Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting Infection


  • This topic is locked This topic is locked
35 replies to this topic

#1 base5

base5

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 04 November 2011 - 11:02 PM

Hello,

Thank you for your time with this matter.

I have a computer that is/was infected with various viruses, trojans, etc. Here are the steps I have taken up to this point:
Install/full scan of Microsoft Security Essentials
Install/full scan of Ad-aware
Install/full scan of Malwarebites
Install and use Revo Uninstall to clear out unwanted programs
Install and use CCleaner to remove temp/cache/registry files
Install and use TDSSKiller
Checked proxy settings
Checked hidden driver files

I removed 12-15 different infections with the various scans and cleaning. Everything installed will now return a clean scan result. The problem is that I cannot seem to get rid of the redirecting issue. I also have issues with iexplorer.exe starting randomly and popping up on its own. Please advise.

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by threeboys at 23:32:16 on 2011-11-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2460 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
TCP: Interfaces\{14A26281-AA91-44D5-A6B9-DD4642D77084} : DhcpNameServer = 74.128.19.102 74.128.17.114
TCP: Interfaces\{14A26281-AA91-44D5-A6B9-DD4642D77084}\34F657E64727970294E6E6 : DhcpNameServer = 216.136.95.2 64.132.94.250
TCP: Interfaces\{14A26281-AA91-44D5-A6B9-DD4642D77084}\34F6D666F6274794E6E6 : DhcpNameServer = 24.159.64.20 24.159.64.23
TCP: Interfaces\{14A26281-AA91-44D5-A6B9-DD4642D77084}\5627E6563747E65647 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{14A26281-AA91-44D5-A6B9-DD4642D77084}\7596E676164756 : DhcpNameServer = 168.95.1.1
TCP: Interfaces\{14A26281-AA91-44D5-A6B9-DD4642D77084}\8686F6E6F62737 : DhcpNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{14A26281-AA91-44D5-A6B9-DD4642D77084}\944574048686F6E6F6273743 : DhcpNameServer = 10.61.32.1 1.1.1.1
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-10-29 17152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-4-9 126392]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-13 228408]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-10-31 01:29:00 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9EFD4C00-B6CC-4021-ABA3-A54A9217E8DB}\offreg.dll
2011-10-31 01:28:59 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9EFD4C00-B6CC-4021-ABA3-A54A9217E8DB}\mpengine.dll
2011-10-31 00:36:44 -------- d-----w- C:\Users\threeboys\AppData\Roaming\Malwarebytes
2011-10-31 00:36:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-31 00:36:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-31 00:03:31 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-30 23:59:07 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-10-30 23:53:14 -------- d--h--w- C:\Windows\AxInstSV
2011-10-30 22:26:35 -------- d-----w- C:\Program Files\CCleaner
2011-10-30 15:56:52 8192 ----a-w- C:\Users\threeboys\AppData\Roaming\il3vtp1zf.exe
2011-10-30 15:56:03 152 ----a-w- C:\Users\threeboys\AppData\Roaming\91g92cj7.bat
2011-10-30 15:56:01 257024 ----a-w- C:\Users\threeboys\taskmgr.exe
2011-10-30 15:56:00 5632 --sha-w- C:\Users\threeboys\wevtapi.dll
2011-10-30 02:54:30 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-10-30 00:51:14 190976 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-10-30 00:17:35 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-10-30 00:13:14 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-10-30 00:13:01 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-10-29 23:23:31 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F42358BD-1583-4F18-AB0F-8D930C6F0DFB}\gapaengine.dll
2011-10-29 23:14:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-10-29 23:14:35 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-10-29 23:14:19 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-10-22 12:35:59 -------- d-----w- C:\Users\threeboys\AppData\Local\Solid State Networks
2011-10-13 23:30:33 -------- d-----w- C:\Users\threeboys\AppData\Local\PackageAware
2011-10-13 20:40:34 -------- d-----w- C:\fac4a2b860ffbaf00b4860
2011-10-13 19:44:09 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 19:40:31 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 19:40:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-13 19:40:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-13 19:40:31 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 19:40:31 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-13 19:40:31 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 19:40:31 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-10-13 19:40:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-10-13 19:40:31 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 19:40:31 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-13 19:35:35 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 19:35:34 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 19:35:34 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 19:35:34 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 18:13:09 -------- d-----w- C:\Users\threeboys\AppData\Local\Google
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
.
============= FINISH: 23:40:57.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 PM

Posted 05 November 2011 - 09:15 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 base5

base5
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 06 November 2011 - 11:05 AM

I have run ComboFix, the log is posted below. I am still seeing the redirect issue when using any browser to search.

