\WINDOWS\system32\zoyekawo.dll.tmp Win32/Adware.Virtumonde application cleaned by deleting - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Back Up1\Rar Files\Grabber Final.rar probably a variant of Win32/Agent.EANDHTW trojan deleted - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Back Up1\Rar Files\Scripts.rar multiple threats deleted - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Back Up1\Rar Files\xplorerPro1.8.0.7.rar probably a variant of Win32/Agent.CDYMBXC trojan deleted - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Downloads\Back Up1\Installers\SMART_Alarm_Clock.exe Win32/Adware.SearchIt application cleaned by deleting - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Downloads\Back Up1\Rar Files\Grabber Final.rar probably a variant of Win32/Agent.EANDHTW trojan deleted - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Downloads\Back Up1\Rar Files\Scripts.rar multiple threats deleted - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Downloads\Back Up1\Rar Files\xplorerPro1.8.0.7.rar probably a variant of Win32/Agent.CDYMBXC trojan deleted - quarantined
F:\Hard Drive K\Hard drive\The documents\BackUp.and.Downloads\Downloads\Grabber Final\sLoader.exe probably a variant of Win32/Agent.EANDHTW trojan cleaned by deleting - quarantined




4.) How is your machine running now?

I feel a bit more safer now that even more scans have been done. Many of the things it did find is actually from an old virus I got before which I got help with fixing at this very forum. Which I obviously came back to just because how awesome and helpful you guys are. So once again thank you very much.

Edited by clack12, 24 October 2011 - 11:34 AM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 24 October 2011 - 06:37 PM

Hello,

Go ahead and run TDSSKILLER again and choose Quarantine.


1.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



2.
Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.



Things to include in your next reply::
TDSSKILLER log
Kaspersky log
How is your machine running now?

Edited by fireman4it, 24 October 2011 - 06:38 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 26 October 2011 - 10:19 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 clack12

clack12
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:11:12 PM

Posted 26 October 2011 - 01:28 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


Still very much here, I did the first step of your previous response. I have not been able to do a proper response due to battling a very serious illness. I don't mean to waste your time at all and really do appropriate all the help. Could you please not close or lock the topic? I understand the steps, just very ill and would very much would like more time to be able to do them. Thank you for your understanding fireman.


Things to include in your next reply::
TDSSKILLER log

I can tell you I did run TDSSKILLER once more just as the steps said and I did move the result to Quarantine but I have no memory as to where I saved the log at all. What should I do?

Edited by clack12, 26 October 2011 - 01:31 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 26 October 2011 - 04:09 PM

Hello,

Go ahead and run Tdsskiller again And see if it reads all clean or all 0's

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 28 October 2011 - 11:37 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 clack12

clack12
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:11:12 PM

Posted 29 October 2011 - 03:43 PM

Hello,

Go ahead and run Tdsskiller again And see if it reads all clean or all 0's

Ok I ran it again it popped up the same one again. The same exact one as before.
Posted Image

