Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mozilla Redirect and Adware, Combofix the answer?


  • This topic is locked This topic is locked
24 replies to this topic

#1 nkropnik

nkropnik

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 24 October 2011 - 07:08 PM

Could someone please help with the Google redirect problem I am having? Symptoms are as follows...

Google.com on Firefox gets redirected to google.analytics. and other various websites. After a few minutes on Firefox browser freezes up and loses internet connection.

Avast Antivirus stops kwrd.dll from running. I have attempted full scans on Avast, MBAM, and Spyware Doctor but they all result in 0 infected files.

After trolling through forums it seems as if combofix.exe is a feasible solution to get rid of this virus/adware. I ran the .exe file followed the directions exactly. However, combofix rebooted my computer and I did not have enough time to get the contact information of my combofix specialist.

Attached is the combofix log file. What do I do from here?

Please help.

Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 28 October 2011 - 06:42 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 29 October 2011 - 11:59 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by HP p6310y at 12:50:02 on 2011-10-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4550 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Upromise\dca-ua.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files\Alwil Software\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\SUPERAntiSpyware\SASCore.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Upromise\UpromiseGlobalCache.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Upromise\dca-bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\aswWebRepIE.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe
uRun: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
mRun: [avast] "C:\Program Files\Alwil Software\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{12AD8FE6-0689-4953-910E-3D9FE628D764} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FBBBE36F-F340-4CE6-BE40-75613EBEE305} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
BHO-X64: ToolHelper - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\aswWebRepIE.dll
TB-X64: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
mRun-x64: [avast] "C:\Program Files\Alwil Software\avastUI.exe" /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HP p6310y\AppData\Roaming\Mozilla\Firefox\Profiles\krm3f8o5.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\HP p6310y\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\AvastSvc.exe [2011-9-28 44768]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-9-8 337872]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488]
R2 SASCORE;SAS Core Service;C:\Program Files (x86)\SUPERAntiSpyware\SASCore.exe [2010-2-2 120832]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-2 13384]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-2 77896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-2 4096]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-9-8 371472]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-9-8 1117144]
S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMP110v2;Linksys WMP110 RangePlus Wireless PCI Adapter Driver for Windows Vista;C:\Windows\system32\DRIVERS\WMP110v2.sys --> C:\Windows\system32\DRIVERS\WMP110v2.sys [?]
.
=============== Created Last 30 ================
.
2011-10-28 20:13:03 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{222415DF-FA0F-428C-B725-9A8A1EB0967A}\mpengine.dll
2011-10-24 22:54:31 -------- d-----w- C:\$RECYCLE.BIN
2011-10-23 16:28:32 -------- d-----w- C:\Users\HP p6310y\AppData\Roaming\upromise
2011-10-23 16:28:31 -------- d-----w- C:\Program Files (x86)\Upromise
2011-10-13 00:04:58 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-10-13 00:04:58 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-10-13 00:04:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-10-13 00:04:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-10-12 23:46:20 -------- d-----w- C:\Program Files\iPod
2011-10-12 23:46:19 -------- d-----w- C:\Program Files\iTunes
2011-10-12 23:46:19 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-12 23:25:04 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-12 23:24:56 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 23:24:56 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 23:24:56 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 23:24:56 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 23:24:50 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 23:24:50 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 23:24:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 23:24:49 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-09 12:02:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-09 12:01:53 -------- d-----w- C:\ProgramData\SASCORE
2011-10-09 12:01:50 -------- d-----w- C:\Users\HP p6310y\AppData\Roaming\SUPERAntiSpyware.com
2011-10-09 12:01:50 -------- d-----w- C:\Program Files (x86)\SUPERAntiSpyware
2011-10-09 12:00:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-10-02 11:19:30 -------- d-----w- C:\Users\HP p6310y\AppData\Roaming\PCTools
2011-10-02 02:04:05 14744 ----a-w- C:\Users\HP p6310y\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
.
==================== Find3M ====================
.
2011-09-28 19:56:29 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
.
============= FINISH: 12:50:55.02 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/13/2010 7:14:45 PM
System Uptime: 10/29/2011 12:47:42 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Athlon™ II X4 630 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 712.236 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.586 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Linksys WMP110 RangePlus Wireless PCI Adapter
Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_00741737&REV_00\4&F437630&0&5040
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys WMP110 RangePlus Wireless PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0701&SUBSYS_00741737&REV_00\4&F437630&0&5040
Service: WMP110v2
.
==== System Restore Points ===================
.
RP241: 10/24/2011 7:04:27 PM - ComboFix created restore point
RP242: 10/24/2011 7:15:31 PM - Windows Update
RP243: 10/26/2011 3:00:12 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Action Replay DSi Code Manager
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Setup
AIM 7
Apple Application Support
Apple Software Update
avast! Pro Antivirus
Boomerang Data Recovery Software 1.0.5
Browser Defender 3.0
CCleaner
CDBurnerXP
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
Facebook Plug-In
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
ooVoo
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype™ 4.2
Spyware Doctor
SUPERAntiSpyware Free Edition
The Sims™ 2 Deluxe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Upromise TurboSaver (remove only)
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
10/29/2011 12:48:29 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
10/29/2011 12:48:29 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/29/2011 12:48:23 PM, Error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: This driver has been blocked from loading
10/29/2011 12:48:23 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/29/2011 12:48:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
10/29/2011 12:48:15 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
10/29/2011 12:48:15 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/24/2011 7:20:00 PM, Error: NVNET [5008] - NVIDIA nForce 10/100 Mbps Ethernet : Has encountered an invalid network address.
10/24/2011 6:56:30 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.
10/24/2011 6:36:43 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/24/2011 6:35:58 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/24/2011 6:28:28 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
10/24/2011 6:26:38 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 6:26:28 PM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
10/24/2011 6:26:28 PM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
10/24/2011 6:26:28 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:26:28 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/24/2011 6:26:28 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/24/2011 6:16:03 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/24/2011 6:16:03 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/24/2011 6:05:20 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/24/2011 6:05:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/24/2011 6:05:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/24/2011 6:03:17 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/23/2011 8:32:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/23/2011 8:32:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/23/2011 8:32:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/23/2011 8:32:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/23/2011 8:32:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache PCTSD SASDIFSV SASKUTIL spldr sptd TfFsMon TfSysMon Wanarpv6
10/23/2011 8:32:21 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/23/2011 1:13:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
10/22/2011 4:36:01 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
.
==== End Of File ===========================


