Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ormurin

Ormurin

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 06 November 2011 - 12:22 PM

I have copied and pasted below the original post where I described the problem. The link to that post is here.http://www.bleepingcomputer.com/forums/topic426489.html

I was instructed by BRONI to make a post here to attempt to deal with this problem.

Okay. Here is the problem I've been dealing with for the past few days.

Basically, every time I do an internet search on Firefox or IE, I am redirected to a site with a name like "splendid search system" or something like that. I have not been able to perform any sort of system scan as every time I try to run Microsoft Security Essentials, Malwarebytes AntiMalware, etc, I get an error that says, respectively, Access is Denied with an error code-0x80070005, and "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

My log in profile for my computer is an administrator account.

Also, and I don't know if this is related or not, but my computer will not restart or power down on it's own when I select the appropriate command from my shut down menu. Windows shuts down normally but the computer itself will not power down without me actually pressing the power button to make it do so.

My operating system is Windows XP SP3.

Any logs or other information that would be needed I will gladly post, and any assistance will be greatly appreciated. I am in the Pacific Time Zone and will only be able to respond to any posts here usually after 4:30 pm PST on weekdays and at any time on the weekends.

Again, thanks for any help.

My DDS files are below.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Run by Phil at 9:09:17 on 2011-11-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1185 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\2264116786:3444640889.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Phil\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = hxxp://www.alienware.com/Mothership?Comp=AWC&SysCode=PC-LT-AURORAM9700-AB&ai=636E3D34313930333026706F3D34393232383341
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uWinlogon: Shell=c:\documents and settings\phil\local settings\application data\32aef386\X
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero\ucreg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [FunctionKeyCtrl] c:\program files\function key controller\FKC.exe
mRun: [BisonTrayIcon] c:\windows\bisoncam\BisonTrayIcon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: microsoft.com\windowsupdate
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1319766962484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: Interfaces\{690D0550-C50A-4998-B0B8-0CEC8BD85A0F} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\phil\application data\mozilla\firefox\profiles\3h7wukt1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.alienware.com/Mothership?Comp=%ALIENFACTORY_Company%&SysCode=%ALIENFACTORY_SystemCode%&ai=636E3D34313930333026706F3D34393232383341
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-19 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-19 338880]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S1 MpKslea3b8e6f;MpKslea3b8e6f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c11b11a9-dd51-4c5d-bc56-ea497e25e775}\mpkslea3b8e6f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c11b11a9-dd51-4c5d-bc56-ea497e25e775}\MpKslea3b8e6f.sys [?]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2010-5-28 86656]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2010-5-28 28928]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2007-9-20 176640]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-19 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-19 1150936]
.
=============== Created Last 30 ================
.
2011-11-05 18:59:16 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e9e19fb-c94e-4790-a60f-cfb45e4e2b40}\offreg.dll
2011-11-05 18:59:13 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0e9e19fb-c94e-4790-a60f-cfb45e4e2b40}\mpengine.dll
2011-11-05 18:57:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-04 04:20:22 -------- d-----w- c:\documents and settings\phil\application data\SUPERAntiSpyware.com
2011-11-04 04:19:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-04 04:19:53 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-04 04:12:13 1152 ----a-w- c:\windows\system32\windrv.sys
2011-11-04 04:12:06 -------- d-----w- c:\program files\SpyNoMore
2011-11-04 02:29:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-04 02:29:11 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-04 01:55:57 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-29 23:14:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 02:56:38 -------- d-----w- c:\program files\GetData
2011-10-28 01:52:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 03:05:00 -------- d-sh--w- c:\documents and settings\phil\local settings\application data\32aef386