ComboFix 11-11-06.01 - threeboys 11/06/2011 8:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2529 [GMT -5:00]
Running from: c:\users\threeboys\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\threeboys\AppData\Roaming\il3vtp1zf.exe
c:\users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\extensions\{28e2d383-7680-4d34-bcf7-2e7d3193e609}
c:\users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\extensions\{28e2d383-7680-4d34-bcf7-2e7d3193e609}\chrome.manifest
c:\users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\extensions\{28e2d383-7680-4d34-bcf7-2e7d3193e609}\chrome\xulcache.jar
c:\users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\extensions\{28e2d383-7680-4d34-bcf7-2e7d3193e609}\defaults\preferences\xulcache.js
c:\users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\extensions\{28e2d383-7680-4d34-bcf7-2e7d3193e609}\install.rdf
c:\users\threeboys\Taskmgr.exe
c:\users\threeboys\wevtapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 14:11 . 2011-11-06 14:11 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84D2B3E9-5845-448B-AE07-D9218AAC4E91}\offreg.dll
2011-11-06 14:09 . 2011-11-06 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 13:30 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84D2B3E9-5845-448B-AE07-D9218AAC4E91}\mpengine.dll
2011-10-31 00:36 . 2011-10-31 00:36 -------- d-----w- c:\users\threeboys\AppData\Roaming\Malwarebytes
2011-10-31 00:36 . 2011-10-31 00:36 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 00:36 . 2011-10-31 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-31 00:03 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-30 23:59 . 2011-10-30 23:59 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-10-30 23:53 . 2011-10-30 23:53 -------- d--h--w- c:\windows\AxInstSV
2011-10-30 22:26 . 2011-10-30 22:26 -------- d-----w- c:\program files\CCleaner
2011-10-30 16:45 . 2011-10-30 16:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-30 16:37 . 2011-10-30 16:37 -------- d-----w- c:\programdata\McAfee
2011-10-30 15:56 . 2011-10-30 15:56 152 ----a-w- c:\users\threeboys\AppData\Roaming\91g92cj7.bat
2011-10-30 02:54 . 2011-10-30 00:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-30 00:51 . 2011-10-30 00:51 190976 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-10-30 00:17 . 2011-10-30 00:17 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-30 00:13 . 2011-10-30 00:13 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-30 00:13 . 2011-10-28 21:52 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-30 00:13 . 2011-10-30 00:13 -------- d-----w- c:\programdata\Lavasoft
2011-10-30 00:13 . 2011-10-30 00:13 -------- d-----w- c:\program files (x86)\Lavasoft
2011-10-30 00:07 . 2011-10-30 00:51 -------- d-----w- c:\users\threeboys\AppData\Local\Mozilla
2011-10-29 23:23 . 2011-10-04 21:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F42358BD-1583-4F18-AB0F-8D930C6F0DFB}\gapaengine.dll
2011-10-29 23:14 . 2011-10-29 23:14 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-29 23:14 . 2011-10-29 23:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-29 23:14 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-22 12:35 . 2011-10-30 21:02 -------- d-----w- c:\users\threeboys\AppData\Local\Solid State Networks
2011-10-13 23:30 . 2011-10-13 23:30 -------- d-----w- c:\users\threeboys\AppData\Local\PackageAware
2011-10-13 20:40 . 2011-10-13 20:40 -------- d-----w- C:\fac4a2b860ffbaf00b4860
2011-10-13 19:44 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 19:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 19:40 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 19:40 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-10-13 19:40 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 19:40 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 19:40 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 19:40 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 19:40 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-13 19:40 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-13 19:40 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-10-13 19:35 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 19:35 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 19:35 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 19:35 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 18:13 . 2011-10-13 18:13 -------- d-----w- c:\windows\system32\Macromed
2011-10-13 18:13 . 2011-10-31 00:20 -------- d-----w- c:\program files\Google
2011-10-13 18:13 . 2011-10-31 00:14 -------- d-----w- c:\users\threeboys\AppData\Local\Google
2011-10-13 18:13 . 2011-10-31 00:20 -------- d-----w- c:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 00:26 . 2011-09-23 22:01 9049936 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B528C85B-8A70-4102-8CB4-756406582EAB}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver; [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-30 17152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ---ha-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 21:52]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 18:13]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 18:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-13 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
FF - ProfilePath - c:\users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-11-06 09:33:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-06 14:33
.
Pre-Run: 187,452,964,864 bytes free
Post-Run: 187,000,373,248 bytes free
.
- - End Of File - - DE78B3EDA69F84498CE085259A25DAE6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 PM

Posted 06 November 2011 - 12:14 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 base5

base5
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 06 November 2011 - 12:37 PM

TDSSKiller found no infections.