Rootkit unhooker generates error message. Please see .jpg attached.

Thank you for your help. Let me know how to proceed.....

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 29 October 2011 - 06:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 29 October 2011 - 07:42 PM

ComboFix 11-10-29.05 - HP p6310y 10/29/2011 20:28:20.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4464 [GMT -4:00]
Running from: c:\users\HP p6310y\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 00:34 . 2011-10-30 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-29 16:52 . 2011-10-29 17:06 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-10-28 20:13 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{222415DF-FA0F-428C-B725-9A8A1EB0967A}\mpengine.dll
2011-10-23 16:28 . 2011-10-23 16:28 -------- d-----w- c:\users\HP p6310y\AppData\Roaming\upromise
2011-10-23 16:28 . 2011-10-23 16:28 -------- d-----w- c:\program files (x86)\Upromise
2011-10-13 00:04 . 2011-09-01 05:24 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-10-13 00:04 . 2011-09-01 02:35 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-10-13 00:04 . 2011-09-01 05:19 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-10-13 00:04 . 2011-09-01 02:30 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-10-12 23:46 . 2011-10-12 23:46 -------- d-----w- c:\program files\iPod
2011-10-12 23:46 . 2011-10-12 23:46 -------- d-----w- c:\program files\iTunes
2011-10-12 23:46 . 2011-10-12 23:46 -------- d-----w- c:\program files (x86)\iTunes
2011-10-12 23:25 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 23:24 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 23:24 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 23:24 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 23:24 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 23:24 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 23:24 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 23:24 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 23:24 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-09 13:26 . 2011-10-10 23:59 -------- d-----w- c:\users\HP p6310y\AppData\Roaming\skypePM
2011-10-09 12:02 . 2011-10-09 12:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-09 12:01 . 2011-10-09 12:01 -------- d-----w- c:\programdata\SASCORE
2011-10-09 12:01 . 2011-10-23 12:33 -------- d-----w- c:\program files (x86)\SUPERAntiSpyware
2011-10-09 12:01 . 2011-10-09 12:01 -------- d-----w- c:\users\HP p6310y\AppData\Roaming\SUPERAntiSpyware.com
2011-10-09 12:00 . 2011-10-09 12:00 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-02 11:19 . 2011-10-02 11:19 -------- d-----w- c:\users\HP p6310y\AppData\Roaming\PCTools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 19:56 . 2011-05-12 23:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2011-09-28 23:26 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-09-28 23:26 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-01-29 00:50 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-28 23:27 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-09-28 23:27 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-09-28 23:27 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-09-28 23:27 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-09-28 23:26 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-09-28 23:27 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-31 21:00 . 2010-10-17 11:07 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-09 2008576]
"Upromise Update"="c:\program files (x86)\Upromise\dca-ua.exe" [2011-08-04 267584]
"Upromise Tray"="c:\program files (x86)\Upromise\UpromiseTray.exe" [2011-09-02 279896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-02 13384]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-02 77896]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BlackBox;BlackBox SR2; [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-02 4096]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMP110v2;Linksys WMP110 RangePlus Wireless PCI Adapter Driver for Windows Vista;c:\windows\system32\DRIVERS\WMP110v2.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
S2 SASCORE;SAS Core Service;c:\program files (x86)\SUPERAntiSpyware\SASCore.exe [2010-02-02 120832]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\HPCeeScheduleForHP p6310y.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 16334368]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HP p6310y\AppData\Roaming\Mozilla\Firefox\Profiles\krm3f8o5.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Completion time: 2011-10-29 20:40:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 00:40
ComboFix2.txt 2011-10-24 22:58
.
Pre-Run: 763,806,953,472 bytes free
Post-Run: 763,437,805,568 bytes free
.
- - End Of File - - 3210432B10E83071CBB2796C65C1C4E0