2011-10-12 06:12:17 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-10-12 06:08:30 -------- d--h--w- c:\windows\PIF
2011-10-09 00:38:59 -------- d-----w- c:\documents and settings\phil\application data\e-on software
2011-10-09 00:37:31 72 ----a-w- c:\windows\Vue 7.5 xStream.reg
2011-10-09 00:37:31 70 ----a-w- c:\windows\Vue 7 xStream.reg
2011-10-09 00:37:31 70 ----a-w- c:\windows\Vue 6 xStream.reg
2011-10-09 00:37:31 -------- d-----w- c:\documents and settings\all users\application data\e-onsoftware
2011-10-09 00:10:21 -------- d-----w- c:\program files\e-on software
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ---ha-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 9:09:56.68 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/23/2007 11:45:16 AM
System Uptime: 11/6/2011 6:32:15 AM (3 hours ago)
.
Motherboard: alienware | | Aurora m9700
Processor: AMD Turion™ 64 Mobile Technology ML-37 | CPU 1 | 2010/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 31.795 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\6200488832521
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\6200488832521
Service: NIC1394
.
Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Default Monitor
Device ID: DISPLAY\DEFAULT_MONITOR\5&2077208&0&00000100&07&00
Manufacturer: (Standard monitor types)
Name: Default Monitor
PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&2077208&0&00000100&07&00
Service:
.
==== System Restore Points ===================
.
RP1: 10/28/2011 7:25:20 PM - System Checkpoint
RP2: 10/28/2011 7:33:56 PM - Software Distribution Service 3.0
RP3: 10/30/2011 12:40:45 AM - System Checkpoint
RP4: 10/31/2011 12:44:48 AM - System Checkpoint
RP5: 11/1/2011 1:11:36 AM - System Checkpoint
RP6: 11/2/2011 1:25:09 AM - System Checkpoint
RP7: 11/3/2011 2:02:16 AM - System Checkpoint
RP8: 11/3/2011 10:59:21 PM - Removed BoneTown Demo
RP9: 11/5/2011 12:12:36 AM - System Checkpoint
RP10: 11/5/2011 11:43:37 AM - Software Distribution Service 3.0
RP11: 11/5/2011 11:58:37 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Abacus Fighter Pilot 2 for FSX
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
Agere Systems AC'97 Modem
AlienGUIse Theme Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AV Voice Changer Software DIAMOND 6.0
BisonCam
Bonjour
CCleaner
Combat Collectors 2nd Edition for FS2004
Combat Collectors 2nd Edition for FSX
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
D&D Character Generator Demo
Diablo II
DivX Codec
DivX Converter
DJ_SF_03_D1500_Software_Min
F/A-18 Precision Strike Fighter
Fable - The Lost Chapters
ffdshow [rev 1909] [2008-03-20]
Flight Deck 4 for FS2004
Fraps (remove only)
Freelancer
Function Key Controller
Google Video Player
Home Designer Suite 8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet D1500 Printer Driver 10.0 Rel .3
Icewind Dale
iTunes
Java™ 6 Update 12
Las Vegas Super Casino
LightScribe 1.4.105.1
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio Debut 3.0
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Flight Simulator X
Microsoft Game Studios Common Redistributables Pack 1
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
Netwaiting
NetZero Internet
Neverwinter Nights
Nostromo Array Programming Software
NTI Shadow
NVIDIA Drivers
Pool of Radiance: RoMD
Poser 7
PowerDVD
QuickTime
REALTEK RTL8185 Wireless LAN Driver and Utility
Recover My Files
Redblade 1.3.0.16 RC 1
RegCure
Registry Mechanic 8.0
Roller Coaster Factory 2
RPG Maker VX 1.02
SecondLife (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Slots 100
SoundMAX
SoundTap Streaming Audio Recorder
Spybot - Search & Destroy
SpyNoMore 2.98
Spyware Doctor 8.0
SUPERAntiSpyware
Switch Sound File Converter
Synaptics Pointing Device Driver
Teach Yourself to Play Guitar 1.8.1
The Roleplaying assistant V7.13d
Theme Manager
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Modem
Ventrilo Client
Victoria 4.2 Base
Victoria 4.2 Morphs++
Vue 9 32bit
Warcraft III
WavePad Sound Editor
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Warcraft
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/3/2011 8:40:52 PM, error: AmdK8 [2] - The Acpi 2.0 _PCT object returned an invalid value of 7
11/3/2011 7:55:06 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/3/2011 7:55:04 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
11/3/2011 7:53:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/3/2011 7:17:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips MpFilter
11/3/2011 7:16:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================


I have downloaded GMER as well, and disabled CD emulation. GMER runs for about two minutes and then closes itself down. It closes right after finding a red item and displays it. These XXXXXXXXXsearchsystem windows are starting to pop up on their own as well now. As I've said before, any and all help will be appreciated very much. Thank you.

