Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

urlseek malware redirects browser


  • This topic is locked This topic is locked
22 replies to this topic

#1 LNinja

LNinja

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 04 November 2011 - 01:40 AM

I have a malware issue. It redirects any gibberish link to urlseek20. vmn. net, and sometimes intercepts legitimate addresses as well. I ran AVG, which caught nothing, and downloaded malwarebytes and ran that too, which turned up one thing, which appears to be unrelated as it was removed and made no difference. I've run CCleaner as well. It happens on both Firefox and Chrome. Here's the DDS log.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Rachael at 22:07:29 on 2011-11-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.1726 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.searchcompletion.com/?si=16615&home=true
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - c:\program files\completebartb\completebarDx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\users\rachael\appdata\roaming\complitlyengine\ComplitlyEngine.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Updater For Complete Bar: {fe618700-e0ee-441e-8b1d-18ce226bb193} - c:\program files\completebartb\auxi\completebarAu.dll
TB: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - c:\program files\completebartb\completebarDx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\rachael\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{68F63CE9-BF09-4531-A9B1-FA05B4F96B06} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{DA2FEC14-6ECB-4634-91AA-5BB999CC40D5} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rachael\appdata\roaming\mozilla\firefox\profiles\e9gcwhh0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\rachael\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\rachael\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-1-13 365952]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-9-24 2749736]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 599344]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-23 107360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-9-24 15656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-04 04:36:40 -------- d-----w- c:\program files\CCleaner
2011-11-04 04:26:20 -------- d-----w- c:\users\rachael\appdata\local\{88C0E810-5726-48C6-B7D1-991E767F62DD}
2011-11-04 04:26:18 -------- d-----w- c:\users\rachael\appdata\local\{8CA3E487-E896-48DF-B104-4908EF87837F}
2011-11-03 19:45:23 -------- d-----w- c:\users\rachael\appdata\roaming\Malwarebytes
2011-11-03 19:45:09 -------- d-----w- c:\programdata\Malwarebytes
2011-11-03 19:45:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 19:45:05 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-03 19:45:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-03 16:25:51 -------- d-----w- c:\users\rachael\appdata\local\{0D94B4F6-4CB5-4FEE-8F35-CD7EA9FEA34B}
2011-11-03 16:25:39 -------- d-----w- c:\users\rachael\appdata\local\{19E5703A-BF69-46E2-AD99-7D2F6DB0D240}
2011-11-03 04:25:23 -------- d-----w- c:\users\rachael\appdata\local\{44283817-898F-4F3A-B5DA-4AAE7AB32732}
2011-11-03 04:25:18 -------- d-----w- c:\users\rachael\appdata\local\{1144167B-332C-4D25-84C4-B10C03761DC8}
2011-11-02 16:25:15 -------- d-----w- c:\users\rachael\appdata\local\{65A86CF3-8D96-4CF2-A635-CC44DEA3088C}
2011-11-02 04:12:07 -------- d-----w- c:\users\rachael\appdata\local\{B920EB31-D3FE-4D60-8D71-A91625D19DBC}
2011-11-02 04:12:02 -------- d-----w- c:\users\rachael\appdata\local\{8ADF2640-55FB-4AA0-A1EB-0DA300905D8E}
2011-11-01 15:13:06 -------- d-----w- c:\users\rachael\appdata\local\{385C8BB2-03B0-4EA3-AF8F-B307EAB07EF6}
2011-11-01 15:12:55 -------- d-----w- c:\users\rachael\appdata\local\{7A19084C-0584-4369-BA4A-17A1F677F300}
2011-11-01 03:12:37 -------- d-----w- c:\users\rachael\appdata\local\{441F5BBC-7734-4350-AEA9-FC061790576A}
2011-11-01 03:12:33 -------- d-----w- c:\users\rachael\appdata\local\{1C6A4553-DE73-4683-A531-845802D1CAE2}
2011-10-31 15:12:10 -------- d-----w- c:\users\rachael\appdata\local\{C5609EAA-4748-4329-93ED-FCB3523F5349}
2011-10-31 15:11:57 -------- d-----w- c:\users\rachael\appdata\local\{FC644A81-C622-4399-A24E-BBD345F897AB}
2011-10-30 23:38:34 -------- d-----w- c:\users\rachael\appdata\local\{CA9514FD-3B24-4D97-9C4C-49609295F954}
2011-10-30 23:38:32 -------- d-----w- c:\users\rachael\appdata\local\{F4A64F5A-39DB-467C-AAAD-561B97831223}
2011-10-30 06:20:43 -------- d-----w- c:\users\rachael\appdata\local\{24E8C141-959F-4122-A72C-5A1517ACC3B6}
2011-10-30 06:20:34 -------- d-----w- c:\users\rachael\appdata\local\{71180A7A-E3A5-4E32-BF61-274F00563E29}