#6 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 29 October 2011 - 08:02 PM

Still experiencing the same google redirects.... wordslife, webarcade

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 29 October 2011 - 08:05 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 30 October 2011 - 07:10 AM

I did some more research. I must have had a DNS Changer Trojan. I should have mentioned earlier this was affecting all of the computers connected to my router. I reset to factory settings on my Netgear router and everything seems to be ok for now.

I will run the tdsskiller.

Do I need to do anything to uninstall the other programs we used?

I will keep you posted.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 30 October 2011 - 07:12 AM

Let me have the report and then we will start cleaning things up


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 30 October 2011 - 08:23 AM

Found 0 infections. Did not restart.....

08:12:23.0542 0728 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
08:12:23.0698 0728 ============================================================
08:12:23.0698 0728 Current date / time: 2011/10/30 08:12:23.0698
08:12:23.0698 0728 SystemInfo:
08:12:23.0698 0728
08:12:23.0698 0728 OS Version: 6.1.7601 ServicePack: 1.0
08:12:23.0698 0728 Product type: Workstation
08:12:23.0698 0728 ComputerName: HPP6310Y-PC
08:12:23.0698 0728 UserName: HP p6310y
08:12:23.0698 0728 Windows directory: C:\Windows
08:12:23.0698 0728 System windows directory: C:\Windows
08:12:23.0698 0728 Running under WOW64
08:12:23.0698 0728 Processor architecture: Intel x64
08:12:23.0698 0728 Number of processors: 4
08:12:23.0698 0728 Page size: 0x1000
08:12:23.0698 0728 Boot type: Normal boot
08:12:23.0698 0728 ============================================================
08:12:24.0946 0728 Initialize success
08:12:27.0848 4236 ============================================================
08:12:27.0848 4236 Scan started
08:12:27.0848 4236 Mode: Manual;
08:12:27.0848 4236 ============================================================
08:12:28.0596 4236 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:12:28.0596 4236 1394ohci - ok
08:12:28.0643 4236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:12:28.0643 4236 ACPI - ok
08:12:28.0690 4236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:12:28.0690 4236 AcpiPmi - ok
08:12:28.0737 4236 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:12:28.0737 4236 adp94xx - ok
08:12:28.0768 4236 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:12:28.0768 4236 adpahci - ok
08:12:28.0784 4236 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:12:28.0784 4236 adpu320 - ok
08:12:28.0862 4236 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:12:28.0862 4236 AFD - ok
08:12:28.0877 4236 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:12:28.0893 4236 agp440 - ok
08:12:28.0908 4236 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:12:28.0908 4236 aliide - ok
08:12:28.0924 4236 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:12:28.0924 4236 amdide - ok
08:12:28.0971 4236 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:12:28.0971 4236 AmdK8 - ok
08:12:29.0018 4236 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:12:29.0033 4236 AmdPPM - ok
08:12:29.0049 4236 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:12:29.0049 4236 amdsata - ok
08:12:29.0080 4236 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:12:29.0080 4236 amdsbs - ok
08:12:29.0111 4236 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:12:29.0111 4236 amdxata - ok
08:12:29.0158 4236 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:12:29.0158 4236 AppID - ok
08:12:29.0236 4236 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:12:29.0236 4236 arc - ok
08:12:29.0252 4236 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:12:29.0252 4236 arcsas - ok
08:12:29.0314 4236 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
08:12:29.0314 4236 aswFsBlk - ok
08:12:29.0376 4236 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
08:12:29.0376 4236 aswMonFlt - ok
08:12:29.0439 4236 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
08:12:29.0439 4236 aswRdr - ok
08:12:29.0501 4236 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
08:12:29.0501 4236 aswSnx - ok
08:12:29.0532 4236 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
08:12:29.0532 4236 aswSP - ok
08:12:29.0548 4236 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
08:12:29.0548 4236 aswTdi - ok
08:12:29.0564 4236 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:12:29.0564 4236 AsyncMac - ok
08:12:29.0626 4236 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:12:29.0626 4236 atapi - ok
08:12:29.0720 4236 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:12:29.0720 4236 b06bdrv - ok
08:12:29.0782 4236 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:12:29.0782 4236 b57nd60a - ok
08:12:29.0844 4236 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:12:29.0844 4236 Beep - ok
08:12:29.0907 4236 BlackBox - ok
08:12:29.0954 4236 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:12:29.0954 4236 blbdrive - ok
08:12:30.0016 4236 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:12:30.0016 4236 bowser - ok
08:12:30.0078 4236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:12:30.0078 4236 BrFiltLo - ok
08:12:30.0110 4236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:12:30.0110 4236 BrFiltUp - ok
08:12:30.0188 4236 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:12:30.0188 4236 Brserid - ok
08:12:30.0219 4236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:12:30.0219 4236 BrSerWdm - ok
08:12:30.0234 4236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:12:30.0234 4236 BrUsbMdm - ok
08:12:30.0266 4236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:12:30.0266 4236 BrUsbSer - ok
08:12:30.0281 4236 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:12:30.0281 4236 BTHMODEM - ok
08:12:30.0344 4236 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
08:12:30.0344 4236 BVRPMPR5a64 - ok