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 06 November 2011 - 08:14 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I've given you the "All clear." Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Please download DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    C:\WINDOWS\2264116786
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Ormurin

Ormurin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 07 November 2011 - 01:38 AM

Okay. I have done the things that you have asked me to do, and I am posting the logs as requested.

Dummy Creator Result

DummyCreator by Farbar
Ran by Phil (administrator) on 06-11-2011 at 20:50:18
**************************************************************

C:\WINDOWS\2264116786 [06-11-2011 20:50:18]

== End of log ==

TDSSKiller Log

20:56:24.0234 0620 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
20:56:24.0890 0620 ============================================================
20:56:24.0890 0620 Current date / time: 2011/11/06 20:56:24.0890
20:56:24.0890 0620 SystemInfo:
20:56:24.0890 0620
20:56:24.0890 0620 OS Version: 5.1.2600 ServicePack: 3.0
20:56:24.0890 0620 Product type: Workstation
20:56:24.0890 0620 ComputerName: PHILLIP
20:56:24.0890 0620 UserName: Phil
20:56:24.0890 0620 Windows directory: C:\WINDOWS
20:56:24.0890 0620 System windows directory: C:\WINDOWS
20:56:24.0890 0620 Processor architecture: Intel x86
20:56:24.0890 0620 Number of processors: 1
20:56:24.0890 0620 Page size: 0x1000
20:56:24.0890 0620 Boot type: Normal boot
20:56:24.0890 0620 ============================================================
20:56:25.0484 0620 Initialize success
20:56:56.0671 2140 ============================================================
20:56:56.0671 2140 Scan started
20:56:56.0671 2140 Mode: Manual;
20:56:56.0671 2140 ============================================================
20:56:56.0843 2140 32aef386 ( Rootkit.Win32.PMax.gen ) - infected
20:56:56.0843 2140 32aef386 - detected Rootkit.Win32.PMax.gen (0)
20:56:56.0937 2140 Abiosdsk - ok
20:56:56.0984 2140 abp480n5 - ok
20:56:57.0031 2140 acfva (426b4845468b690cfeeb268488d3aa0b) C:\WINDOWS\system32\DRIVERS\ACFVA32.sys
20:56:57.0031 2140 acfva - ok
20:56:57.0125 2140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:56:57.0125 2140 ACPI - ok
20:56:57.0187 2140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:56:57.0187 2140 ACPIEC - ok
20:56:57.0250 2140 adpu160m - ok
20:56:57.0328 2140 aeaudio (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\aeaudio.sys
20:56:57.0343 2140 aeaudio - ok
20:56:57.0421 2140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:56:57.0437 2140 aec - ok
20:56:57.0500 2140 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:56:57.0515 2140 AegisP - ok
20:56:57.0593 2140 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
20:56:57.0593 2140 AFD - ok
20:56:57.0718 2140 AgereSoftModem (b5fe0b3e65890a364969126dcae9f828) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:56:57.0765 2140 AgereSoftModem - ok
20:56:57.0890 2140 Aha154x - ok
20:56:58.0000 2140 aic78u2 - ok
20:56:58.0078 2140 aic78xx - ok
20:56:58.0140 2140 AliIde - ok
20:56:58.0234 2140 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:56:58.0234 2140 AmdK8 - ok
20:56:58.0281 2140 amsint - ok
20:56:58.0390 2140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:56:58.0390 2140 Arp1394 - ok
20:56:58.0437 2140 asc - ok
20:56:58.0468 2140 asc3350p - ok
20:56:58.0640 2140 asc3550 - ok
20:56:58.0843 2140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:56:58.0859 2140 AsyncMac - ok
20:56:59.0062 2140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:56:59.0078 2140 atapi - ok
20:56:59.0187 2140 Atdisk - ok
20:56:59.0265 2140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:56:59.0296 2140 Atmarpc - ok
20:56:59.0390 2140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:56:59.0390 2140 audstub - ok
20:56:59.0468 2140 bcgame (694a022f3ca43ba0a75ab85a7223cf6c) C:\WINDOWS\system32\drivers\bcgame.sys
20:56:59.0484 2140 bcgame - ok
20:56:59.0625 2140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:56:59.0625 2140 Beep - ok
20:56:59.0750 2140 btaudio (fa187ac38057b7a2c011c8bb408e90ba) C:\WINDOWS\system32\drivers\btaudio.sys