2011-10-29 01:18:09 -------- d-----w- c:\users\rachael\appdata\local\{D459F381-67A6-4566-A496-DCCD8702449B}
2011-10-29 01:17:53 -------- d-----w- c:\users\rachael\appdata\local\{A4D17B16-32D5-4CAE-B547-4357A5DFB352}
2011-10-27 22:48:24 -------- d-----w- c:\users\rachael\appdata\local\{526BB744-0B31-4D2F-918B-2D28F577DBE8}
2011-10-27 22:48:12 -------- d-----w- c:\users\rachael\appdata\local\{3808A3DA-B606-4FB1-8B7C-DA1E4A304019}
2011-10-27 18:56:33 -------- d-----w- c:\users\rachael\appdata\local\{9BE63434-2843-496A-83F0-16BEF9BD0CCB}
2011-10-27 06:20:09 -------- d-----w- c:\users\rachael\appdata\local\{B9F7E903-DD26-4057-BAB1-B8006506737D}
2011-10-27 06:20:04 -------- d-----w- c:\users\rachael\appdata\local\{F31160F9-2A23-47E8-921F-D8604AC75058}
2011-10-26 18:20:07 -------- d-----w- c:\users\rachael\appdata\local\{EBDB467C-5191-43E5-9694-35D0F36DC352}
2011-10-25 22:46:17 -------- d-----w- c:\users\rachael\appdata\local\{C3310728-004A-4B35-B235-81DF3A082DEA}
2011-10-25 22:46:04 -------- d-----w- c:\users\rachael\appdata\local\{B4DFEF2D-6090-47E2-A8C4-456DD5FC7324}
2011-10-25 18:36:33 -------- d-----w- c:\users\rachael\appdata\local\{CF32B76E-2FD4-4366-B11C-A2F22D567CBA}
2011-10-25 15:02:43 -------- d-----w- c:\users\rachael\appdata\local\{912FAC42-4AB9-4531-B6F2-AAC63D7450A5}
2011-10-24 20:37:47 -------- d-----w- c:\users\rachael\appdata\local\{393D2D7B-4F61-44B5-97A2-BF44F049F2E9}
2011-10-24 20:37:42 -------- d-----w- c:\users\rachael\appdata\local\{57F2B4B8-089A-4CD2-BBDE-C44F2F9ABCFD}
2011-10-23 20:22:58 -------- d-----w- c:\users\rachael\appdata\local\{D93F3936-3388-498D-A514-71B58FD2E2A5}
2011-10-23 20:22:46 -------- d-----w- c:\users\rachael\appdata\local\{28108A04-40C5-488A-A7EA-814A3D279775}
2011-10-23 19:13:20 -------- d-----w- c:\users\rachael\appdata\local\{2B1B909D-16C0-4A0F-B284-16B796D84148}
2011-10-22 18:06:36 -------- d-----w- c:\users\rachael\appdata\local\{36CA87F7-0641-4493-9DD1-CEE4C5BA022D}
2011-10-22 18:06:19 -------- d-----w- c:\users\rachael\appdata\local\{C126E839-14F9-441A-902B-059A3421DC9B}
2011-10-22 01:24:55 -------- d-----w- c:\users\rachael\appdata\local\{2B28E174-F90A-44EE-874A-E972C1CCA466}
2011-10-22 01:24:51 -------- d-----w- c:\users\rachael\appdata\local\{DCB48A39-9AAF-4685-B921-046D0669810F}
2011-10-21 04:15:24 -------- d-----w- c:\users\rachael\appdata\local\{F7AC9538-E4DC-4342-8A66-D90F9DA5E556}
2011-10-21 04:15:22 -------- d-----w- c:\users\rachael\appdata\local\{3A6BC60F-2F30-4F16-A44C-6ECC371255DD}
2011-10-20 16:14:56 -------- d-----w- c:\users\rachael\appdata\local\{09B36DAF-1AA2-4002-B45B-A8C5B631782C}
2011-10-20 16:14:42 -------- d-----w- c:\users\rachael\appdata\local\{F2B1A82F-2F31-42BC-BBF7-BF4E19FC6584}
2011-10-20 04:14:25 -------- d-----w- c:\users\rachael\appdata\local\{6906BCB0-3085-45E4-A264-D1AA5E5D3395}
2011-10-19 16:14:18 -------- d-----w- c:\users\rachael\appdata\local\{94230E7D-FB69-45D3-AA3F-21C8B0B4E1EB}
2011-10-19 16:14:14 -------- d-----w- c:\users\rachael\appdata\local\{D027787A-7AF3-4A9B-90BC-2379FB0EF8B6}
2011-10-18 19:55:54 -------- d-----w- c:\users\rachael\appdata\local\{17CC93F6-5652-48B1-B32B-C67F1DBB21FA}
2011-10-18 19:55:43 -------- d-----w- c:\users\rachael\appdata\local\{4723C329-DD7A-4EFC-B815-A4207695D504}
2011-10-18 07:55:27 -------- d-----w- c:\users\rachael\appdata\local\{54BFFDDD-02C0-47E2-A4F3-126EA6AB1D21}
2011-10-18 07:55:24 -------- d-----w- c:\users\rachael\appdata\local\{791164F3-2590-47F9-9789-82B531B133F2}
2011-10-17 19:54:59 -------- d-----w- c:\users\rachael\appdata\local\{56B51BF4-AB12-436E-ABEC-DA4D1399F73B}
2011-10-17 19:54:47 -------- d-----w- c:\users\rachael\appdata\local\{E96F51F6-213A-4F75-A47D-B1A94F0F934E}
2011-10-17 06:33:09 -------- d-----w- c:\users\rachael\appdata\local\{288AA1CD-37A7-4700-8B1C-03AD5267E9F5}
2011-10-17 06:32:36 -------- d-----w- c:\users\rachael\appdata\local\{AA473401-CCF3-4E7A-9867-A90CF9CD51DC}
2011-10-16 18:32:20 -------- d-----w- c:\users\rachael\appdata\local\{D4E8AB9A-667D-49CE-B89C-D201310CF79A}
2011-10-16 18:31:51 -------- d-----w- c:\users\rachael\appdata\local\{36D195D0-618C-49D0-9470-9EE136D43C05}
2011-10-16 06:31:35 -------- d-----w- c:\users\rachael\appdata\local\{1A661FE2-1B91-4A28-9443-AC07CEF83821}
2011-10-16 06:31:30 -------- d-----w- c:\users\rachael\appdata\local\{C64B623F-D150-4B08-A7B3-FCFAA5F27600}
2011-10-15 18:31:09 -------- d-----w- c:\users\rachael\appdata\local\{E8D6ABF7-9264-4003-A5AE-1DCED789987B}
2011-10-15 18:31:04 -------- d-----w- c:\users\rachael\appdata\local\{C7EFDA1E-2871-4EB7-968D-D8130D5B82D1}
2011-10-15 07:59:09 -------- d-----w- c:\program files\iPod
2011-10-15 07:59:05 -------- d-----w- c:\program files\iTunes
2011-10-15 05:40:56 -------- d-----w- c:\program files\Bonjour
2011-10-15 01:25:54 -------- d-----w- c:\users\rachael\appdata\local\{FEEEE99A-890D-40D4-88F2-38B7B5284A3A}