08:12:30.0390 4236 catchme - ok
08:12:30.0422 4236 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:12:30.0437 4236 cdfs - ok
08:12:30.0484 4236 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:12:30.0484 4236 cdrom - ok
08:12:30.0546 4236 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:12:30.0546 4236 circlass - ok
08:12:30.0578 4236 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:12:30.0593 4236 CLFS - ok
08:12:30.0656 4236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:12:30.0656 4236 CmBatt - ok
08:12:30.0671 4236 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:12:30.0671 4236 cmdide - ok
08:12:30.0702 4236 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
08:12:30.0718 4236 CNG - ok
08:12:30.0765 4236 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:12:30.0765 4236 Compbatt - ok
08:12:30.0812 4236 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:12:30.0827 4236 CompositeBus - ok
08:12:30.0874 4236 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:12:30.0874 4236 crcdisk - ok
08:12:30.0921 4236 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:12:30.0921 4236 DfsC - ok
08:12:30.0952 4236 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:12:30.0952 4236 discache - ok
08:12:30.0983 4236 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:12:30.0983 4236 Disk - ok
08:12:31.0046 4236 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:12:31.0046 4236 drmkaud - ok
08:12:31.0077 4236 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:12:31.0092 4236 DXGKrnl - ok
08:12:31.0155 4236 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:12:31.0217 4236 ebdrv - ok
08:12:31.0248 4236 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:12:31.0248 4236 elxstor - ok
08:12:31.0280 4236 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:12:31.0280 4236 ErrDev - ok
08:12:31.0342 4236 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:12:31.0342 4236 exfat - ok
08:12:31.0373 4236 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:12:31.0373 4236 fastfat - ok
08:12:31.0420 4236 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:12:31.0420 4236 fdc - ok
08:12:31.0451 4236 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:12:31.0451 4236 FileInfo - ok
08:12:31.0467 4236 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:12:31.0467 4236 Filetrace - ok
08:12:31.0514 4236 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:12:31.0514 4236 flpydisk - ok
08:12:31.0576 4236 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:12:31.0576 4236 FltMgr - ok
08:12:31.0607 4236 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:12:31.0607 4236 FsDepends - ok
08:12:31.0623 4236 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:12:31.0623 4236 Fs_Rec - ok
08:12:31.0654 4236 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:12:31.0670 4236 fvevol - ok
08:12:31.0670 4236 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:12:31.0685 4236 gagp30kx - ok
08:12:31.0748 4236 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:12:31.0748 4236 GEARAspiWDM - ok
08:12:31.0763 4236 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:12:31.0779 4236 hcw85cir - ok
08:12:31.0826 4236 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:12:31.0841 4236 HDAudBus - ok
08:12:31.0872 4236 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:12:31.0872 4236 HidBatt - ok
08:12:31.0888 4236 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:12:31.0888 4236 HidBth - ok
08:12:31.0904 4236 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:12:31.0919 4236 HidIr - ok
08:12:31.0950 4236 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:12:31.0950 4236 HidUsb - ok
08:12:32.0028 4236 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:12:32.0028 4236 HpSAMD - ok
08:12:32.0091 4236 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:12:32.0106 4236 HTTP - ok
08:12:32.0122 4236 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:12:32.0122 4236 hwpolicy - ok
08:12:32.0184 4236 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:12:32.0184 4236 i8042prt - ok
08:12:32.0216 4236 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:12:32.0216 4236 iaStorV - ok
08:12:32.0247 4236 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:12:32.0247 4236 iirsp - ok
08:12:32.0340 4236 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
08:12:32.0340 4236 IntcAzAudAddService - ok
08:12:32.0372 4236 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:12:32.0372 4236 intelide - ok
08:12:32.0418 4236 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:12:32.0434 4236 intelppm - ok
08:12:32.0465 4236 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:12:32.0465 4236 IpFilterDriver - ok
08:12:32.0481 4236 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:12:32.0481 4236 IPMIDRV - ok
08:12:32.0528 4236 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:12:32.0528 4236 IPNAT - ok
08:12:32.0590 4236 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:12:32.0590 4236 IRENUM - ok
08:12:32.0606 4236 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:12:32.0606 4236 isapnp - ok
08:12:32.0637 4236 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:12:32.0637 4236 iScsiPrt - ok
08:12:32.0684 4236 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:12:32.0684 4236 kbdclass - ok
08:12:32.0699 4236 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:12:32.0699 4236 kbdhid - ok
08:12:32.0746 4236 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
08:12:32.0746 4236 KSecDD - ok
08:12:32.0777 4236 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
08:12:32.0777 4236 KSecPkg - ok
08:12:32.0793 4236 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:12:32.0793 4236 ksthunk - ok
08:12:32.0871 4236 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:12:32.0871 4236 lltdio - ok
08:12:32.0949 4236 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:12:32.0949 4236 LSI_FC - ok
08:12:32.0980 4236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:12:32.0980 4236 LSI_SAS - ok