20:56:59.0750 2140 btaudio - ok
20:56:59.0828 2140 BTDriver (df23f5b9432d14de8e830b3dd8b212ea) C:\WINDOWS\system32\DRIVERS\btport.sys
20:56:59.0828 2140 BTDriver - ok
20:56:59.0937 2140 BTKRNL (521330df69f782d8d016ca02f4f2a922) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:56:59.0953 2140 BTKRNL - ok
20:57:00.0062 2140 BTSERIAL (2ae804679c3455745d847f5024809bcc) C:\WINDOWS\system32\drivers\btserial.sys
20:57:00.0062 2140 BTSERIAL - ok
20:57:00.0125 2140 BTWDNDIS (84cb1c76543e06606a885420a941aa27) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:57:00.0187 2140 BTWDNDIS - ok
20:57:00.0359 2140 btwhid (8252afdc28ea6714452d96868370b1e7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
20:57:00.0359 2140 btwhid - ok
20:57:00.0468 2140 BTWUSB (9803be8f1ae813e8814c8fe1a869cc0f) C:\WINDOWS\system32\Drivers\btwusb.sys
20:57:00.0468 2140 BTWUSB - ok
20:57:00.0562 2140 Cam5603D (d09ee7f110448865dc56baa750090631) C:\WINDOWS\system32\Drivers\BisonCam.sys
20:57:00.0671 2140 Cam5603D - ok
20:57:00.0750 2140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:57:00.0781 2140 cbidf2k - ok
20:57:00.0875 2140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:57:00.0906 2140 CCDECODE - ok
20:57:01.0062 2140 cd20xrnt - ok
20:57:01.0265 2140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:57:01.0281 2140 Cdaudio - ok
20:57:01.0468 2140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:57:01.0500 2140 Cdfs - ok
20:57:01.0687 2140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:57:01.0703 2140 Cdrom - ok
20:57:01.0859 2140 Changer - ok
20:57:02.0062 2140 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:57:02.0062 2140 CmBatt - ok
20:57:02.0187 2140 CmdIde - ok
20:57:02.0296 2140 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:57:02.0296 2140 Compbatt - ok
20:57:02.0500 2140 Cpqarray - ok
20:57:02.0718 2140 dac2w2k - ok
20:57:02.0984 2140 dac960nt - ok
20:57:03.0671 2140 dgcfltr (ff2cfb06e8019e5bed0497cd629a4bd5) C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys
20:57:03.0703 2140 dgcfltr - ok
20:57:04.0000 2140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:57:04.0015 2140 Disk - ok
20:57:04.0312 2140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:57:04.0453 2140 dmboot - ok
20:57:04.0625 2140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:57:04.0671 2140 dmio - ok
20:57:04.0828 2140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:57:04.0828 2140 dmload - ok
20:57:05.0093 2140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:57:05.0125 2140 DMusic - ok
20:57:05.0375 2140 dpti2o - ok
20:57:05.0609 2140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:57:05.0625 2140 drmkaud - ok
20:57:05.0750 2140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:57:05.0750 2140 Fastfat - ok
20:57:05.0843 2140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:57:05.0843 2140 Fdc - ok
20:57:05.0937 2140 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
20:57:05.0937 2140 FilterService - ok
20:57:06.0015 2140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:57:06.0015 2140 Fips - ok
20:57:06.0078 2140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:57:06.0078 2140 Flpydisk - ok
20:57:06.0140 2140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:57:06.0156 2140 FltMgr - ok
20:57:06.0218 2140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:57:06.0234 2140 Fs_Rec - ok
20:57:06.0296 2140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:57:06.0312 2140 Ftdisk - ok
20:57:06.0375 2140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:57:06.0375 2140 GEARAspiWDM - ok
20:57:06.0453 2140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:57:06.0453 2140 Gpc - ok
20:57:06.0562 2140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:57:06.0562 2140 HidUsb - ok
20:57:06.0593 2140 hpn - ok
20:57:06.0671 2140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:57:06.0687 2140 HTTP - ok
20:57:06.0765 2140 i2omgmt - ok
20:57:06.0812 2140 i2omp - ok
20:57:06.0859 2140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:57:06.0859 2140 i8042prt - ok
20:57:06.0937 2140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:57:06.0937 2140 Imapi - ok
20:57:06.0984 2140 ini910u - ok
20:57:07.0015 2140 IntelIde - ok