2011-10-15 01:25:45 -------- d-----w- c:\users\rachael\appdata\local\{B72FD6F6-F36C-49E2-B24A-465D3C112FDC}
2011-10-13 23:03:33 -------- d-----w- c:\users\rachael\appdata\local\{05F0294F-FE82-43F1-B5DC-ADAD813C37C3}
2011-10-13 23:03:07 -------- d-----w- c:\users\rachael\appdata\local\{0715424C-6260-421F-99E0-0DBE9050B55D}
2011-10-13 20:16:12 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-13 20:12:43 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 20:12:43 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 20:12:42 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 20:12:42 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 20:11:22 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 20:11:22 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 20:11:22 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 20:11:22 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 20:11:11 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 18:56:16 -------- d-----w- c:\users\rachael\appdata\local\{56D33B4B-D161-4785-8DFD-4B3D0523A7EB}
2011-10-13 06:32:03 -------- d-----w- c:\users\rachael\appdata\local\{E894C518-F348-492B-8741-8B86031E7D71}
2011-10-12 18:31:56 -------- d-----w- c:\users\rachael\appdata\local\{3BB79445-AA6D-4782-A8A7-BE5417538BE9}
2011-10-12 18:31:54 -------- d-----w- c:\users\rachael\appdata\local\{034FE1AA-C342-4E28-993D-D991FE9A4121}
2011-10-11 22:49:24 -------- d-----w- c:\users\rachael\appdata\local\{C107BDBF-57FE-4832-BBAC-8CC99E6A860F}
2011-10-11 22:49:13 -------- d-----w- c:\users\rachael\appdata\local\{58FAFB53-D258-4AAD-B408-A01112A731A2}
2011-10-11 19:30:43 -------- d-----w- c:\users\rachael\appdata\local\{2EDBF213-C40C-496A-9C10-F27B74C9D4B1}
2011-10-11 15:33:42 -------- d-----w- c:\users\rachael\appdata\local\{26063FCB-1E17-444F-BDEE-DA60EB469017}
2011-10-09 20:06:28 -------- d-----w- c:\users\rachael\appdata\local\{23999554-894B-41E6-8CBC-2A145EB7A347}
2011-10-09 20:06:25 -------- d-----w- c:\users\rachael\appdata\local\{6EFDE2F6-C3F3-46BE-93CD-8FC55BD11E96}
2011-10-09 08:06:09 -------- d-----w- c:\users\rachael\appdata\local\{23628C7F-BC64-49B6-AB74-CDE0C794448A}
2011-10-09 08:06:06 -------- d-----w- c:\users\rachael\appdata\local\{E75BBFF5-672E-4100-9F28-C297D3D7A27F}
2011-10-08 20:05:51 -------- d-----w- c:\users\rachael\appdata\local\{5746AF3B-A255-4BA7-AB8C-3BD9294B9A5B}
2011-10-08 20:05:49 -------- d-----w- c:\users\rachael\appdata\local\{6383EDB0-70C4-45C8-8D37-57E693940E3C}
2011-10-08 08:05:34 -------- d-----w- c:\users\rachael\appdata\local\{F0EB8409-737B-4DCE-A053-9FFF1DEFF405}
2011-10-08 08:05:29 -------- d-----w- c:\users\rachael\appdata\local\{F62D2E07-2A25-41DD-AE8A-3CE554387475}
2011-10-07 19:44:46 -------- d-----w- c:\users\rachael\appdata\local\{6F529501-231F-49FE-9392-7EB7D7792E77}
2011-10-07 19:44:40 -------- d-----w- c:\users\rachael\appdata\local\{5E665013-DEFD-4149-92A1-A4CD3F4CDC12}
2011-10-07 07:14:49 -------- d-----w- c:\users\rachael\appdata\local\{E5A261CA-C0A0-4BED-9943-2FFA5FB24632}
2011-10-07 07:14:39 -------- d-----w- c:\users\rachael\appdata\local\{ED17AAC5-9397-4668-84FD-FB9140B8C386}
2011-10-06 18:56:49 -------- d-----w- c:\users\rachael\appdata\local\{CC593A51-BA79-4194-A1E2-D1E0E0C798FE}
2011-10-06 18:53:34 -------- d-----w- c:\users\rachael\appdata\local\{49EEFF39-3678-4092-88E2-0BA15868A7BD}
2011-10-06 06:53:18 -------- d-----w- c:\users\rachael\appdata\local\{152F2A3C-F916-43D8-A816-0A0D0D8897AF}
2011-10-06 06:53:15 -------- d-----w- c:\users\rachael\appdata\local\{5BD8F1A7-B115-4DF6-9608-17693D03B099}
2011-10-05 18:52:58 -------- d-----w- c:\users\rachael\appdata\local\{FB1A2CE2-5271-4A22-B71D-E4E1331D4AF6}
2011-10-05 18:52:54 -------- d-----w- c:\users\rachael\appdata\local\{6938430B-7FA4-43BE-A337-9FF7D9859F9A}
.
==================== Find3M ====================
.
2011-10-16 05:14:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 22:48:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-29 22:48:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-24 18:12:29 129784 ------w- c:\windows\system32\pxafs.dll
2011-09-24 18:12:29 116472 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-24 18:12:28 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-09-24 18:12:28 118520 ------w- c:\windows\system32\pxinsi64.exe
2011-09-23 06:59:05 0 ----a-w- c:\windows\ativpsrm.bin
2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-16 16:15:15 834048 ----a-w- c:\windows\system32\wininet.dll
2011-08-16 14:20:55 389632 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 22:09:01.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 05 November 2011 - 08:57 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 LNinja