12:35:39.0839 1076 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
12:35:40.0151 1076 ============================================================
12:35:40.0151 1076 Current date / time: 2011/11/06 12:35:40.0151
12:35:40.0151 1076 SystemInfo:
12:35:40.0151 1076
12:35:40.0151 1076 OS Version: 6.1.7600 ServicePack: 0.0
12:35:40.0151 1076 Product type: Workstation
12:35:40.0151 1076 ComputerName: SHEADYBUG
12:35:40.0151 1076 UserName: threeboys
12:35:40.0151 1076 Windows directory: C:\Windows
12:35:40.0151 1076 System windows directory: C:\Windows
12:35:40.0151 1076 Running under WOW64
12:35:40.0151 1076 Processor architecture: Intel x64
12:35:40.0151 1076 Number of processors: 2
12:35:40.0151 1076 Page size: 0x1000
12:35:40.0151 1076 Boot type: Normal boot
12:35:40.0151 1076 ============================================================
12:35:41.0493 1076 Initialize success
12:35:44.0129 4008 ============================================================
12:35:44.0129 4008 Scan started
12:35:44.0129 4008 Mode: Manual;
12:35:44.0129 4008 ============================================================
12:35:45.0081 4008 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:35:45.0081 4008 1394ohci - ok
12:35:45.0112 4008 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:35:45.0127 4008 ACPI - ok
12:35:45.0190 4008 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:35:45.0190 4008 AcpiPmi - ok
12:35:45.0268 4008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:35:45.0268 4008 adp94xx - ok
12:35:45.0299 4008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:35:45.0315 4008 adpahci - ok
12:35:45.0346 4008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:35:45.0346 4008 adpu320 - ok
12:35:45.0439 4008 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:35:45.0439 4008 AFD - ok
12:35:45.0471 4008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:35:45.0471 4008 agp440 - ok
12:35:45.0533 4008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:35:45.0533 4008 aliide - ok
12:35:45.0580 4008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:35:45.0580 4008 amdide - ok
12:35:45.0611 4008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:35:45.0611 4008 AmdK8 - ok
12:35:45.0627 4008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:35:45.0642 4008 AmdPPM - ok
12:35:45.0673 4008 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:35:45.0673 4008 amdsata - ok
12:35:45.0705 4008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:35:45.0705 4008 amdsbs - ok
12:35:45.0736 4008 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:35:45.0736 4008 amdxata - ok
12:35:45.0829 4008 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:35:45.0845 4008 AppID - ok
12:35:46.0079 4008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:35:46.0079 4008 arc - ok
12:35:46.0110 4008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:35:46.0110 4008 arcsas - ok
12:35:46.0141 4008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:35:46.0157 4008 AsyncMac - ok
12:35:46.0173 4008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:35:46.0173 4008 atapi - ok
12:35:46.0266 4008 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
12:35:46.0297 4008 athr - ok
12:35:46.0360 4008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:35:46.0375 4008 b06bdrv - ok
12:35:46.0391 4008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:35:46.0407 4008 b57nd60a - ok
12:35:46.0438 4008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:35:46.0438 4008 Beep - ok
12:35:46.0485 4008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:35:46.0500 4008 blbdrive - ok
12:35:46.0547 4008 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:35:46.0547 4008 bowser - ok
12:35:46.0594 4008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:35:46.0594 4008 BrFiltLo - ok
12:35:46.0625 4008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:35:46.0625 4008 BrFiltUp - ok
12:35:46.0656 4008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:35:46.0672 4008 Brserid - ok
12:35:46.0687 4008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:35:46.0687 4008 BrSerWdm - ok
12:35:46.0719 4008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:35:46.0719 4008 BrUsbMdm - ok
12:35:46.0734 4008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:35:46.0734 4008 BrUsbSer - ok
12:35:46.0765 4008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:35:46.0765 4008 BTHMODEM - ok
12:35:46.0890 4008 catchme - ok
12:35:46.0953 4008 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
12:35:46.0953 4008 CAXHWAZL - ok
12:35:46.0968 4008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:35:46.0984 4008 cdfs - ok
12:35:47.0031 4008 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:35:47.0031 4008 cdrom - ok
12:35:47.0093 4008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:35:47.0093 4008 circlass - ok
12:35:47.0124 4008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:35:47.0124 4008 CLFS - ok
12:35:47.0171 4008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:35:47.0171 4008 CmBatt - ok
12:35:47.0187 4008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:35:47.0187 4008 cmdide - ok
12:35:47.0218 4008 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:35:47.0233 4008 CNG - ok
12:35:47.0280 4008 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys
12:35:47.0296 4008 CnxtHdAudService - ok
12:35:47.0358 4008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:35:47.0358 4008 Compbatt - ok
12:35:47.0405 4008 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:35:47.0405 4008 CompositeBus - ok
12:35:47.0467 4008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:35:47.0467 4008 crcdisk - ok
12:35:47.0545 4008 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:35:47.0545 4008 DfsC - ok
12:35:47.0577 4008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:35:47.0577 4008 discache - ok
12:35:47.0639 4008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:35:47.0639 4008 Disk - ok
12:35:47.0701 4008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:35:47.0701 4008 drmkaud - ok
12:35:47.0748 4008 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:35:47.0764 4008 DXGKrnl - ok
12:35:47.0842 4008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:35:47.0904 4008 ebdrv - ok
12:35:47.0982 4008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:35:47.0998 4008 elxstor - ok
12:35:48.0029 4008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:35:48.0029 4008 ErrDev - ok
12:35:48.0076 4008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:35:48.0076 4008 exfat - ok
12:35:48.0107 4008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:35:48.0107 4008 fastfat - ok
12:35:48.0138 4008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:35:48.0138 4008 fdc - ok
12:35:48.0169 4008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:35:48.0169 4008 FileInfo - ok
12:35:48.0185 4008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:35:48.0185 4008 Filetrace - ok