20:57:07.0093 2140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:57:07.0093 2140 Ip6Fw - ok
20:57:07.0171 2140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:57:07.0171 2140 IpFilterDriver - ok
20:57:07.0250 2140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:57:07.0250 2140 IpInIp - ok
20:57:07.0343 2140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:57:07.0359 2140 IpNat - ok
20:57:07.0421 2140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:57:07.0421 2140 IPSec - ok
20:57:07.0484 2140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:57:07.0484 2140 IRENUM - ok
20:57:07.0578 2140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:57:07.0578 2140 isapnp - ok
20:57:07.0640 2140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:57:07.0640 2140 Kbdclass - ok
20:57:07.0703 2140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:57:07.0703 2140 kbdhid - ok
20:57:07.0843 2140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:57:07.0859 2140 kmixer - ok
20:57:08.0125 2140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:57:08.0125 2140 KSecDD - ok
20:57:08.0171 2140 lbrtfdc - ok
20:57:08.0234 2140 LMouKE - ok
20:57:08.0343 2140 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
20:57:08.0421 2140 LVcKap - ok
20:57:08.0609 2140 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
20:57:08.0703 2140 LVMVDrv - ok
20:57:08.0859 2140 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
20:57:08.0906 2140 lvpopflt - ok
20:57:09.0000 2140 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
20:57:09.0000 2140 LVPr2Mon - ok
20:57:09.0078 2140 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
20:57:09.0078 2140 LVUSBSta - ok
20:57:09.0218 2140 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
20:57:09.0343 2140 LVUVC - ok
20:57:09.0468 2140 mdmxsdk (1968508adb20192a03a30c25f16db506) C:\WINDOWS\system32\DRIVERS\ACFSDK32.sys
20:57:09.0484 2140 mdmxsdk - ok
20:57:09.0593 2140 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
20:57:09.0609 2140 MidiSyn - ok
20:57:09.0687 2140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:57:09.0687 2140 mnmdd - ok
20:57:09.0781 2140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:57:09.0796 2140 Modem - ok
20:57:09.0875 2140 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:57:09.0875 2140 MODEMCSA - ok
20:57:09.0968 2140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:57:09.0984 2140 Mouclass - ok
20:57:10.0078 2140 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:57:10.0078 2140 mouhid - ok
20:57:10.0156 2140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:57:10.0156 2140 MountMgr - ok
20:57:10.0250 2140 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:57:10.0250 2140 MpFilter - ok
20:57:10.0375 2140 MpKslea3b8e6f - ok
20:57:10.0437 2140 mraid35x - ok
20:57:10.0578 2140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:57:10.0640 2140 MRxDAV - ok
20:57:10.0796 2140 MRxSmb (eca061d3e7331d8709af6991b54384a0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:57:10.0796 2140 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: eca061d3e7331d8709af6991b54384a0, Fake md5: 7d304a5eb4344ebeeab53a2fe3ffb9f0
20:57:10.0796 2140 MRxSmb ( Rootkit.Win32.ZAccess.g ) - infected
20:57:10.0796 2140 MRxSmb - detected Rootkit.Win32.ZAccess.g (0)
20:57:10.0859 2140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:57:10.0875 2140 Msfs - ok
20:57:10.0937 2140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:57:10.0937 2140 MSKSSRV - ok
20:57:11.0015 2140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:57:11.0015 2140 MSPCLOCK - ok
20:57:11.0078 2140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:57:11.0078 2140 MSPQM - ok
20:57:11.0125 2140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:57:11.0125 2140 mssmbios - ok
20:57:11.0187 2140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:57:11.0187 2140 MSTEE - ok
20:57:11.0250 2140 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:57:11.0265 2140 Mup - ok
20:57:11.0375 2140 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:57:11.0390 2140 NABTSFEC - ok
20:57:11.0500 2140 NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\WINDOWS\system32\drivers\nchssvad.sys
20:57:11.0500 2140 NCHSSVAD - ok