16:30:45.0790 3904 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
16:30:47.0301 3904 ============================================================
16:30:47.0301 3904 Current date / time: 2011/10/29 16:30:47.0301
16:30:47.0301 3904 SystemInfo:
16:30:47.0301 3904
16:30:47.0301 3904 OS Version: 6.1.7600 ServicePack: 0.0
16:30:47.0301 3904 Product type: Workstation
16:30:47.0301 3904 ComputerName: AKI42-PC
16:30:47.0301 3904 UserName: aki42
16:30:47.0301 3904 Windows directory: C:\Windows
16:30:47.0301 3904 System windows directory: C:\Windows
16:30:47.0301 3904 Running under WOW64
16:30:47.0303 3904 Processor architecture: Intel x64
16:30:47.0303 3904 Number of processors: 2
16:30:47.0303 3904 Page size: 0x1000
16:30:47.0303 3904 Boot type: Normal boot
16:30:47.0303 3904 ============================================================
16:30:48.0721 3904 Initialize success
16:30:51.0379 3748 ============================================================
16:30:51.0379 3748 Scan started
16:30:51.0379 3748 Mode: Manual;
16:30:51.0379 3748 ============================================================
16:30:54.0015 3748 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:30:54.0020 3748 1394ohci - ok
16:30:54.0050 3748 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:30:54.0057 3748 ACPI - ok
16:30:54.0105 3748 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:30:54.0107 3748 AcpiPmi - ok
16:30:54.0228 3748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:30:54.0237 3748 adp94xx - ok
16:30:54.0278 3748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:30:54.0284 3748 adpahci - ok
16:30:54.0315 3748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:30:54.0319 3748 adpu320 - ok
16:30:54.0400 3748 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
16:30:54.0409 3748 AFD - ok
16:30:54.0432 3748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:30:54.0434 3748 agp440 - ok
16:30:54.0469 3748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:30:54.0470 3748 aliide - ok
16:30:54.0482 3748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:30:54.0483 3748 amdide - ok
16:30:54.0519 3748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:30:54.0522 3748 AmdK8 - ok
16:30:54.0570 3748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:30:54.0572 3748 AmdPPM - ok
16:30:54.0597 3748 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:30:54.0599 3748 amdsata - ok
16:30:54.0639 3748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:30:54.0643 3748 amdsbs - ok
16:30:54.0675 3748 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:30:54.0678 3748 amdxata - ok
16:30:54.0743 3748 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:30:54.0744 3748 AppID - ok
16:30:54.0839 3748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:30:54.0842 3748 arc - ok
16:30:54.0879 3748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:30:54.0882 3748 arcsas - ok
16:30:54.0950 3748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:30:54.0952 3748 AsyncMac - ok
16:30:54.0973 3748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:30:54.0973 3748 atapi - ok
16:30:55.0098 3748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:30:55.0133 3748 b06bdrv - ok
16:30:55.0233 3748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:30:55.0238 3748 b57nd60a - ok
16:30:55.0292 3748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:30:55.0293 3748 Beep - ok
16:30:55.0369 3748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:30:55.0372 3748 blbdrive - ok
16:30:55.0434 3748 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
16:30:55.0437 3748 bowser - ok
16:30:55.0467 3748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:30:55.0468 3748 BrFiltLo - ok
16:30:55.0524 3748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:30:55.0527 3748 BrFiltUp - ok
16:30:55.0565 3748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:30:55.0572 3748 Brserid - ok
16:30:55.0594 3748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:30:55.0595 3748 BrSerWdm - ok
16:30:55.0608 3748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:30:55.0610 3748 BrUsbMdm - ok
16:30:55.0644 3748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:30:55.0645 3748 BrUsbSer - ok
16:30:55.0713 3748 BstHdDrv - ok
16:30:55.0788 3748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:30:55.0790 3748 BTHMODEM - ok
16:30:55.0823 3748 catchme - ok
16:30:55.0867 3748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:30:55.0869 3748 cdfs - ok
16:30:55.0963 3748 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:30:55.0967 3748 cdrom - ok
16:30:56.0033 3748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:30:56.0035 3748 circlass - ok
16:30:56.0080 3748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:30:56.0088 3748 CLFS - ok
16:30:56.0183 3748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:30:56.0184 3748 CmBatt - ok
16:30:56.0222 3748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:30:56.0223 3748 cmdide - ok
16:30:56.0329 3748 cmuda3 (8f4be02699ed644e89c7818d965b30a3) C:\Windows\system32\drivers\cmudax3.sys
16:30:56.0355 3748 cmuda3 - ok
16:30:56.0385 3748 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:30:56.0393 3748 CNG - ok
16:30:56.0413 3748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:30:56.0414 3748 Compbatt - ok
16:30:56.0458 3748 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:30:56.0459 3748 CompositeBus - ok
16:30:56.0510 3748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:30:56.0513 3748 crcdisk - ok
16:30:56.0577 3748 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