LNinja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 06 November 2011 - 01:57 PM

I will run combofix as soon as I can and get back to you. It may be a couple of days. Thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 06 November 2011 - 02:56 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LNinja

LNinja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 10 November 2011 - 05:33 PM

Going to run combofix tonight. Will post logs tomorrow morning. I apologize for taking so long, but I have to use this computer almost constantly. I haven't had the opportunity to leave it alone for a few hours and risk something else going wrong with it during the week.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 10 November 2011 - 06:08 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LNinja

LNinja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 11 November 2011 - 10:56 AM

I ran combofix. Everything went smoothly. However, I'm still getting the urlseek redirect in my browsers. Looks like combofix didn't catch the baddie.

Here's the log:

ComboFix 11-11-11.02 - Rachael 11/11/2011 0:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.2059 [GMT -8:00]
Running from: c:\users\Rachael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 09:03 . 2011-11-11 15:42 -------- d-----w- c:\users\Rachael\AppData\Local\temp
2011-11-11 09:03 . 2011-11-11 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 18:14 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 18:12 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:12 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-05 08:30 . 2011-11-05 08:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 08:24 . 2011-11-05 08:24 -------- d-----w- c:\program files\VS Revo Group
2011-11-04 04:36 . 2011-11-04 04:36 -------- d-----w- c:\program files\CCleaner
2011-11-03 19:45 . 2011-11-03 19:45 -------- d-----w- c:\users\Rachael\AppData\Roaming\Malwarebytes
2011-11-03 19:45 . 2011-11-03 19:45 -------- d-----w- c:\programdata\Malwarebytes
2011-11-03 19:45 . 2011-11-11 08:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-03 19:45 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 19:45 . 2011-11-03 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-19 19:38 . 2011-10-19 19:38 -------- d-----w- c:\users\Rachael\AppData\Roaming\Corel
2011-10-15 07:59 . 2011-10-15 07:59 -------- d-----w- c:\program files\iPod
2011-10-15 07:59 . 2011-10-15 08:00 -------- d-----w- c:\program files\iTunes
2011-10-15 05:40 . 2011-10-15 05:40 -------- d-----w- c:\program files\Bonjour
2011-10-13 20:12 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 20:12 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 20:12 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 20:12 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 20:11 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 20:11 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 20:11 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 20:11 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 20:11 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 13:23 . 2011-10-07 13:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 13:21 . 2011-10-04 13:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 12:06 . 2011-09-28 22:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 22:48 . 2011-09-29 22:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-29 22:48 . 2011-09-29 22:48 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-24 18:12 . 2011-09-24 18:12 129784 ------w- c:\windows\system32\pxafs.dll
2011-09-24 18:12 . 2011-09-24 18:12 116472 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-24 18:12 . 2011-09-24 18:12 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-09-24 18:12 . 2011-09-24 18:12 118520 ------w- c:\windows\system32\pxinsi64.exe
2011-09-24 15:14 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-21 16:00 . 2011-09-24 01:42 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{746424A1-1EBB-4897-A7DF-C4EBA7CCC17C}\mpengine.dll
2011-09-13 13:30 . 2011-09-13 13:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-11-11 01:26 . 2011-09-24 03:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
2011-03-23 17:33 86696 ----a-w- c:\program files\completebartb\completebarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
2011-03-23 17:33 262312 ----a-w- c:\program files\completebartb\auxi\completebarAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64c54209-175c-454d-9291-ac46d4d952cf}"= "c:\program files\completebartb\completebarDx.dll" [2011-03-23 86696]
.
[HKEY_CLASSES_ROOT\clsid\{64c54209-175c-454d-9291-ac46d4d952cf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-12-11 842816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-04 450652]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-03-15 232104]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-03 81920]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-18 365952]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 2749736]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 599344]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418553173-1129894507-2881647714-1000Core.job
- c:\users\Rachael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 19:20]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418553173-1129894507-2881647714-1000UA.job
- c:\users\Rachael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.searchcompletion.com/?si=16615&home=true
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
FF - ProfilePath - c:\users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\e9gcwhh0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 07:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5132)
c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-11-11 07:47:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 15:47
.
Pre-Run: 132,022,980,608 bytes free
Post-Run: 130,351,030,272 bytes free
.
- - End Of File - - 157571080D579DF97F9C18DB81B00608

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 11 November 2011 - 11:07 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LNinja

LNinja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 11 November 2011 - 09:41 PM

Well, the scan didn't find anything, but it looks like the redirect is still there, off and on. It doesn't seem to redirect consistently if I put a made-up url in, but if I just do gibberish, no www., it still redirects.