20:57:11.0562 2140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:57:11.0562 2140 NDIS - ok
20:57:11.0640 2140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:57:11.0640 2140 NdisIP - ok
20:57:11.0734 2140 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:57:11.0734 2140 NdisTapi - ok
20:57:11.0812 2140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:57:11.0828 2140 Ndisuio - ok
20:57:11.0890 2140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:57:11.0890 2140 NdisWan - ok
20:57:11.0968 2140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:57:11.0968 2140 NDProxy - ok
20:57:12.0046 2140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:57:12.0046 2140 NetBIOS - ok
20:57:12.0093 2140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:57:12.0109 2140 NetBT - ok
20:57:12.0203 2140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:57:12.0203 2140 NIC1394 - ok
20:57:12.0281 2140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:57:12.0296 2140 Npfs - ok
20:57:12.0359 2140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:57:12.0375 2140 Ntfs - ok
20:57:12.0468 2140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:57:12.0468 2140 Null - ok
20:57:12.0734 2140 nv (7180ce4394a76af0638f1ed74584a2dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:57:12.0953 2140 nv - ok
20:57:13.0015 2140 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
20:57:13.0015 2140 nvata - ok
20:57:13.0046 2140 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
20:57:13.0046 2140 nvatabus - ok
20:57:13.0062 2140 nvraid (b65ce56c36f573113ff2f6d0f07b7563) C:\WINDOWS\system32\drivers\nvraid.sys
20:57:13.0062 2140 nvraid - ok
20:57:13.0109 2140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:57:13.0109 2140 NwlnkFlt - ok
20:57:13.0125 2140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:57:13.0125 2140 NwlnkFwd - ok
20:57:13.0140 2140 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:57:13.0156 2140 ohci1394 - ok
20:57:13.0203 2140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:57:13.0203 2140 Parport - ok
20:57:13.0218 2140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:57:13.0218 2140 PartMgr - ok
20:57:13.0250 2140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:57:13.0250 2140 ParVdm - ok
20:57:13.0265 2140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:57:13.0265 2140 PCI - ok
20:57:13.0281 2140 PCIDump - ok
20:57:13.0312 2140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:57:13.0312 2140 PCIIde - ok
20:57:13.0343 2140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:57:13.0359 2140 Pcmcia - ok
20:57:13.0406 2140 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys
20:57:13.0406 2140 PCTCore - ok
20:57:13.0484 2140 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
20:57:13.0484 2140 pctDS - ok
20:57:13.0562 2140 PDCOMP - ok
20:57:13.0593 2140 PDFRAME - ok
20:57:13.0625 2140 PDRELI - ok
20:57:13.0671 2140 PDRFRAME - ok
20:57:13.0703 2140 perc2 - ok
20:57:13.0734 2140 perc2hib - ok
20:57:13.0843 2140 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
20:57:13.0843 2140 Point32 - ok
20:57:13.0921 2140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:57:13.0921 2140 PptpMiniport - ok
20:57:13.0968 2140 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:57:13.0968 2140 Processor - ok
20:57:14.0000 2140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:57:14.0000 2140 PSched - ok
20:57:14.0046 2140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:57:14.0046 2140 Ptilink - ok
20:57:14.0093 2140 ql1080 - ok
20:57:14.0109 2140 Ql10wnt - ok
20:57:14.0140 2140 ql12160 - ok
20:57:14.0171 2140 ql1240 - ok
20:57:14.0187 2140 ql1280 - ok
20:57:14.0218 2140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:57:14.0218 2140 RasAcd - ok
20:57:14.0265 2140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:57:14.0281 2140 Rasl2tp - ok
20:57:14.0328 2140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:57:14.0328 2140 RasPppoe - ok
20:57:14.0359 2140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:57:14.0359 2140 Raspti - ok
20:57:14.0421 2140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:57:14.0437 2140 Rdbss - ok
20:57:14.0484 2140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:57:14.0500 2140 RDPCDD - ok