12:35:48.0216 4008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:35:48.0216 4008 flpydisk - ok
12:35:48.0247 4008 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:35:48.0247 4008 FltMgr - ok
12:35:48.0279 4008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:35:48.0279 4008 FsDepends - ok
12:35:48.0310 4008 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:35:48.0310 4008 Fs_Rec - ok
12:35:48.0341 4008 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:35:48.0341 4008 fvevol - ok
12:35:48.0372 4008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:35:48.0372 4008 gagp30kx - ok
12:35:48.0450 4008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:35:48.0450 4008 hcw85cir - ok
12:35:48.0481 4008 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:35:48.0481 4008 HdAudAddService - ok
12:35:48.0513 4008 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:35:48.0513 4008 HDAudBus - ok
12:35:48.0528 4008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:35:48.0528 4008 HidBatt - ok
12:35:48.0559 4008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:35:48.0559 4008 HidBth - ok
12:35:48.0575 4008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:35:48.0575 4008 HidIr - ok
12:35:48.0622 4008 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:35:48.0622 4008 HidUsb - ok
12:35:48.0684 4008 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:35:48.0684 4008 HpqKbFiltr - ok
12:35:48.0747 4008 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:35:48.0747 4008 HpSAMD - ok
12:35:48.0825 4008 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
12:35:48.0856 4008 HSF_DPV - ok
12:35:48.0918 4008 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:35:48.0949 4008 HTTP - ok
12:35:48.0965 4008 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:35:48.0965 4008 hwpolicy - ok
12:35:49.0012 4008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:35:49.0012 4008 i8042prt - ok
12:35:49.0059 4008 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:35:49.0059 4008 iaStorV - ok
12:35:49.0293 4008 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:35:49.0480 4008 igfx - ok
12:35:49.0495 4008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:35:49.0495 4008 iirsp - ok
12:35:49.0573 4008 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
12:35:49.0573 4008 IntcHdmiAddService - ok
12:35:49.0589 4008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:35:49.0589 4008 intelide - ok
12:35:49.0620 4008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:35:49.0636 4008 intelppm - ok
12:35:49.0651 4008 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:35:49.0667 4008 IpFilterDriver - ok
12:35:49.0683 4008 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:35:49.0683 4008 IPMIDRV - ok
12:35:49.0714 4008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:35:49.0714 4008 IPNAT - ok
12:35:49.0745 4008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:35:49.0745 4008 IRENUM - ok
12:35:49.0776 4008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:35:49.0776 4008 isapnp - ok
12:35:49.0823 4008 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:35:49.0823 4008 iScsiPrt - ok
12:35:49.0854 4008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:35:49.0854 4008 kbdclass - ok
12:35:49.0885 4008 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:35:49.0885 4008 kbdhid - ok
12:35:49.0917 4008 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:35:49.0917 4008 KSecDD - ok
12:35:49.0963 4008 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:35:49.0963 4008 KSecPkg - ok
12:35:49.0979 4008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:35:49.0979 4008 ksthunk - ok
12:35:50.0119 4008 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
12:35:50.0119 4008 Lavasoft Kernexplorer - ok
12:35:50.0166 4008 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
12:35:50.0166 4008 Lbd - ok
12:35:50.0244 4008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:35:50.0244 4008 lltdio - ok
12:35:50.0307 4008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:35:50.0307 4008 LSI_FC - ok
12:35:50.0322 4008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:35:50.0322 4008 LSI_SAS - ok
12:35:50.0353 4008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:35:50.0353 4008 LSI_SAS2 - ok
12:35:50.0385 4008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:35:50.0385 4008 LSI_SCSI - ok
12:35:50.0416 4008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:35:50.0416 4008 luafv - ok
12:35:50.0463 4008 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:35:50.0463 4008 mdmxsdk - ok
12:35:50.0509 4008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:35:50.0509 4008 megasas - ok
12:35:50.0525 4008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:35:50.0525 4008 MegaSR - ok
12:35:50.0572 4008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:35:50.0572 4008 Modem - ok
12:35:50.0603 4008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:35:50.0603 4008 monitor - ok
12:35:50.0650 4008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:35:50.0650 4008 mouclass - ok
12:35:50.0712 4008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:35:50.0712 4008 mouhid - ok
12:35:50.0728 4008 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:35:50.0743 4008 mountmgr - ok
12:35:50.0821 4008 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
12:35:50.0837 4008 MpFilter - ok
12:35:50.0853 4008 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:35:50.0853 4008 mpio - ok
12:35:50.0884 4008 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:35:50.0884 4008 MpNWMon - ok
12:35:50.0931 4008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:35:50.0946 4008 mpsdrv - ok
12:35:50.0977 4008 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:35:50.0977 4008 MRxDAV - ok
12:35:51.0055 4008 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:35:51.0133 4008 mrxsmb - ok
12:35:51.0196 4008 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:35:51.0211 4008 mrxsmb10 - ok
12:35:51.0227 4008 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:35:51.0227 4008 mrxsmb20 - ok
12:35:51.0258 4008 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:35:51.0258 4008 msahci - ok
12:35:51.0274 4008 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:35:51.0289 4008 msdsm - ok
12:35:51.0321 4008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:35:51.0321 4008 Msfs - ok
12:35:51.0367 4008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:35:51.0367 4008 mshidkmdf - ok
12:35:51.0383 4008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:35:51.0383 4008 msisadrv - ok
12:35:51.0445 4008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:35:51.0445 4008 MSKSSRV - ok
12:35:51.0508 4008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:35:51.0508 4008 MSPCLOCK - ok
12:35:51.0539 4008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:35:51.0539 4008 MSPQM - ok