18:25:56.0942 5080 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
18:25:57.0503 5080 ============================================================
18:25:57.0503 5080 Current date / time: 2011/11/11 18:25:57.0503
18:25:57.0503 5080 SystemInfo:
18:25:57.0503 5080
18:25:57.0503 5080 OS Version: 6.0.6002 ServicePack: 2.0
18:25:57.0503 5080 Product type: Workstation
18:25:57.0503 5080 ComputerName: OLLIVANDER
18:25:57.0503 5080 UserName: Rachael
18:25:57.0503 5080 Windows directory: C:\Windows
18:25:57.0503 5080 System windows directory: C:\Windows
18:25:57.0503 5080 Processor architecture: Intel x86
18:25:57.0503 5080 Number of processors: 2
18:25:57.0503 5080 Page size: 0x1000
18:25:57.0503 5080 Boot type: Normal boot
18:25:57.0503 5080 ============================================================
18:25:59.0344 5080 Initialize success
18:26:09.0952 0876 ============================================================
18:26:09.0952 0876 Scan started
18:26:09.0952 0876 Mode: Manual;
18:26:09.0952 0876 ============================================================
18:26:11.0418 0876 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:26:11.0418 0876 Accelerometer - ok
18:26:11.0465 0876 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:26:11.0465 0876 ACPI - ok
18:26:11.0606 0876 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:26:11.0621 0876 adp94xx - ok
18:26:11.0637 0876 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:26:11.0652 0876 adpahci - ok
18:26:11.0668 0876 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:26:11.0668 0876 adpu160m - ok
18:26:11.0699 0876 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:26:11.0699 0876 adpu320 - ok
18:26:11.0871 0876 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:26:11.0886 0876 AFD - ok
18:26:11.0964 0876 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:26:11.0964 0876 agp440 - ok
18:26:11.0996 0876 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:26:12.0011 0876 aic78xx - ok
18:26:12.0058 0876 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
18:26:12.0058 0876 aliide - ok
18:26:12.0183 0876 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:26:12.0183 0876 amdagp - ok
18:26:12.0214 0876 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
18:26:12.0214 0876 amdide - ok
18:26:12.0292 0876 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:26:12.0292 0876 AmdK7 - ok
18:26:12.0370 0876 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:26:12.0386 0876 AmdK8 - ok
18:26:12.0557 0876 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:26:12.0573 0876 arc - ok
18:26:12.0651 0876 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:26:12.0651 0876 arcsas - ok
18:26:12.0776 0876 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:26:12.0776 0876 AsyncMac - ok
18:26:12.0807 0876 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:26:12.0807 0876 atapi - ok
18:26:13.0119 0876 atikmdag (96f5eea88f9146f5f803ad20c4264565) C:\Windows\system32\DRIVERS\atikmdag.sys
18:26:13.0181 0876 atikmdag - ok
18:26:13.0384 0876 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:26:13.0400 0876 AVGIDSDriver - ok
18:26:13.0415 0876 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:26:13.0415 0876 AVGIDSEH - ok
18:26:13.0493 0876 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:26:13.0493 0876 AVGIDSFilter - ok
18:26:13.0540 0876 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
18:26:13.0540 0876 AVGIDSShim - ok
18:26:13.0587 0876 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
18:26:13.0587 0876 Avgldx86 - ok
18:26:13.0649 0876 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
18:26:13.0649 0876 Avgmfx86 - ok
18:26:13.0727 0876 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
18:26:13.0727 0876 Avgrkx86 - ok
18:26:13.0790 0876 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
18:26:13.0805 0876 Avgtdix - ok
18:26:13.0946 0876 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:26:13.0946 0876 Beep - ok
18:26:14.0039 0876 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:26:14.0039 0876 blbdrive - ok
18:26:14.0164 0876 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:26:14.0164 0876 bowser - ok
18:26:14.0242 0876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:26:14.0242 0876 BrFiltLo - ok
18:26:14.0258 0876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:26:14.0258 0876 BrFiltUp - ok
18:26:14.0367 0876 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
18:26:14.0367 0876 Brserid - ok
18:26:14.0398 0876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:26:14.0398 0876 BrSerWdm - ok
18:26:14.0429 0876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:26:14.0429 0876 BrUsbMdm - ok
18:26:14.0460 0876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
18:26:14.0460 0876 BrUsbSer - ok
18:26:14.0538 0876 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:26:14.0538 0876 BTHMODEM - ok
18:26:14.0554 0876 catchme - ok
18:26:14.0585 0876 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:26:14.0601 0876 cdfs - ok
18:26:14.0663 0876 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:26:14.0663 0876 cdrom - ok
18:26:14.0757 0876 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
18:26:14.0757 0876 circlass - ok
18:26:14.0804 0876 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:26:14.0804 0876 CLFS - ok
18:26:14.0991 0876 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:26:14.0991 0876 CmBatt - ok
18:26:15.0022 0876 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
18:26:15.0022 0876 cmdide - ok
18:26:15.0038 0876 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:26:15.0038 0876 Compbatt - ok
18:26:15.0084 0876 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:26:15.0084 0876 crcdisk - ok
18:26:15.0131 0876 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:26:15.0131 0876 Crusoe - ok
18:26:15.0272 0876 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:26:15.0287 0876 DfsC - ok
18:26:15.0443 0876 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:26:15.0443 0876 disk - ok
18:26:15.0646 0876 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:26:15.0646 0876 drmkaud - ok
18:26:15.0708 0876 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:26:15.0724 0876 DXGKrnl - ok
18:26:15.0849 0876 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:26:15.0864 0876 E1G60 - ok
18:26:15.0958 0876 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:26:15.0958 0876 Ecache - ok
18:26:16.0020 0876 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:26:16.0036 0876 elxstor - ok
18:26:16.0083 0876 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
18:26:16.0083 0876 enecir - ok
18:26:16.0161 0876 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:26:16.0176 0876 ErrDev - ok
18:26:16.0332 0876 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:26:16.0332 0876 exfat - ok
18:26:16.0364 0876 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:26:16.0364 0876 fastfat - ok
18:26:16.0426 0876 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:26:16.0426 0876 fdc - ok
18:26:16.0457 0876 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:26:16.0457 0876 FileInfo - ok
18:26:16.0535 0876 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:26:16.0535 0876 Filetrace - ok
18:26:16.0582 0876 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:26:16.0582 0876 flpydisk - ok
18:26:16.0644 0876 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:26:16.0644 0876 FltMgr - ok
18:26:16.0769 0876 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:26:16.0769 0876 Fs_Rec - ok
18:26:16.0785 0876 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:26:16.0785 0876 gagp30kx - ok
18:26:16.0988 0876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:26:16.0988 0876 GEARAspiWDM - ok
18:26:17.0112 0876 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
18:26:17.0112 0876 HdAudAddService - ok
18:26:17.0175 0876 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:26:17.0190 0876 HDAudBus - ok
18:26:17.0222 0876 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:26:17.0222 0876 HidBth - ok
18:26:17.0315 0876 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
18:26:17.0315 0876 HidIr - ok
18:26:17.0346 0876 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:26:17.0346 0876 HidUsb - ok
18:26:17.0378 0876 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:26:17.0378 0876 HpCISSs - ok
18:26:17.0424 0876 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:26:17.0424 0876 hpdskflt - ok
18:26:17.0471 0876 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:26:17.0471 0876 HpqKbFiltr - ok
18:26:17.0627 0876 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:26:17.0627 0876 HTTP - ok
18:26:17.0674 0876 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:26:17.0674 0876 i2omp - ok
18:26:17.0768 0876 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:26:17.0783 0876 i8042prt - ok
18:26:17.0830 0876 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:26:17.0830 0876 iaStorV - ok