16:30:56.0579 3748 DfsC - ok
16:30:56.0603 3748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:30:56.0605 3748 discache - ok
16:30:56.0687 3748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:30:56.0688 3748 Disk - ok
16:30:56.0767 3748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:30:56.0768 3748 drmkaud - ok
16:30:56.0829 3748 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
16:30:56.0854 3748 DXGKrnl - ok
16:30:56.0903 3748 E100B (a6db3a7828b456a574243066e2e77d8c) C:\Windows\system32\DRIVERS\efe5b32e.sys
16:30:56.0907 3748 E100B - ok
16:30:56.0990 3748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:30:57.0059 3748 ebdrv - ok
16:30:57.0150 3748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:30:57.0177 3748 elxstor - ok
16:30:57.0198 3748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:30:57.0199 3748 ErrDev - ok
16:30:57.0267 3748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:30:57.0269 3748 exfat - ok
16:30:57.0310 3748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:30:57.0314 3748 fastfat - ok
16:30:57.0360 3748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:30:57.0362 3748 fdc - ok
16:30:57.0452 3748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:30:57.0454 3748 FileInfo - ok
16:30:57.0505 3748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:30:57.0507 3748 Filetrace - ok
16:30:57.0550 3748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:30:57.0553 3748 flpydisk - ok
16:30:57.0632 3748 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:30:57.0638 3748 FltMgr - ok
16:30:57.0685 3748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:30:57.0687 3748 FsDepends - ok
16:30:57.0732 3748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:30:57.0733 3748 Fs_Rec - ok
16:30:57.0832 3748 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:30:57.0835 3748 fvevol - ok
16:30:57.0910 3748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:30:57.0912 3748 gagp30kx - ok
16:30:58.0032 3748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:30:58.0034 3748 GEARAspiWDM - ok
16:30:58.0159 3748 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:30:58.0160 3748 hamachi - ok
16:30:58.0220 3748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:30:58.0222 3748 hcw85cir - ok
16:30:58.0282 3748 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:30:58.0288 3748 HdAudAddService - ok
16:30:58.0368 3748 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:30:58.0372 3748 HDAudBus - ok
16:30:58.0417 3748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:30:58.0418 3748 HidBatt - ok
16:30:58.0468 3748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:30:58.0470 3748 HidBth - ok
16:30:58.0534 3748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:30:58.0535 3748 HidIr - ok
16:30:58.0639 3748 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:30:58.0642 3748 HidUsb - ok
16:30:58.0738 3748 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:30:58.0740 3748 HpSAMD - ok
16:30:58.0829 3748 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:30:58.0842 3748 HTTP - ok
16:30:58.0980 3748 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:30:58.0999 3748 hwpolicy - ok
16:30:59.0070 3748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:30:59.0074 3748 i8042prt - ok
16:30:59.0110 3748 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:30:59.0118 3748 iaStorV - ok
16:30:59.0169 3748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:30:59.0172 3748 iirsp - ok
16:30:59.0197 3748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:30:59.0198 3748 intelide - ok
16:30:59.0242 3748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:30:59.0243 3748 intelppm - ok
16:30:59.0293 3748 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:30:59.0295 3748 IpFilterDriver - ok
16:30:59.0324 3748 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:30:59.0327 3748 IPMIDRV - ok
16:30:59.0378 3748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:30:59.0382 3748 IPNAT - ok
16:30:59.0457 3748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:30:59.0458 3748 IRENUM - ok
16:30:59.0544 3748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:30:59.0545 3748 isapnp - ok
16:30:59.0574 3748 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:30:59.0578 3748 iScsiPrt - ok
16:30:59.0624 3748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:30:59.0627 3748 kbdclass - ok
16:30:59.0699 3748 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:30:59.0700 3748 kbdhid - ok
16:30:59.0769 3748 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:30:59.0772 3748 KSecDD - ok
16:30:59.0823 3748 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:30:59.0827 3748 KSecPkg - ok
16:30:59.0872 3748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:30:59.0873 3748 ksthunk - ok
16:31:00.0005 3748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:31:00.0007 3748 lltdio - ok
16:31:00.0108 3748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:31:00.0110 3748 LSI_FC - ok
16:31:00.0182 3748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:31:00.0184 3748 LSI_SAS - ok
16:31:00.0238 3748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:31:00.0239 3748 LSI_SAS2 - ok
16:31:00.0322 3748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:31:00.0325 3748 LSI_SCSI - ok
16:31:00.0394 3748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:31:00.0397 3748 luafv - ok
16:31:00.0445 3748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:31:00.0447 3748 megasas - ok