20:57:14.0546 2140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:57:14.0562 2140 rdpdr - ok
20:57:14.0640 2140 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:57:14.0640 2140 RDPWD - ok
20:57:14.0718 2140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:57:14.0718 2140 redbook - ok
20:57:14.0796 2140 rimmptsk (b6e686aab08bc276d0000293f9fba0bb) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:57:14.0812 2140 rimmptsk - ok
20:57:14.0859 2140 rimsptsk (bcff51e0be86d6f0e2180e5142203527) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:57:14.0859 2140 rimsptsk - ok
20:57:14.0984 2140 rtl8185 (02409ee14c811aee6dd7954c5fbc9d45) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
20:57:14.0984 2140 rtl8185 - ok
20:57:15.0078 2140 SaiH0464 (99c7c809b34d2dbc383de491860eb4a3) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
20:57:15.0078 2140 SaiH0464 - ok
20:57:15.0187 2140 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:57:15.0187 2140 SASDIFSV - ok
20:57:15.0218 2140 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:57:15.0218 2140 SASKUTIL - ok
20:57:15.0343 2140 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:57:15.0359 2140 sdbus - ok
20:57:15.0421 2140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:57:15.0421 2140 Secdrv - ok
20:57:15.0578 2140 senfilt (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\senfilt.sys
20:57:15.0593 2140 senfilt - ok
20:57:15.0687 2140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:57:15.0687 2140 Serial - ok
20:57:15.0781 2140 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:57:15.0796 2140 sffdisk - ok
20:57:15.0828 2140 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:57:15.0843 2140 sffp_sd - ok
20:57:15.0906 2140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:57:15.0906 2140 Sfloppy - ok
20:57:15.0968 2140 Simbad - ok
20:57:16.0046 2140 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:57:16.0046 2140 SLIP - ok
20:57:16.0156 2140 smwdm (c202d0f0b7bef8d81fc6c4fc59fb4a4b) C:\WINDOWS\system32\drivers\smwdm.sys
20:57:16.0171 2140 smwdm - ok
20:57:16.0234 2140 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:57:16.0234 2140 SONYPVU1 - ok
20:57:16.0312 2140 Sparrow - ok
20:57:16.0390 2140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:57:16.0390 2140 splitter - ok
20:57:16.0468 2140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:57:16.0468 2140 sr - ok
20:57:16.0625 2140 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:57:16.0640 2140 Srv - ok
20:57:16.0796 2140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:57:16.0796 2140 streamip - ok
20:57:16.0875 2140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:57:16.0875 2140 swenum - ok
20:57:16.0953 2140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:57:16.0953 2140 swmidi - ok
20:57:17.0015 2140 symc810 - ok
20:57:17.0062 2140 symc8xx - ok
20:57:17.0093 2140 sym_hi - ok
20:57:17.0125 2140 sym_u3 - ok
20:57:17.0187 2140 SynTP (309bb0cbc522d7d7e52de62e8d3a379d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:57:17.0203 2140 SynTP - ok
20:57:17.0312 2140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:57:17.0312 2140 sysaudio - ok
20:57:17.0406 2140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:57:17.0421 2140 Tcpip - ok
20:57:17.0468 2140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:57:17.0484 2140 TDPIPE - ok
20:57:17.0546 2140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:57:17.0546 2140 TDTCP - ok
20:57:17.0609 2140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:57:17.0625 2140 TermDD - ok
20:57:17.0687 2140 TosIde - ok
20:57:17.0796 2140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:57:17.0796 2140 Udfs - ok
20:57:17.0859 2140 ultra - ok
20:57:17.0937 2140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:57:17.0953 2140 Update - ok
20:57:18.0078 2140 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:57:18.0078 2140 USBAAPL - ok
20:57:18.0203 2140 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:57:18.0203 2140 usbaudio - ok
20:57:18.0296 2140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:57:18.0312 2140 usbccgp - ok