18:26:17.0877 0876 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:26:17.0877 0876 iirsp - ok
18:26:17.0986 0876 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
18:26:17.0986 0876 intelide - ok
18:26:18.0064 0876 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:26:18.0064 0876 intelppm - ok
18:26:18.0189 0876 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:26:18.0189 0876 IpFilterDriver - ok
18:26:18.0220 0876 IpInIp - ok
18:26:18.0314 0876 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:26:18.0314 0876 IPMIDRV - ok
18:26:18.0345 0876 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:26:18.0360 0876 IPNAT - ok
18:26:18.0392 0876 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:26:18.0392 0876 IRENUM - ok
18:26:18.0485 0876 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:26:18.0485 0876 isapnp - ok
18:26:18.0516 0876 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:26:18.0532 0876 iScsiPrt - ok
18:26:18.0548 0876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:26:18.0548 0876 iteatapi - ok
18:26:18.0563 0876 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:26:18.0563 0876 iteraid - ok
18:26:18.0626 0876 JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
18:26:18.0626 0876 JMCR - ok
18:26:18.0641 0876 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:26:18.0641 0876 kbdclass - ok
18:26:18.0735 0876 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:26:18.0735 0876 kbdhid - ok
18:26:18.0797 0876 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:26:18.0813 0876 KSecDD - ok
18:26:18.0922 0876 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:26:18.0922 0876 lltdio - ok
18:26:18.0953 0876 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:26:18.0969 0876 LSI_FC - ok
18:26:19.0000 0876 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:26:19.0016 0876 LSI_SAS - ok
18:26:19.0047 0876 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:26:19.0047 0876 LSI_SCSI - ok
18:26:19.0140 0876 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:26:19.0140 0876 luafv - ok
18:26:19.0172 0876 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:26:19.0172 0876 megasas - ok
18:26:19.0218 0876 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:26:19.0234 0876 MegaSR - ok
18:26:19.0281 0876 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:26:19.0281 0876 Modem - ok
18:26:19.0312 0876 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:26:19.0312 0876 monitor - ok
18:26:19.0437 0876 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:26:19.0437 0876 mouclass - ok
18:26:19.0468 0876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:26:19.0468 0876 mouhid - ok
18:26:19.0562 0876 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:26:19.0562 0876 MountMgr - ok
18:26:19.0593 0876 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:26:19.0593 0876 mpio - ok
18:26:19.0624 0876 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:26:19.0624 0876 mpsdrv - ok
18:26:19.0749 0876 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:26:19.0749 0876 Mraid35x - ok
18:26:19.0780 0876 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:26:19.0780 0876 MRxDAV - ok
18:26:19.0827 0876 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:26:19.0827 0876 mrxsmb - ok
18:26:19.0874 0876 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:26:19.0874 0876 mrxsmb10 - ok
18:26:19.0889 0876 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:26:19.0905 0876 mrxsmb20 - ok
18:26:19.0998 0876 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:26:19.0998 0876 msahci - ok
18:26:20.0030 0876 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:26:20.0045 0876 msdsm - ok
18:26:20.0170 0876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:26:20.0170 0876 Msfs - ok
18:26:20.0248 0876 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:26:20.0248 0876 msisadrv - ok
18:26:20.0310 0876 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:26:20.0310 0876 MSKSSRV - ok
18:26:20.0435 0876 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:26:20.0451 0876 MSPCLOCK - ok
18:26:20.0466 0876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:26:20.0466 0876 MSPQM - ok
18:26:20.0529 0876 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:26:20.0529 0876 MsRPC - ok
18:26:20.0622 0876 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:26:20.0622 0876 mssmbios - ok
18:26:20.0654 0876 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:26:20.0654 0876 MSTEE - ok
18:26:20.0700 0876 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:26:20.0700 0876 Mup - ok
18:26:20.0778 0876 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:26:20.0794 0876 NativeWifiP - ok
18:26:20.0810 0876 NAVENG - ok
18:26:20.0825 0876 NAVEX15 - ok
18:26:20.0981 0876 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:26:21.0012 0876 NDIS - ok
18:26:21.0044 0876 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:26:21.0059 0876 NdisTapi - ok
18:26:21.0090 0876 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:26:21.0090 0876 Ndisuio - ok
18:26:21.0215 0876 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:21.0215 0876 NdisWan - ok
18:26:21.0262 0876 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:26:21.0262 0876 NDProxy - ok
18:26:21.0309 0876 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:26:21.0309 0876 NetBIOS - ok
18:26:21.0356 0876 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:26:21.0371 0876 netbt - ok
18:26:21.0574 0876 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:26:21.0652 0876 NETw3v32 - ok
18:26:21.0886 0876 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:26:21.0980 0876 NETw5v32 - ok
18:26:22.0026 0876 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:26:22.0026 0876 nfrd960 - ok
18:26:22.0089 0876 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:26:22.0089 0876 Npfs - ok
18:26:22.0120 0876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:26:22.0136 0876 nsiproxy - ok
18:26:22.0198 0876 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:26:22.0214 0876 Ntfs - ok
18:26:22.0245 0876 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:26:22.0260 0876 ntrigdigi - ok
18:26:22.0307 0876 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:26:22.0307 0876 Null - ok
18:26:22.0338 0876 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:26:22.0338 0876 nvraid - ok
18:26:22.0354 0876 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:26:22.0354 0876 nvstor - ok
18:26:22.0385 0876 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:26:22.0401 0876 nv_agp - ok
18:26:22.0416 0876 NwlnkFlt - ok
18:26:22.0432 0876 NwlnkFwd - ok
18:26:22.0510 0876 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:26:22.0510 0876 ohci1394 - ok
18:26:22.0572 0876 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:26:22.0572 0876 Parport - ok
18:26:22.0635 0876 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:26:22.0635 0876 partmgr - ok
18:26:22.0682 0876 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:26:22.0682 0876 Parvdm - ok
18:26:22.0728 0876 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:26:22.0744 0876 pci - ok
18:26:22.0760 0876 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
18:26:22.0760 0876 pciide - ok
18:26:22.0822 0876 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:26:22.0822 0876 pcmcia - ok
18:26:22.0916 0876 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:26:22.0947 0876 PEAUTH - ok
18:26:23.0103 0876 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:26:23.0118 0876 PptpMiniport - ok
18:26:23.0165 0876 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:26:23.0165 0876 Processor - ok
18:26:23.0290 0876 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:26:23.0306 0876 PSched - ok
18:26:23.0321 0876 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
18:26:23.0337 0876 PxHelp20 - ok
18:26:23.0399 0876 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:26:23.0430 0876 ql2300 - ok
18:26:23.0477 0876 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:26:23.0477 0876 ql40xx - ok
18:26:23.0633 0876 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:26:23.0633 0876 QWAVEdrv - ok
18:26:23.0680 0876 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:26:23.0680 0876 RasAcd - ok
18:26:23.0711 0876 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:26:23.0727 0876 Rasl2tp - ok
18:26:23.0774 0876 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:26:23.0774 0876 RasPppoe - ok
18:26:23.0867 0876 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:26:23.0867 0876 RasSstp - ok
18:26:23.0898 0876 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:26:23.0914 0876 rdbss - ok
18:26:23.0930 0876 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:26:23.0930 0876 RDPCDD - ok
18:26:23.0992 0876 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:26:24.0008 0876 rdpdr - ok