12:35:51.0570 4008 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:35:51.0586 4008 MsRPC - ok
12:35:51.0617 4008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:35:51.0617 4008 mssmbios - ok
12:35:51.0648 4008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:35:51.0648 4008 MSTEE - ok
12:35:51.0664 4008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:35:51.0664 4008 MTConfig - ok
12:35:51.0695 4008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:35:51.0711 4008 Mup - ok
12:35:51.0757 4008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:35:51.0757 4008 NativeWifiP - ok
12:35:51.0835 4008 NAVENG - ok
12:35:51.0867 4008 NAVEX15 - ok
12:35:51.0929 4008 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:35:51.0945 4008 NDIS - ok
12:35:52.0007 4008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:35:52.0007 4008 NdisCap - ok
12:35:52.0054 4008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:35:52.0069 4008 NdisTapi - ok
12:35:52.0116 4008 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:35:52.0132 4008 Ndisuio - ok
12:35:52.0147 4008 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:35:52.0163 4008 NdisWan - ok
12:35:52.0179 4008 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:35:52.0179 4008 NDProxy - ok
12:35:52.0210 4008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:35:52.0210 4008 NetBIOS - ok
12:35:52.0225 4008 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:35:52.0241 4008 NetBT - ok
12:35:52.0397 4008 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:35:52.0506 4008 netw5v64 - ok
12:35:52.0553 4008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:35:52.0553 4008 nfrd960 - ok
12:35:52.0584 4008 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:35:52.0584 4008 NisDrv - ok
12:35:52.0647 4008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:35:52.0647 4008 Npfs - ok
12:35:52.0662 4008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:35:52.0662 4008 nsiproxy - ok
12:35:52.0725 4008 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:35:52.0756 4008 Ntfs - ok
12:35:52.0787 4008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:35:52.0787 4008 Null - ok
12:35:52.0818 4008 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:35:52.0818 4008 nvraid - ok
12:35:52.0865 4008 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:35:52.0865 4008 nvstor - ok
12:35:52.0881 4008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:35:52.0896 4008 nv_agp - ok
12:35:52.0927 4008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:35:52.0927 4008 ohci1394 - ok
12:35:52.0959 4008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:35:52.0959 4008 Parport - ok
12:35:52.0990 4008 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:35:52.0990 4008 partmgr - ok
12:35:53.0037 4008 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:35:53.0037 4008 pci - ok
12:35:53.0052 4008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:35:53.0052 4008 pciide - ok
12:35:53.0083 4008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:35:53.0099 4008 pcmcia - ok
12:35:53.0115 4008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:35:53.0115 4008 pcw - ok
12:35:53.0146 4008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:35:53.0161 4008 PEAUTH - ok
12:35:53.0271 4008 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:35:53.0271 4008 PptpMiniport - ok
12:35:53.0286 4008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:35:53.0286 4008 Processor - ok
12:35:53.0349 4008 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:35:53.0349 4008 Psched - ok
12:35:53.0411 4008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:35:53.0442 4008 ql2300 - ok
12:35:53.0473 4008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:35:53.0473 4008 ql40xx - ok
12:35:53.0505 4008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:35:53.0520 4008 QWAVEdrv - ok
12:35:53.0551 4008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:35:53.0551 4008 RasAcd - ok
12:35:53.0598 4008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:35:53.0598 4008 RasAgileVpn - ok
12:35:53.0629 4008 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:35:53.0629 4008 Rasl2tp - ok
12:35:53.0661 4008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:35:53.0676 4008 RasPppoe - ok
12:35:53.0723 4008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:35:53.0723 4008 RasSstp - ok
12:35:53.0754 4008 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:35:53.0770 4008 rdbss - ok
12:35:53.0801 4008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:35:53.0801 4008 rdpbus - ok
12:35:53.0832 4008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:35:53.0832 4008 RDPCDD - ok
12:35:53.0863 4008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:35:53.0863 4008 RDPENCDD - ok
12:35:53.0895 4008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:35:53.0895 4008 RDPREFMP - ok
12:35:53.0926 4008 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:35:53.0926 4008 RDPWD - ok
12:35:53.0988 4008 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:35:53.0988 4008 rdyboost - ok
12:35:54.0082 4008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:35:54.0082 4008 rspndr - ok
12:35:54.0129 4008 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
12:35:54.0144 4008 RSUSBSTOR - ok
12:35:54.0191 4008 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:35:54.0191 4008 RTL8167 - ok
12:35:54.0238 4008 RtsUIR - ok
12:35:54.0269 4008 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:35:54.0269 4008 sbp2port - ok
12:35:54.0300 4008 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:35:54.0300 4008 scfilter - ok
12:35:54.0347 4008 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
12:35:54.0347 4008 sdbus - ok
12:35:54.0378 4008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:35:54.0378 4008 secdrv - ok
12:35:54.0425 4008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:35:54.0425 4008 Serenum - ok
12:35:54.0441 4008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:35:54.0441 4008 Serial - ok
12:35:54.0472 4008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:35:54.0472 4008 sermouse - ok
12:35:54.0519 4008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:35:54.0519 4008 sffdisk - ok
12:35:54.0565 4008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:35:54.0565 4008 sffp_mmc - ok
12:35:54.0612 4008 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:35:54.0612 4008 sffp_sd - ok
12:35:54.0628 4008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:35:54.0628 4008 sfloppy - ok
12:35:54.0690 4008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:35:54.0690 4008 SiSRaid2 - ok
12:35:54.0721 4008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:35:54.0721 4008 SiSRaid4 - ok
12:35:54.0768 4008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:35:54.0768 4008 Smb - ok
12:35:54.0815 4008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:35:54.0815 4008 spldr - ok