16:31:00.0500 3748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:31:00.0505 3748 MegaSR - ok
16:31:00.0563 3748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:31:00.0565 3748 Modem - ok
16:31:00.0643 3748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:31:00.0644 3748 monitor - ok
16:31:00.0720 3748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:31:00.0723 3748 mouclass - ok
16:31:00.0792 3748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:31:00.0794 3748 mouhid - ok
16:31:00.0837 3748 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:31:00.0839 3748 mountmgr - ok
16:31:00.0890 3748 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:31:00.0894 3748 mpio - ok
16:31:00.0943 3748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:31:00.0945 3748 mpsdrv - ok
16:31:00.0999 3748 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:31:01.0003 3748 MRxDAV - ok
16:31:01.0059 3748 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:31:01.0063 3748 mrxsmb - ok
16:31:01.0107 3748 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:31:01.0112 3748 mrxsmb10 - ok
16:31:01.0168 3748 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:31:01.0170 3748 mrxsmb20 - ok
16:31:01.0219 3748 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:31:01.0220 3748 msahci - ok
16:31:01.0270 3748 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:31:01.0274 3748 msdsm - ok
16:31:01.0338 3748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:31:01.0340 3748 Msfs - ok
16:31:01.0400 3748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:31:01.0402 3748 mshidkmdf - ok
16:31:01.0448 3748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:31:01.0449 3748 msisadrv - ok
16:31:01.0552 3748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:31:01.0553 3748 MSKSSRV - ok
16:31:01.0607 3748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:31:01.0608 3748 MSPCLOCK - ok
16:31:01.0647 3748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:31:01.0648 3748 MSPQM - ok
16:31:01.0685 3748 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:31:01.0692 3748 MsRPC - ok
16:31:01.0742 3748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:31:01.0744 3748 mssmbios - ok
16:31:01.0782 3748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:31:01.0783 3748 MSTEE - ok
16:31:01.0810 3748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:31:01.0813 3748 MTConfig - ok
16:31:01.0873 3748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:31:01.0875 3748 Mup - ok
16:31:01.0960 3748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:31:01.0967 3748 NativeWifiP - ok
16:31:02.0012 3748 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:31:02.0047 3748 NDIS - ok
16:31:02.0069 3748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:31:02.0072 3748 NdisCap - ok
16:31:02.0120 3748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:31:02.0122 3748 NdisTapi - ok
16:31:02.0150 3748 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:31:02.0152 3748 Ndisuio - ok
16:31:02.0204 3748 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:31:02.0208 3748 NdisWan - ok
16:31:02.0267 3748 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:31:02.0269 3748 NDProxy - ok
16:31:02.0315 3748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:31:02.0317 3748 NetBIOS - ok
16:31:02.0365 3748 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:31:02.0370 3748 NetBT - ok
16:31:02.0455 3748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:31:02.0457 3748 nfrd960 - ok
16:31:02.0479 3748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:31:02.0480 3748 Npfs - ok
16:31:02.0529 3748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:31:02.0530 3748 nsiproxy - ok
16:31:02.0588 3748 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:31:02.0657 3748 Ntfs - ok
16:31:02.0702 3748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:31:02.0703 3748 Null - ok
16:31:03.0027 3748 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:31:03.0269 3748 nvlddmkm - ok
16:31:03.0362 3748 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:31:03.0364 3748 nvraid - ok
16:31:03.0414 3748 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:31:03.0418 3748 nvstor - ok
16:31:03.0505 3748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:31:03.0509 3748 nv_agp - ok
16:31:03.0553 3748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:31:03.0555 3748 ohci1394 - ok
16:31:03.0602 3748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:31:03.0605 3748 Parport - ok
16:31:03.0630 3748 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:31:03.0633 3748 partmgr - ok
16:31:03.0658 3748 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:31:03.0662 3748 pci - ok
16:31:03.0685 3748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:31:03.0687 3748 pciide - ok
16:31:03.0714 3748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:31:03.0719 3748 pcmcia - ok
16:31:03.0773 3748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:31:03.0774 3748 pcw - ok
16:31:03.0808 3748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:31:03.0835 3748 PEAUTH - ok
16:31:03.0947 3748 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:31:03.0949 3748 PptpMiniport - ok
16:31:03.0970 3748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:31:03.0973 3748 Processor - ok
16:31:04.0055 3748 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:31:04.0058 3748 Psched - ok
16:31:04.0140 3748 PStrip64 (23eed24b0a780863df35b500c4ea0733) C:\Windows\system32\DRIVERS\PSTRIP64.SYS
16:31:04.0143 3748 PStrip64 - ok