18:26:24.0023 0876 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:26:24.0023 0876 RDPENCDD - ok
18:26:24.0101 0876 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:26:24.0101 0876 RDPWD - ok
18:26:24.0179 0876 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:26:24.0179 0876 rspndr - ok
18:26:24.0304 0876 RTL8169 (53892cbd9735a80712ee9439268344b4) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:26:24.0320 0876 RTL8169 - ok
18:26:24.0351 0876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:26:24.0366 0876 sbp2port - ok
18:26:24.0429 0876 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:26:24.0429 0876 sdbus - ok
18:26:24.0491 0876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:26:24.0491 0876 secdrv - ok
18:26:24.0554 0876 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:26:24.0554 0876 Serenum - ok
18:26:24.0616 0876 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:26:24.0616 0876 Serial - ok
18:26:24.0663 0876 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:26:24.0678 0876 sermouse - ok
18:26:24.0741 0876 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:26:24.0741 0876 sffdisk - ok
18:26:24.0772 0876 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:26:24.0772 0876 sffp_mmc - ok
18:26:24.0819 0876 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:26:24.0819 0876 sffp_sd - ok
18:26:24.0850 0876 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:26:24.0850 0876 sfloppy - ok
18:26:24.0897 0876 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:26:24.0897 0876 sisagp - ok
18:26:24.0944 0876 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:26:24.0944 0876 SiSRaid2 - ok
18:26:24.0959 0876 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:26:24.0975 0876 SiSRaid4 - ok
18:26:25.0022 0876 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:26:25.0022 0876 Smb - ok
18:26:25.0068 0876 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:26:25.0084 0876 spldr - ok
18:26:25.0100 0876 SRTSP - ok
18:26:25.0131 0876 SRTSPX - ok
18:26:25.0178 0876 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:26:25.0193 0876 srv - ok
18:26:25.0256 0876 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:26:25.0271 0876 srv2 - ok
18:26:25.0318 0876 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:26:25.0318 0876 srvnet - ok
18:26:25.0505 0876 STHDA (e3c50b029bd08a35fc6a5f0b1cf5d300) C:\Windows\system32\DRIVERS\stwrt.sys
18:26:25.0521 0876 STHDA - ok
18:26:25.0552 0876 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:26:25.0568 0876 swenum - ok
18:26:25.0583 0876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:26:25.0599 0876 Symc8xx - ok
18:26:25.0614 0876 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:26:25.0630 0876 Sym_hi - ok
18:26:25.0646 0876 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:26:25.0646 0876 Sym_u3 - ok
18:26:25.0708 0876 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
18:26:25.0708 0876 SynTP - ok
18:26:25.0911 0876 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:26:25.0958 0876 Tcpip - ok
18:26:26.0020 0876 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:26:26.0036 0876 Tcpip6 - ok
18:26:26.0160 0876 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:26:26.0160 0876 tcpipreg - ok
18:26:26.0254 0876 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:26:26.0254 0876 TDPIPE - ok
18:26:26.0332 0876 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:26:26.0332 0876 TDTCP - ok
18:26:26.0441 0876 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:26:26.0457 0876 tdx - ok
18:26:26.0488 0876 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:26:26.0488 0876 TermDD - ok
18:26:26.0582 0876 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:26:26.0597 0876 tssecsrv - ok
18:26:26.0613 0876 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:26:26.0613 0876 tunmp - ok
18:26:26.0706 0876 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:26:26.0706 0876 tunnel - ok
18:26:26.0800 0876 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:26:26.0800 0876 uagp35 - ok
18:26:26.0878 0876 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:26:26.0894 0876 udfs - ok
18:26:26.0940 0876 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:26:26.0940 0876 uliagpkx - ok
18:26:26.0972 0876 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:26:26.0987 0876 uliahci - ok
18:26:27.0003 0876 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:26:27.0018 0876 UlSata - ok
18:26:27.0034 0876 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:26:27.0034 0876 ulsata2 - ok
18:26:27.0065 0876 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:26:27.0065 0876 umbus - ok
18:26:27.0112 0876 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:26:27.0112 0876 usbccgp - ok
18:26:27.0143 0876 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:26:27.0159 0876 usbcir - ok
18:26:27.0237 0876 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:26:27.0237 0876 usbehci - ok
18:26:27.0284 0876 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:26:27.0284 0876 usbhub - ok
18:26:27.0377 0876 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:26:27.0377 0876 usbohci - ok
18:26:27.0440 0876 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:26:27.0440 0876 usbprint - ok
18:26:27.0486 0876 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:26:27.0502 0876 usbscan - ok
18:26:27.0549 0876 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:26:27.0564 0876 USBSTOR - ok
18:26:27.0611 0876 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:26:27.0611 0876 usbuhci - ok
18:26:27.0689 0876 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:26:27.0689 0876 usbvideo - ok
18:26:27.0814 0876 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:26:27.0830 0876 vga - ok
18:26:27.0876 0876 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:26:27.0876 0876 VgaSave - ok
18:26:27.0923 0876 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:26:27.0923 0876 viaagp - ok
18:26:27.0986 0876 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:26:27.0986 0876 ViaC7 - ok
18:26:28.0032 0876 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
18:26:28.0032 0876 viaide - ok
18:26:28.0064 0876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:26:28.0064 0876 volmgr - ok
18:26:28.0110 0876 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:26:28.0110 0876 volmgrx - ok
18:26:28.0142 0876 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:26:28.0157 0876 volsnap - ok
18:26:28.0204 0876 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:26:28.0204 0876 vsmraid - ok
18:26:28.0266 0876 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
18:26:28.0266 0876 wacmoumonitor - ok
18:26:28.0360 0876 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
18:26:28.0360 0876 wacommousefilter - ok
18:26:28.0422 0876 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:26:28.0422 0876 WacomPen - ok
18:26:28.0485 0876 wacomvhid (d412d2cc82c3d469415758cab44875a4) C:\Windows\system32\DRIVERS\wacomvhid.sys
18:26:28.0485 0876 wacomvhid - ok
18:26:28.0547 0876 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
18:26:28.0547 0876 WacomVKHid - ok
18:26:28.0594 0876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:26:28.0594 0876 Wanarp - ok
18:26:28.0625 0876 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:26:28.0625 0876 Wanarpv6 - ok
18:26:28.0672 0876 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:26:28.0672 0876 Wd - ok
18:26:28.0719 0876 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:26:28.0750 0876 Wdf01000 - ok
18:26:28.0922 0876 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
18:26:28.0922 0876 WinUSB - ok
18:26:28.0984 0876 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:26:28.0984 0876 WmiAcpi - ok
18:26:29.0124 0876 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:26:29.0124 0876 WpdUsb - ok
18:26:29.0187 0876 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:26:29.0187 0876 ws2ifsl - ok
18:26:29.0312 0876 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:29.0327 0876 WUDFRd - ok
18:26:29.0452 0876 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
18:26:29.0468 0876 yukonwlh - ok
18:26:29.0530 0876 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
18:26:29.0546 0876 \Device\Harddisk0\DR0 - ok
18:26:29.0561 0876 Boot (0x1200) (0cc29ddd214e2b460b9835623642f7b6) \Device\Harddisk0\DR0\Partition0
18:26:29.0561 0876 \Device\Harddisk0\DR0\Partition0 - ok
18:26:29.0592 0876 Boot (0x1200) (c5385eac35682f1669b263b339d59ee6) \Device\Harddisk0\DR0\Partition1
18:26:29.0592 0876 \Device\Harddisk0\DR0\Partition1 - ok
18:26:29.0592 0876 ============================================================
18:26:29.0592 0876 Scan finished
18:26:29.0592 0876 ============================================================
18:26:29.0624 3424 Detected object count: 0
18:26:29.0624 3424 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 11 November 2011 - 09:50 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 LNinja