12:35:54.0909 4008 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
12:35:54.0909 4008 SRTSP - ok
12:35:54.0924 4008 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
12:35:54.0924 4008 SRTSPX - ok
12:35:54.0987 4008 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:35:54.0987 4008 srv - ok
12:35:55.0018 4008 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:35:55.0018 4008 srv2 - ok
12:35:55.0080 4008 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:35:55.0080 4008 SrvHsfHDA - ok
12:35:55.0127 4008 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:35:55.0158 4008 SrvHsfV92 - ok
12:35:55.0174 4008 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:35:55.0205 4008 SrvHsfWinac - ok
12:35:55.0221 4008 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:35:55.0221 4008 srvnet - ok
12:35:55.0283 4008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:35:55.0283 4008 stexstor - ok
12:35:55.0345 4008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:35:55.0345 4008 swenum - ok
12:35:55.0408 4008 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
12:35:55.0408 4008 SynTP - ok
12:35:55.0486 4008 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
12:35:55.0548 4008 Tcpip - ok
12:35:55.0595 4008 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
12:35:55.0611 4008 TCPIP6 - ok
12:35:55.0642 4008 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:35:55.0642 4008 tcpipreg - ok
12:35:55.0673 4008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:35:55.0673 4008 TDPIPE - ok
12:35:55.0689 4008 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:35:55.0689 4008 TDTCP - ok
12:35:55.0720 4008 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:35:55.0720 4008 tdx - ok
12:35:55.0735 4008 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:35:55.0735 4008 TermDD - ok
12:35:55.0798 4008 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:35:55.0798 4008 tssecsrv - ok
12:35:55.0845 4008 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:35:55.0845 4008 tunnel - ok
12:35:55.0876 4008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:35:55.0891 4008 uagp35 - ok
12:35:55.0923 4008 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
12:35:55.0938 4008 udfs - ok
12:35:55.0985 4008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:35:55.0985 4008 uliagpkx - ok
12:35:56.0016 4008 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:35:56.0016 4008 umbus - ok
12:35:56.0047 4008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:35:56.0047 4008 UmPass - ok
12:35:56.0094 4008 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
12:35:56.0094 4008 usbccgp - ok
12:35:56.0125 4008 USBCCID - ok
12:35:56.0172 4008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:35:56.0172 4008 usbcir - ok
12:35:56.0203 4008 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
12:35:56.0203 4008 usbehci - ok
12:35:56.0250 4008 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
12:35:56.0266 4008 usbhub - ok
12:35:56.0297 4008 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
12:35:56.0297 4008 usbohci - ok
12:35:56.0344 4008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:35:56.0344 4008 usbprint - ok
12:35:56.0391 4008 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:35:56.0391 4008 USBSTOR - ok
12:35:56.0422 4008 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
12:35:56.0422 4008 usbuhci - ok
12:35:56.0484 4008 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
12:35:56.0484 4008 usbvideo - ok
12:35:56.0547 4008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:35:56.0547 4008 vdrvroot - ok
12:35:56.0593 4008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:35:56.0593 4008 vga - ok
12:35:56.0609 4008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:35:56.0609 4008 VgaSave - ok
12:35:56.0656 4008 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:35:56.0656 4008 vhdmp - ok
12:35:56.0703 4008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:35:56.0703 4008 viaide - ok
12:35:56.0718 4008 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:35:56.0718 4008 volmgr - ok
12:35:56.0749 4008 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:35:56.0749 4008 volmgrx - ok
12:35:56.0796 4008 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:35:56.0796 4008 volsnap - ok
12:35:56.0843 4008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:35:56.0843 4008 vsmraid - ok
12:35:56.0874 4008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:35:56.0874 4008 vwifibus - ok
12:35:56.0921 4008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:35:56.0921 4008 vwififlt - ok
12:35:56.0952 4008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:35:56.0968 4008 WacomPen - ok
12:35:56.0999 4008 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:56.0999 4008 WANARP - ok
12:35:57.0015 4008 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:35:57.0015 4008 Wanarpv6 - ok
12:35:57.0077 4008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:35:57.0077 4008 Wd - ok
12:35:57.0124 4008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:35:57.0139 4008 Wdf01000 - ok
12:35:57.0171 4008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:35:57.0171 4008 WfpLwf - ok
12:35:57.0202 4008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:35:57.0202 4008 WIMMount - ok
12:35:57.0264 4008 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
12:35:57.0295 4008 winachsf - ok
12:35:57.0358 4008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:35:57.0358 4008 WmiAcpi - ok
12:35:57.0420 4008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:35:57.0420 4008 ws2ifsl - ok
12:35:57.0467 4008 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:35:57.0467 4008 WudfPf - ok
12:35:57.0529 4008 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:35:57.0529 4008 WUDFRd - ok
12:35:57.0576 4008 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
12:35:57.0576 4008 XAudio - ok
12:35:57.0623 4008 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
12:35:57.0623 4008 yukonw7 - ok
12:35:57.0654 4008 MBR (0x1B8) (bf1662d133fb47ed2731a4dfb11446c3) \Device\Harddisk0\DR0
12:35:57.0670 4008 \Device\Harddisk0\DR0 - ok
12:35:57.0670 4008 Boot (0x1200) (699a9ec11ee37746da7cf6073c34e339) \Device\Harddisk0\DR0\Partition0
12:35:57.0685 4008 \Device\Harddisk0\DR0\Partition0 - ok
12:35:57.0701 4008 Boot (0x1200) (8ba3f30deaf46d6d1ba3922452f193ee) \Device\Harddisk0\DR0\Partition1
12:35:57.0701 4008 \Device\Harddisk0\DR0\Partition1 - ok
12:35:57.0732 4008 Boot (0x1200) (1a80abf0c6cb5cce60b4bc2011bb7495) \Device\Harddisk0\DR0\Partition2
12:35:57.0732 4008 \Device\Harddisk0\DR0\Partition2 - ok
12:35:57.0732 4008 ============================================================
12:35:57.0732 4008 Scan finished
12:35:57.0732 4008 ============================================================
12:35:57.0748 2012 Detected object count: 0
12:35:57.0748 2012 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 PM