08:12:32.0996 4236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:12:32.0996 4236 LSI_SAS2 - ok
08:12:33.0011 4236 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:12:33.0011 4236 LSI_SCSI - ok
08:12:33.0027 4236 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:12:33.0027 4236 luafv - ok
08:12:33.0089 4236 lvpopf64 (4db7d24f69354073a1c13f5889e63208) C:\Windows\system32\DRIVERS\lvpopf64.sys
08:12:33.0105 4236 lvpopf64 - ok
08:12:33.0167 4236 LVPr2M64 (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:12:33.0167 4236 LVPr2M64 - ok
08:12:33.0198 4236 LVPr2Mon (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:12:33.0198 4236 LVPr2Mon - ok
08:12:33.0245 4236 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
08:12:33.0245 4236 LVRS64 - ok
08:12:33.0339 4236 LVUVC64 (a5b0494409fb08dcdc42a216c6eab0f7) C:\Windows\system32\DRIVERS\lvuvc64.sys
08:12:33.0370 4236 LVUVC64 - ok
08:12:33.0401 4236 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:12:33.0401 4236 megasas - ok
08:12:33.0417 4236 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:12:33.0417 4236 MegaSR - ok
08:12:33.0448 4236 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:12:33.0448 4236 Modem - ok
08:12:33.0495 4236 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:12:33.0495 4236 monitor - ok
08:12:33.0557 4236 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:12:33.0557 4236 mouclass - ok
08:12:33.0573 4236 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:12:33.0573 4236 mouhid - ok
08:12:33.0588 4236 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:12:33.0588 4236 mountmgr - ok
08:12:33.0635 4236 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:12:33.0635 4236 mpio - ok
08:12:33.0651 4236 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:12:33.0651 4236 mpsdrv - ok
08:12:33.0682 4236 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:12:33.0682 4236 MRxDAV - ok
08:12:33.0698 4236 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:12:33.0713 4236 mrxsmb - ok
08:12:33.0744 4236 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:12:33.0744 4236 mrxsmb10 - ok
08:12:33.0760 4236 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:12:33.0760 4236 mrxsmb20 - ok
08:12:33.0776 4236 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:12:33.0791 4236 msahci - ok
08:12:33.0807 4236 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:12:33.0807 4236 msdsm - ok
08:12:33.0838 4236 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:12:33.0838 4236 Msfs - ok
08:12:33.0838 4236 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:12:33.0854 4236 mshidkmdf - ok
08:12:33.0854 4236 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:12:33.0854 4236 msisadrv - ok
08:12:33.0916 4236 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:12:33.0916 4236 MSKSSRV - ok
08:12:33.0947 4236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:12:33.0947 4236 MSPCLOCK - ok
08:12:33.0947 4236 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:12:33.0947 4236 MSPQM - ok
08:12:33.0994 4236 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:12:33.0994 4236 MsRPC - ok
08:12:34.0010 4236 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:12:34.0010 4236 mssmbios - ok
08:12:34.0025 4236 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:12:34.0025 4236 MSTEE - ok
08:12:34.0041 4236 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:12:34.0056 4236 MTConfig - ok
08:12:34.0088 4236 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:12:34.0088 4236 Mup - ok
08:12:34.0150 4236 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:12:34.0150 4236 NativeWifiP - ok
08:12:34.0228 4236 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:12:34.0228 4236 NDIS - ok
08:12:34.0275 4236 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:12:34.0275 4236 NdisCap - ok
08:12:34.0306 4236 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:12:34.0306 4236 NdisTapi - ok
08:12:34.0337 4236 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:12:34.0337 4236 Ndisuio - ok
08:12:34.0368 4236 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:12:34.0384 4236 NdisWan - ok
08:12:34.0400 4236 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:12:34.0400 4236 NDProxy - ok
08:12:34.0415 4236 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:12:34.0415 4236 NetBIOS - ok
08:12:34.0446 4236 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:12:34.0446 4236 NetBT - ok
08:12:34.0540 4236 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
08:12:34.0556 4236 netr28x - ok
08:12:34.0602 4236 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:12:34.0602 4236 nfrd960 - ok
08:12:34.0665 4236 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:12:34.0665 4236 Npfs - ok
08:12:34.0680 4236 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:12:34.0680 4236 nsiproxy - ok
08:12:34.0727 4236 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:12:34.0758 4236 Ntfs - ok
08:12:34.0774 4236 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:12:34.0774 4236 Null - ok
08:12:34.0992 4236 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:12:35.0039 4236 nvlddmkm - ok
08:12:35.0086 4236 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
08:12:35.0086 4236 NVNET - ok
08:12:35.0148 4236 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:12:35.0148 4236 nvraid - ok
08:12:35.0195 4236 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
08:12:35.0195 4236 nvsmu - ok
08:12:35.0211 4236 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:12:35.0211 4236 nvstor - ok
08:12:35.0242 4236 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
08:12:35.0242 4236 nvstor64 - ok
08:12:35.0258 4236 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:12:35.0258 4236 nv_agp - ok
08:12:35.0320 4236 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:12:35.0320 4236 ohci1394 - ok
08:12:35.0414 4236 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:12:35.0414 4236 Parport - ok
08:12:35.0445 4236 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:12:35.0445 4236 partmgr - ok