LNinja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 12 November 2011 - 12:09 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-11 21:07:02
-----------------------------
21:07:02.465 OS Version: Windows 6.0.6002 Service Pack 2
21:07:02.465 Number of processors: 2 586 0x170A
21:07:02.468 ComputerName: OLLIVANDER UserName: Rachael
21:07:35.821 Initialize success
21:07:52.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:07:52.555 Disk 0 Vendor: ST9320325AS 0005HPM1 Size: 305245MB BusType: 3
21:07:54.657 Disk 0 MBR read successfully
21:07:54.663 Disk 0 MBR scan
21:07:54.668 Disk 0 unknown MBR code
21:07:54.681 Disk 0 scanning sectors +625135616
21:07:54.775 Disk 0 scanning C:\Windows\system32\drivers
21:08:04.638 Service scanning
21:08:06.827 Modules scanning
21:08:15.636 Disk 0 trace - called modules:
21:08:15.811 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys
21:08:15.820 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f5d7d0]
21:08:15.828 3 CLASSPNP.SYS[8a4098b3] -> nt!IofCallDriver -> [0x859a6378]
21:08:15.837 5 hpdskflt.sys[8b1a6f05] -> nt!IofCallDriver -> [0x8577ec10]
21:08:15.849 7 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85762230]
21:08:15.860 Scan finished successfully
21:08:36.937 Disk 0 MBR has been saved successfully to "C:\Users\Rachael\Desktop\MBR.dat"
21:08:36.952 The log file has been saved successfully to "C:\Users\Rachael\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 12 November 2011 - 11:43 AM

System Recovery Environment

To access the System Recovery Environment, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 LNinja

LNinja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 13 November 2011 - 01:47 PM

All right, done. Didn't have any problems booting afterwards, but no change in the malware situation.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 13 November 2011 - 04:17 PM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 LNinja

LNinja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 16 November 2011 - 04:54 AM

I'll give this a shot as soon as I can.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users