Posted 06 November 2011 - 02:42 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 base5

base5
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 06 November 2011 - 05:57 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : sheadybug
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 70-F1-A1-12-23-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d448:457a:f172:874d%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 06, 2011 10:56:40 AM
Lease Expires . . . . . . . . . . : Monday, November 07, 2011 5:53:46 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 326168993
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-50-BE-EF-00-26-2D-BD-80-AC
DNS Servers . . . . . . . . . . . : 74.128.19.102
74.128.17.114
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-2D-BD-80-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{14A26281-AA91-44D5-A6B9-DD4642D77084}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1849:569:3f57:fe94(Preferred)
Link-local IPv6 Address . . . . . : fe80::1849:569:3f57:fe94%18(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cache2.insightbb.com
Address: 74.128.19.102

Name: google.com
Addresses: 74.125.93.103
74.125.93.104
74.125.93.105
74.125.93.106
74.125.93.147
74.125.93.99

Server: cache2.insightbb.com
Address: 74.128.19.102

Name: yahoo.com
Addresses: 67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging google.com [74.125.93.103] with 32 bytes of data:
Reply from 74.125.93.103: bytes=32 time=47ms TTL=50
Reply from 74.125.93.103: bytes=32 time=50ms TTL=50

Ping statistics for 74.125.93.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 50ms, Average = 48ms

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=73ms TTL=48
Reply from 72.30.2.43: bytes=32 time=73ms TTL=48

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 73ms, Average = 73ms
===========================================================================
Interface List
12...70 f1 a1 12 23 61 ......Atheros AR9285 802.11b/g/n WiFi Adapter
11...00 26 2d bd 80 ac ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 281
192.168.1.107 255.255.255.255 On-link 192.168.1.107 281
192.168.1.255 255.255.255.255 On-link 192.168.1.107 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:1849:569:3f57:fe94/128
On-link
12 281 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::1849:569:3f57:fe94/128
On-link
12 281 fe80::d448:457a:f172:874d/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 PM

Posted 07 November 2011 - 01:44 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 base5

base5
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 07 November 2011 - 12:36 PM

When the scan completed, MSE opened up with a virus warning saying it had suspended Alureon.C. I have run MSE several times, including a full scan and it was returning clean results until now.

Here is the log file from the previous application:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-07 12:29:37
-----------------------------
12:29:37.077 OS Version: Windows x64 6.1.7600
12:29:37.077 Number of processors: 2 586 0x170A
12:29:37.077 ComputerName: SHEADYBUG UserName: threeboys
12:29:38.621 Initialize success
12:30:03.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:30:03.207 Disk 0 Vendor: ST9250410AS 0006HPM1 Size: 238475MB BusType: 11
12:30:05.235 Disk 0 MBR read successfully
12:30:05.250 Disk 0 MBR scan
12:30:05.250 Disk 0 TDL4@MBR code has been found
12:30:05.250 Disk 0 MBR hidden
12:30:05.250 Disk 0 MBR [TDL4] **ROOTKIT**
12:30:05.266 Disk 0 trace - called modules:
12:30:05.266 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004a8a254]<<
12:30:05.282 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a6d060]
12:30:05.282 3 CLASSPNP.SYS[fffff880010d543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ff060]
12:30:05.282 \Driver\atapi[0xfffffa80046ba5b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a8a254
12:30:05.297 Scan finished successfully
12:30:21.490 Disk 0 MBR has been saved successfully to "C:\Users\threeboys\Desktop\MBR.dat"
12:30:21.506 The log file has been saved successfully to "C:\Users\threeboys\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 PM

Posted 07 November 2011 - 01:08 PM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 base5

base5
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 07 November 2011 - 04:43 PM

For the first time in a week, I do not have iexplorer.exe process running with machine boot up. I also ran some quick checks on searches and I had NO REDIRECTIONS! I will keep an eye on this, but as of this moment things look pretty good.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-07 16:35:20
-----------------------------
16:35:20.959 OS Version: Windows x64 6.1.7600
16:35:20.959 Number of processors: 2 586 0x170A
16:35:20.959 ComputerName: SHEADYBUG UserName: threeboys
16:35:24.891 Initialize success
16:35:30.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:35:30.288 Disk 0 Vendor: ST9250410AS 0006HPM1 Size: 238475MB BusType: 11
16:35:32.301 Disk 0 MBR read successfully
16:35:32.301 Disk 0 MBR scan
16:35:32.301 Disk 0 TDL4@MBR code has been found
16:35:32.316 Disk 0 MBR hidden
16:35:32.316 Disk 0 MBR [TDL4] **ROOTKIT**
16:35:32.316 Disk 0 trace - called modules:
16:35:32.332 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004a8a254]<<
16:35:32.332 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a6d060]
16:35:32.332 3 CLASSPNP.SYS[fffff880010d543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ff060]
16:35:32.347 \Driver\atapi[0xfffffa80046ba5b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a8a254
16:35:32.347 Scan finished successfully
16:35:41.271 Disk 0 MBR read successfully
16:35:41.785 Disk 0 TDL4@MBR code has been found
16:35:41.785 Disk 0 fixing MBR ...
16:35:51.816 Disk 0 MBR restored successfully
16:35:51.863 Verifying disinfection
16:36:03.906 Infection fixed successfully - please reboot ASAP
16:36:20.754 Disk 0 MBR has been saved successfully to "C:\Users\threeboys\Desktop\MBR.dat"
16:36:20.770 The log file has been saved successfully to "C:\Users\threeboys\Desktop\aswMBR2.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 PM

Posted 07 November 2011 - 06:38 PM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 base5

base5
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 07 November 2011 - 07:01 PM

No problems running the script.
Computer appears to be running much better as described in may last reply.