08:12:35.0460 4236 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:12:35.0460 4236 pci - ok
08:12:35.0476 4236 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:12:35.0476 4236 pciide - ok
08:12:35.0507 4236 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:12:35.0507 4236 pcmcia - ok
08:12:35.0570 4236 PCTCore (b00029a297e54c2e2f169d83448b8508) C:\Windows\system32\drivers\PCTCore64.sys
08:12:35.0570 4236 PCTCore - ok
08:12:35.0616 4236 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
08:12:35.0632 4236 pctDS - ok
08:12:35.0648 4236 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
08:12:35.0663 4236 pctEFA - ok
08:12:35.0726 4236 pctgntdi (35ec9e1f64f4b59064ee80b16f71bd89) C:\Windows\System32\drivers\pctgntdi64.sys
08:12:35.0726 4236 pctgntdi - ok
08:12:35.0757 4236 pctplsg (8bbc867ef6ceacbaaa5e2f8075c61aac) C:\Windows\System32\drivers\pctplsg64.sys
08:12:35.0757 4236 pctplsg - ok
08:12:35.0772 4236 PCTSD (dea3e7a33e268d4f1fbb4516c784646b) C:\Windows\system32\Drivers\PCTSD64.sys
08:12:35.0772 4236 PCTSD - ok
08:12:35.0819 4236 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:12:35.0819 4236 pcw - ok
08:12:35.0835 4236 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:12:35.0835 4236 PEAUTH - ok
08:12:35.0928 4236 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:12:35.0928 4236 PptpMiniport - ok
08:12:35.0975 4236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:12:35.0975 4236 Processor - ok
08:12:36.0053 4236 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:12:36.0053 4236 Psched - ok
08:12:36.0116 4236 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:12:36.0131 4236 ql2300 - ok
08:12:36.0147 4236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:12:36.0147 4236 ql40xx - ok
08:12:36.0178 4236 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:12:36.0178 4236 QWAVEdrv - ok
08:12:36.0194 4236 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:12:36.0194 4236 RasAcd - ok
08:12:36.0240 4236 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:12:36.0240 4236 RasAgileVpn - ok
08:12:36.0287 4236 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:12:36.0287 4236 Rasl2tp - ok
08:12:36.0303 4236 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:12:36.0303 4236 RasPppoe - ok
08:12:36.0350 4236 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:12:36.0350 4236 RasSstp - ok
08:12:36.0381 4236 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:12:36.0381 4236 rdbss - ok
08:12:36.0396 4236 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:12:36.0396 4236 rdpbus - ok
08:12:36.0412 4236 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:12:36.0412 4236 RDPCDD - ok
08:12:36.0459 4236 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:12:36.0459 4236 RDPENCDD - ok
08:12:36.0474 4236 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:12:36.0474 4236 RDPREFMP - ok
08:12:36.0506 4236 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:12:36.0506 4236 RDPWD - ok
08:12:36.0537 4236 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:12:36.0537 4236 rdyboost - ok
08:12:36.0599 4236 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:12:36.0599 4236 rspndr - ok
08:12:36.0693 4236 SASDIFSV (6154a1cb558e56f85902a68f6ae3c96c) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
08:12:36.0693 4236 SASDIFSV - ok
08:12:36.0708 4236 SASENUM (6d842f3226a0d2679844d0ec5cda7152) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
08:12:36.0708 4236 SASENUM - ok
08:12:36.0771 4236 SASKUTIL (15575690e55d2d2030843a9a4f20c9bd) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS
08:12:36.0771 4236 SASKUTIL - ok
08:12:36.0802 4236 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:12:36.0802 4236 sbp2port - ok
08:12:36.0833 4236 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:12:36.0833 4236 scfilter - ok
08:12:36.0896 4236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:12:36.0896 4236 secdrv - ok
08:12:36.0958 4236 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:12:36.0958 4236 Serenum - ok
08:12:37.0005 4236 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:12:37.0005 4236 Serial - ok
08:12:37.0020 4236 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:12:37.0020 4236 sermouse - ok
08:12:37.0052 4236 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:12:37.0052 4236 sffdisk - ok
08:12:37.0067 4236 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:12:37.0067 4236 sffp_mmc - ok
08:12:37.0083 4236 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:12:37.0083 4236 sffp_sd - ok
08:12:37.0145 4236 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:12:37.0145 4236 sfloppy - ok
08:12:37.0223 4236 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:12:37.0223 4236 SiSRaid2 - ok
08:12:37.0239 4236 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:12:37.0239 4236 SiSRaid4 - ok
08:12:37.0301 4236 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:12:37.0301 4236 Smb - ok
08:12:37.0332 4236 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:12:37.0332 4236 spldr - ok
08:12:37.0379 4236 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
08:12:37.0379 4236 sptd - ok
08:12:37.0410 4236 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:12:37.0410 4236 srv - ok
08:12:37.0426 4236 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:12:37.0442 4236 srv2 - ok
08:12:37.0442 4236 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:12:37.0457 4236 srvnet - ok
08:12:37.0520 4236 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
08:12:37.0520 4236 StarOpen - ok
08:12:37.0551 4236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:12:37.0551 4236 stexstor - ok
08:12:37.0613 4236 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:12:37.0613 4236 swenum - ok
08:12:37.0676 4236 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
08:12:37.0722 4236 Tcpip - ok
08:12:37.0785 4236 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
08:12:37.0785 4236 TCPIP6 - ok
08:12:37.0832 4236 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:12:37.0832 4236 tcpipreg - ok