16:31:04.0203 3748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:31:04.0238 3748 ql2300 - ok
16:31:04.0270 3748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:31:04.0274 3748 ql40xx - ok
16:31:04.0324 3748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:31:04.0325 3748 QWAVEdrv - ok
16:31:04.0370 3748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:31:04.0373 3748 RasAcd - ok
16:31:04.0452 3748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:31:04.0454 3748 RasAgileVpn - ok
16:31:04.0514 3748 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:31:04.0517 3748 Rasl2tp - ok
16:31:04.0559 3748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:31:04.0560 3748 RasPppoe - ok
16:31:04.0639 3748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:31:04.0642 3748 RasSstp - ok
16:31:04.0670 3748 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:31:04.0677 3748 rdbss - ok
16:31:04.0724 3748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:31:04.0727 3748 rdpbus - ok
16:31:04.0803 3748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:31:04.0804 3748 RDPCDD - ok
16:31:04.0892 3748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:31:04.0893 3748 RDPENCDD - ok
16:31:04.0979 3748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:31:04.0980 3748 RDPREFMP - ok
16:31:05.0008 3748 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:31:05.0012 3748 RDPWD - ok
16:31:05.0040 3748 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:31:05.0044 3748 rdyboost - ok
16:31:05.0115 3748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:31:05.0118 3748 rspndr - ok
16:31:05.0234 3748 SbieDrv (e6c0ea194b4a98f6645502a52359e0ac) C:\Program Files\Sandboxie\SbieDrv.sys
16:31:05.0238 3748 SbieDrv - ok
16:31:05.0323 3748 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:31:05.0325 3748 sbp2port - ok
16:31:05.0375 3748 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:31:05.0377 3748 scfilter - ok
16:31:05.0466 3748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:31:05.0467 3748 secdrv - ok
16:31:05.0528 3748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:31:05.0529 3748 Serenum - ok
16:31:05.0598 3748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:31:05.0601 3748 Serial - ok
16:31:05.0651 3748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:31:05.0652 3748 sermouse - ok
16:31:05.0734 3748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:31:05.0736 3748 sffdisk - ok
16:31:05.0786 3748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:31:05.0788 3748 sffp_mmc - ok
16:31:05.0834 3748 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:31:05.0836 3748 sffp_sd - ok
16:31:05.0883 3748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:31:05.0884 3748 sfloppy - ok
16:31:05.0967 3748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:31:05.0969 3748 SiSRaid2 - ok
16:31:06.0018 3748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:31:06.0021 3748 SiSRaid4 - ok
16:31:06.0112 3748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:31:06.0114 3748 Smb - ok
16:31:06.0477 3748 SNP2STD (87e3e14f4a0d7c52ba3c0317320cd954) C:\Windows\system32\DRIVERS\snp2sxp.sys
16:31:06.0728 3748 SNP2STD - ok
16:31:06.0783 3748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:31:06.0784 3748 spldr - ok
16:31:06.0913 3748 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
16:31:06.0914 3748 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
16:31:06.0932 3748 sptd ( LockedFile.Multi.Generic ) - warning
16:31:06.0932 3748 sptd - detected LockedFile.Multi.Generic (1)
16:31:06.0987 3748 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
16:31:07.0021 3748 srv - ok
16:31:07.0068 3748 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
16:31:07.0074 3748 srv2 - ok
16:31:07.0109 3748 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
16:31:07.0113 3748 srvnet - ok
16:31:07.0224 3748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:31:07.0226 3748 stexstor - ok
16:31:07.0292 3748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:31:07.0294 3748 swenum - ok
16:31:07.0386 3748 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
16:31:07.0388 3748 taphss - ok
16:31:07.0486 3748 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
16:31:07.0529 3748 Tcpip - ok
16:31:07.0602 3748 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
16:31:07.0614 3748 TCPIP6 - ok
16:31:07.0681 3748 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:31:07.0683 3748 tcpipreg - ok
16:31:07.0762 3748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:31:07.0763 3748 TDPIPE - ok
16:31:07.0826 3748 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:31:07.0827 3748 TDTCP - ok
16:31:07.0922 3748 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:31:07.0924 3748 tdx - ok
16:31:07.0952 3748 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:31:07.0954 3748 TermDD - ok
16:31:08.0026 3748 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:31:08.0028 3748 tssecsrv - ok
16:31:08.0087 3748 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:31:08.0089 3748 tunnel - ok
16:31:08.0157 3748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:31:08.0159 3748 uagp35 - ok
16:31:08.0207 3748 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:31:08.0212 3748 udfs - ok
16:31:08.0249 3748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:31:08.0251 3748 uliagpkx - ok
16:31:08.0303 3748 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:31:08.0304 3748 umbus - ok
16:31:08.0354 3748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:31:08.0356 3748 UmPass - ok