ComboFix 11-11-06.01 - threeboys 11/07/2011 18:46:12.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2767 [GMT -5:00]
Running from: c:\users\threeboys\Desktop\ComboFix.exe
Command switches used :: c:\users\threeboys\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 23:53 . 2011-11-07 23:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0722126-E874-481E-974B-176D914242E2}\offreg.dll
2011-11-07 23:52 . 2011-11-07 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-07 17:39 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0722126-E874-481E-974B-176D914242E2}\mpengine.dll
2011-10-31 00:36 . 2011-10-31 00:36 -------- d-----w- c:\users\threeboys\AppData\Roaming\Malwarebytes
2011-10-31 00:36 . 2011-10-31 00:36 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 00:36 . 2011-10-31 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-31 00:03 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-30 23:59 . 2011-10-30 23:59 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-10-30 23:53 . 2011-10-30 23:53 -------- d--h--w- c:\windows\AxInstSV
2011-10-30 22:26 . 2011-10-30 22:26 -------- d-----w- c:\program files\CCleaner
2011-10-30 16:45 . 2011-10-30 16:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-30 16:37 . 2011-10-30 16:37 -------- d-----w- c:\programdata\McAfee
2011-10-30 15:56 . 2011-10-30 15:56 152 ----a-w- c:\users\threeboys\AppData\Roaming\91g92cj7.bat
2011-10-30 02:54 . 2011-10-30 00:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-30 00:51 . 2011-10-30 00:51 190976 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-10-30 00:17 . 2011-10-30 00:17 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-30 00:13 . 2011-10-30 00:13 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-30 00:13 . 2011-10-28 21:52 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-30 00:13 . 2011-10-30 00:13 -------- d-----w- c:\programdata\Lavasoft
2011-10-30 00:13 . 2011-10-30 00:13 -------- d-----w- c:\program files (x86)\Lavasoft
2011-10-30 00:07 . 2011-10-30 00:51 -------- d-----w- c:\users\threeboys\AppData\Local\Mozilla
2011-10-29 23:23 . 2011-10-04 21:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F42358BD-1583-4F18-AB0F-8D930C6F0DFB}\gapaengine.dll
2011-10-29 23:14 . 2011-10-29 23:14 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-29 23:14 . 2011-10-29 23:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-29 23:14 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-22 12:35 . 2011-10-30 21:02 -------- d-----w- c:\users\threeboys\AppData\Local\Solid State Networks
2011-10-13 23:30 . 2011-10-13 23:30 -------- d-----w- c:\users\threeboys\AppData\Local\PackageAware
2011-10-13 20:40 . 2011-10-13 20:40 -------- d-----w- C:\fac4a2b860ffbaf00b4860
2011-10-13 19:44 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 19:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 19:40 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 19:40 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-10-13 19:40 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 19:40 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 19:40 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 19:40 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 19:40 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-13 19:40 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-13 19:40 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-10-13 19:35 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 19:35 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 19:35 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 19:35 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 18:13 . 2011-10-13 18:13 -------- d-----w- c:\windows\system32\Macromed
2011-10-13 18:13 . 2011-10-31 00:20 -------- d-----w- c:\program files\Google
2011-10-13 18:13 . 2011-10-31 00:14 -------- d-----w- c:\users\threeboys\AppData\Local\Google
2011-10-13 18:13 . 2011-10-31 00:20 -------- d-----w- c:\program files (x86)\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 00:26 . 2011-09-23 22:01 9049936 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B528C85B-8A70-4102-8CB4-756406582EAB}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-06_14.13.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-07 21:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-06 14:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-07 21:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-06 14:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-07 21:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-06 14:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-07 21:39 59518 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-06 14:13 59518 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-27 03:18 . 2011-11-07 21:39 15326 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-504834851-3360951407-3104467831-1001_UserData.bin
+ 2010-05-26 02:24 . 2011-11-07 21:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-26 02:24 . 2011-11-06 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-26 00:43 . 2011-11-06 15:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-26 00:43 . 2011-11-06 14:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-26 00:43 . 2011-11-06 15:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-09-26 00:43 . 2011-11-06 14:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-09-26 00:43 . 2011-11-06 15:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-09-26 00:43 . 2011-11-06 14:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-05-26 02:24 . 2011-11-06 14:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-26 02:24 . 2011-11-07 21:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-26 02:24 . 2011-11-07 21:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-26 02:24 . 2011-11-06 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-06 14:11 . 2011-11-06 14:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-07 23:53 . 2011-11-07 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-06 14:11 . 2011-11-06 14:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-07 23:53 . 2011-11-07 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-28 12:15 . 2011-11-07 23:38 252498 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-10-29 23:14 632508 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-07 21:41 632508 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-07 21:41 110558 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-29 23:14 110558 c:\windows\system32\perfc009.dat
+ 2011-10-30 02:56 . 2011-11-07 23:52 2332880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-504834851-3360951407-3104467831-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-30 17152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver; [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ---ha-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 21:52]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 18:13]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 18:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-13 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
FF - ProfilePath - c:\users\threeboys\AppData\Roaming\Mozilla\Firefox\Profiles\uevu4tl6.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-11-07 18:58:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 23:58
ComboFix2.txt 2011-11-06 14:33
.
Pre-Run: 187,179,888,640 bytes free
Post-Run: 187,154,276,352 bytes free
.
- - End Of File - - 9CA4285C504A1B36CB0FDAA1EDDC29B1

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:52 PM

Posted 07 November 2011 - 07:06 PM

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 base5

base5
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 07 November 2011 - 07:44 PM

This is interesting. I am not able to update Java. The computer is freezing up when I click the update button. Actually, the Java window locks up, other programs seem to work. Should I continue with your instructions, or figure out how to update Java first?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users