08:12:37.0863 4236 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:12:37.0863 4236 TDPIPE - ok
08:12:37.0878 4236 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:12:37.0878 4236 TDTCP - ok
08:12:37.0941 4236 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:12:37.0941 4236 tdx - ok
08:12:37.0956 4236 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:12:37.0956 4236 TermDD - ok
08:12:38.0034 4236 TfFsMon (d2df419972ceb50af29309a1beb24eff) C:\Windows\system32\drivers\TfFsMon.sys
08:12:38.0034 4236 TfFsMon - ok
08:12:38.0081 4236 TfNetMon (3c98592982c41a6c6cccccdf1d0c1881) C:\Windows\system32\drivers\TfNetMon.sys
08:12:38.0081 4236 TfNetMon - ok
08:12:38.0144 4236 TfSysMon (6b9e882313f9ee9a41843077fc764196) C:\Windows\system32\drivers\TfSysMon.sys
08:12:38.0144 4236 TfSysMon - ok
08:12:38.0222 4236 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:12:38.0222 4236 tssecsrv - ok
08:12:38.0237 4236 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:12:38.0253 4236 TsUsbFlt - ok
08:12:38.0315 4236 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:12:38.0315 4236 tunnel - ok
08:12:38.0346 4236 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:12:38.0346 4236 uagp35 - ok
08:12:38.0362 4236 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:12:38.0378 4236 udfs - ok
08:12:38.0409 4236 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:12:38.0409 4236 uliagpkx - ok
08:12:38.0456 4236 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:12:38.0456 4236 umbus - ok
08:12:38.0487 4236 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:12:38.0487 4236 UmPass - ok
08:12:38.0502 4236 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:12:38.0518 4236 USBAAPL64 - ok
08:12:38.0534 4236 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:12:38.0534 4236 usbaudio - ok
08:12:38.0549 4236 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:12:38.0549 4236 usbccgp - ok
08:12:38.0596 4236 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:12:38.0596 4236 usbcir - ok
08:12:38.0612 4236 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:12:38.0612 4236 usbehci - ok
08:12:38.0643 4236 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:12:38.0643 4236 usbhub - ok
08:12:38.0658 4236 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:12:38.0658 4236 usbohci - ok
08:12:38.0690 4236 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:12:38.0690 4236 usbprint - ok
08:12:38.0705 4236 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:12:38.0705 4236 USBSTOR - ok
08:12:38.0721 4236 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:12:38.0721 4236 usbuhci - ok
08:12:38.0736 4236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:12:38.0736 4236 vdrvroot - ok
08:12:38.0783 4236 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:12:38.0783 4236 vga - ok
08:12:38.0783 4236 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:12:38.0783 4236 VgaSave - ok
08:12:38.0814 4236 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:12:38.0814 4236 vhdmp - ok
08:12:38.0830 4236 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:12:38.0830 4236 viaide - ok
08:12:38.0846 4236 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:12:38.0846 4236 volmgr - ok
08:12:38.0892 4236 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:12:38.0892 4236 volmgrx - ok
08:12:38.0924 4236 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:12:38.0924 4236 volsnap - ok
08:12:38.0970 4236 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:12:38.0986 4236 vsmraid - ok
08:12:39.0002 4236 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:12:39.0002 4236 vwifibus - ok
08:12:39.0048 4236 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:12:39.0048 4236 vwififlt - ok
08:12:39.0080 4236 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:12:39.0080 4236 WacomPen - ok
08:12:39.0142 4236 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:12:39.0142 4236 WANARP - ok
08:12:39.0158 4236 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:12:39.0158 4236 Wanarpv6 - ok
08:12:39.0220 4236 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:12:39.0220 4236 Wd - ok
08:12:39.0251 4236 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:12:39.0251 4236 Wdf01000 - ok
08:12:39.0329 4236 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:12:39.0329 4236 WfpLwf - ok
08:12:39.0345 4236 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:12:39.0345 4236 WIMMount - ok
08:12:39.0407 4236 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
08:12:39.0407 4236 WinUSB - ok
08:12:39.0438 4236 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:12:39.0438 4236 WmiAcpi - ok
08:12:39.0501 4236 WMP110v2 (6d323d55dbe94cb408fc657dce8c7a3c) C:\Windows\system32\DRIVERS\WMP110v2.sys
08:12:39.0501 4236 WMP110v2 - ok
08:12:39.0548 4236 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:12:39.0548 4236 ws2ifsl - ok
08:12:39.0579 4236 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:12:39.0579 4236 WudfPf - ok
08:12:39.0594 4236 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:12:39.0610 4236 WUDFRd - ok
08:12:39.0672 4236 MBR (0x1B8) (9d886421b38975fb45ef62935e7b4a55) \Device\Harddisk0\DR0
08:12:39.0782 4236 \Device\Harddisk0\DR0 - ok
08:12:39.0782 4236 Boot (0x1200) (c451240810dd06bdb2c8629dd24e3082) \Device\Harddisk0\DR0\Partition0
08:12:39.0782 4236 \Device\Harddisk0\DR0\Partition0 - ok
08:12:39.0797 4236 Boot (0x1200) (34a1a58cba6fd40a763619550efb6858) \Device\Harddisk0\DR0\Partition1
08:12:39.0797 4236 \Device\Harddisk0\DR0\Partition1 - ok
08:12:39.0828 4236 Boot (0x1200) (0e6ead3d4963af87c6f79b4445998d7d) \Device\Harddisk0\DR0\Partition2
08:12:39.0828 4236 \Device\Harddisk0\DR0\Partition2 - ok
08:12:39.0828 4236 ============================================================
08:12:39.0828 4236 Scan finished
08:12:39.0828 4236 ============================================================
08:12:39.0844 4640 Detected object count: 0
08:12:39.0844 4640 Actual detected object count: 0
08:12:47.0098 0972 Deinitialize success