16:31:08.0428 3748 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:31:08.0431 3748 usbaudio - ok
16:31:08.0463 3748 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:31:08.0467 3748 usbccgp - ok
16:31:08.0524 3748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:31:08.0527 3748 usbcir - ok
16:31:08.0544 3748 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:31:08.0546 3748 usbehci - ok
16:31:08.0616 3748 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:31:08.0621 3748 usbhub - ok
16:31:08.0666 3748 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:31:08.0668 3748 usbohci - ok
16:31:08.0718 3748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:31:08.0719 3748 usbprint - ok
16:31:08.0784 3748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:31:08.0787 3748 usbscan - ok
16:31:08.0834 3748 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:31:08.0836 3748 USBSTOR - ok
16:31:08.0862 3748 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:31:08.0863 3748 usbuhci - ok
16:31:08.0947 3748 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
16:31:08.0951 3748 usbvideo - ok
16:31:09.0038 3748 VBoxDrv (0d0fb2ee4333aa6808592a2ab0ebdd0f) C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:31:09.0043 3748 VBoxDrv - ok
16:31:09.0082 3748 VBoxNetAdp (626f0a31303b999ea4999138ac63c3e9) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
16:31:09.0084 3748 VBoxNetAdp - ok
16:31:09.0132 3748 VBoxNetFlt (44023cd9a22b91e0704b41fc2fdeef77) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
16:31:09.0136 3748 VBoxNetFlt - ok
16:31:09.0233 3748 VBoxUSBMon (d31ef2f40e092501f2752a5ba766f193) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:31:09.0234 3748 VBoxUSBMon - ok
16:31:09.0318 3748 VCam_WDM (43d9865927afecdd291343dddcf72be2) C:\Windows\system32\DRIVERS\VCam_WDM.sys
16:31:09.0321 3748 VCam_WDM - ok
16:31:09.0352 3748 VCam_WDM01 (84d4b02881dd258abc1f923c99a97ac9) C:\Windows\system32\DRIVERS\VCam_WDM01.sys
16:31:09.0356 3748 VCam_WDM01 - ok
16:31:09.0383 3748 VCAM_WDM02 (5c2708b9f2ca3129146ea48b541e06ba) C:\Windows\system32\DRIVERS\VCAM_WDM02.sys
16:31:09.0386 3748 VCAM_WDM02 - ok
16:31:09.0446 3748 VCAM_WDM03 (b266f3a827e19306862b3e25fbbdd6f1) C:\Windows\system32\DRIVERS\VCAM_WDM03.sys
16:31:09.0448 3748 VCAM_WDM03 - ok
16:31:09.0528 3748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:31:09.0529 3748 vdrvroot - ok
16:31:09.0584 3748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:31:09.0587 3748 vga - ok
16:31:09.0609 3748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:31:09.0611 3748 VgaSave - ok
16:31:09.0637 3748 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:31:09.0641 3748 vhdmp - ok
16:31:09.0682 3748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:31:09.0684 3748 viaide - ok
16:31:09.0737 3748 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:31:09.0739 3748 volmgr - ok
16:31:09.0778 3748 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:31:09.0784 3748 volmgrx - ok
16:31:09.0834 3748 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:31:09.0841 3748 volsnap - ok
16:31:09.0909 3748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:31:09.0913 3748 vsmraid - ok
16:31:09.0956 3748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:31:09.0958 3748 vwifibus - ok
16:31:09.0991 3748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:31:09.0992 3748 WacomPen - ok
16:31:10.0042 3748 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:31:10.0044 3748 WANARP - ok
16:31:10.0072 3748 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:31:10.0073 3748 Wanarpv6 - ok
16:31:10.0111 3748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:31:10.0113 3748 Wd - ok
16:31:10.0174 3748 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:31:10.0176 3748 WDC_SAM - ok
16:31:10.0241 3748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:31:10.0257 3748 Wdf01000 - ok
16:31:10.0334 3748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:31:10.0336 3748 WfpLwf - ok
16:31:10.0379 3748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:31:10.0382 3748 WIMMount - ok
16:31:10.0513 3748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:31:10.0514 3748 WmiAcpi - ok
16:31:10.0567 3748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:31:10.0569 3748 ws2ifsl - ok
16:31:10.0624 3748 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:31:10.0627 3748 WudfPf - ok
16:31:10.0667 3748 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:31:10.0672 3748 WUDFRd - ok
16:31:10.0746 3748 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
16:31:10.0748 3748 xusb21 - ok
16:31:10.0811 3748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:31:10.0817 3748 \Device\Harddisk0\DR0 - ok
16:31:10.0823 3748 MBR (0x1B8) (da5d756577cf64a1cd3fd470b8172937) \Device\Harddisk1\DR1
16:31:11.0021 3748 \Device\Harddisk1\DR1 - ok
16:31:11.0027 3748 Boot (0x1200) (4b5723e7545c4c4aa319c1115c154fb0) \Device\Harddisk0\DR0\Partition0
16:31:11.0028 3748 \Device\Harddisk0\DR0\Partition0 - ok
16:31:11.0034 3748 Boot (0x1200) (f64565cf2219cfe55dc25ad956bcca37) \Device\Harddisk1\DR1\Partition0
16:31:11.0036 3748 \Device\Harddisk1\DR1\Partition0 - ok
16:31:11.0038 3748 ============================================================
16:31:11.0038 3748 Scan finished
16:31:11.0038 3748 ============================================================
16:31:11.0056 2848 Detected object count: 1
16:31:11.0056 2848 Actual detected object count: 1
16:35:28.0020 2848 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:35:28.0021 2848 sptd ( LockedFile.Multi.Generic ) - User select action: Skip