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 30 October 2011 - 12:17 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 30 October 2011 - 05:48 PM

Reader updated, java updated, after clicking "Start" TFC would freeze my computer up.... I used CCleaner to remove temp files instead.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8046

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

10/30/2011 1:09:51 PM
mbam-log-2011-10-30 (13-09-51).txt

Scan type: Quick scan
Objects scanned: 172243
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HiJackThis.....


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:45:18 PM, on 10/30/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Upromise\dca-ua.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Program Files\Alwil Software\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\aswWebRepIE.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe
O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files (x86)\SUPERAntiSpyware\SASCore.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9570 bytes

#13 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 30 October 2011 - 05:50 PM

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/30/2011 12:08:50 PM
mbam-log-2011-10-30 (12-08-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 323644
Time elapsed: 38 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\hp p6310y\AppData\LocalLow\Sun\Java\deployment\cache\6.0\33\6ba285e1-7b04c781 (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\Users\hp p6310y\AppData\LocalLow\Sun\Java\deployment\cache\6.0\51\28a8833-2d46faba (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.

Edited by nkropnik, 30 October 2011 - 05:51 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 AM

Posted 30 October 2011 - 09:34 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe
      O4 - HKCU\..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]



If you have any problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nkropnik

nkropnik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 31 October 2011 - 07:23 PM

C:\Users\HP p6310y\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-1e9e2061 Java/Agent.BV trojan
C:\Users\HP p6310y\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\57a07a6f-311730fd Java/Exploit.Agent.NAO trojan
C:\Users\HP p6310y\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-15d7c617 Java/Agent.BV trojan
C:\Users\HP p6310y\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-1d7f6273 a variant of Java/Agent.BR trojan



Computer's running great. Now how do I clean all this crap we installed off of my computer?

My Documents and Settings folder is locked as well as a number of others, i'm assuming this is because of combofix.

Thank you Gringo! How can I donate funds?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users