___________________________________________________________________________________________




2.
Click here to download Kaspersky Virus Removal Tool.

* Double click on the file you just downloaded and let it install.
* It will install to your desktop.
* After that leave what is selected and put a check next to My Computer.
* Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
* Then click on Start Scan.
* Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
* When the scan is done no log will be produced.
* Click on the bottom where it says Report to open the report.
* Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
* This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
* You can save this on the desktop.
* Post the contents of the document in your next reply.


See this step is a bit confusing to me. I just want to make sure I got everything right.
Posted Image
So I do Select action > Disinfect on this correct?


and on this one.
Posted Image
Which ones should I select? I should just add Computer. Then I can start the scan. Is that correct?

One last question are there any more options I have to change in order for it to run correctly? I know how to press a start scan button and post the logs that part is easy for me I have just never used this program before and want to make sure I did it right. I really don't mean to be a bother and thank you for taking the time.

Edited by clack12, 29 October 2011 - 04:07 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 30 October 2011 - 04:45 PM

Hello,


1.

Ok I ran it again it popped up the same one again. The same exact one as before.

Posted Image


Please select delete this time.



2.

One last question are there any more options I have to change in order for it to run correctly? I know how to press a start scan button and post the logs that part is easy for me I have just never used this program before and want to make sure I did it right. I really don't mean to be a bother and thank you for taking the time.


You have the directions correct in your previous reply. Run Kaspersky removal tool just as you have said. :thumbup2:

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 02 November 2011 - 07:10 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 clack12

clack12
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:11:12 PM

Posted 02 November 2011 - 11:09 PM

My has been problem solved thank you for much for the help.!

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:12 PM

Posted 03 November 2011 - 12:20 PM

Hello, clack12.
Congratulations! You now appear clean! :cool:



Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".





Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users