20:57:18.0406 2140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:57:18.0406 2140 usbehci - ok
20:57:18.0453 2140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:57:18.0468 2140 usbhub - ok
20:57:18.0515 2140 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:57:18.0515 2140 usbohci - ok
20:57:18.0562 2140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:57:18.0562 2140 usbprint - ok
20:57:18.0640 2140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:57:18.0640 2140 usbscan - ok
20:57:18.0718 2140 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
20:57:18.0734 2140 usbser - ok
20:57:18.0781 2140 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:57:18.0796 2140 usbstor - ok
20:57:18.0859 2140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:57:18.0859 2140 VgaSave - ok
20:57:18.0906 2140 ViaIde - ok
20:57:18.0953 2140 vncdrv (67e6daca80eb4e1cba2ca02a09e76f32) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
20:57:18.0953 2140 vncdrv - ok
20:57:19.0031 2140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:57:19.0031 2140 VolSnap - ok
20:57:19.0093 2140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:57:19.0093 2140 Wanarp - ok
20:57:19.0140 2140 WDICA - ok
20:57:19.0187 2140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:57:19.0187 2140 wdmaud - ok
20:57:19.0328 2140 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:57:19.0328 2140 WmiAcpi - ok
20:57:19.0468 2140 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:57:19.0468 2140 WpdUsb - ok
20:57:19.0625 2140 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:57:19.0625 2140 WS2IFSL - ok
20:57:19.0718 2140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:57:19.0734 2140 WSTCODEC - ok
20:57:19.0828 2140 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:57:19.0828 2140 WudfPf - ok
20:57:19.0906 2140 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:57:19.0906 2140 WudfRd - ok
20:57:20.0015 2140 yukonwxp (80ce2d907367e48b35d0d235d66b6bcd) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:57:20.0031 2140 yukonwxp - ok
20:57:20.0078 2140 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:57:20.0140 2140 \Device\Harddisk0\DR0 - ok
20:57:20.0140 2140 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
20:57:20.0156 2140 \Device\Harddisk1\DR2 - ok
20:57:20.0156 2140 Boot (0x1200) (c0beff70d46fc390e4b5a97f70936089) \Device\Harddisk0\DR0\Partition0
20:57:20.0156 2140 \Device\Harddisk0\DR0\Partition0 - ok
20:57:20.0156 2140 Boot (0x1200) (b9f6150d1b3481551961d1850bdcfa2d) \Device\Harddisk1\DR2\Partition0
20:57:20.0156 2140 \Device\Harddisk1\DR2\Partition0 - ok
20:57:20.0171 2140 ============================================================
20:57:20.0171 2140 Scan finished
20:57:20.0171 2140 ============================================================
20:57:20.0187 3544 Detected object count: 2
20:57:20.0187 3544 Actual detected object count: 2
20:59:45.0296 3544 32aef386 ( Rootkit.Win32.PMax.gen ) - skipped by user
20:59:45.0296 3544 32aef386 ( Rootkit.Win32.PMax.gen ) - User select action: Skip
20:59:45.0765 3544 Backup copy found, using it..
20:59:45.0781 3544 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
20:59:45.0781 3544 MRxSmb ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
20:59:54.0062 0664 Deinitialize success

Combofix Log

ComboFix 11-11-07.02 - Phil 11/06/2011 21:58:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1693 [GMT -8:00]
Running from: c:\documents and settings\Phil\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Phil\LOCALS~1\Temp\Temporary Directory 1 for Vue9Pioneer.zip\Setup.exe
c:\docume~1\Phil\LOCALS~1\Temp\Temporary Directory 2 for Vue9Pioneer.zip\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Phil\Local Settings\Application Data\32aef386\U
c:\documents and settings\Phil\Local Settings\Application Data\32aef386\U\80000000.@
c:\documents and settings\Phil\Local Settings\Application Data\32aef386\U\800000cb.@
c:\documents and settings\Phil\Local Settings\Application Data\32aef386\U\800000cf.@
c:\documents and settings\Phil\Local Settings\Application Data\32aef386\X
c:\documents and settings\Phil\Local Settings\Temp\Temporary Directory 1 for Vue9Pioneer.zip\Setup.exe
c:\documents and settings\Phil\Local Settings\Temp\Temporary Directory 2 for Vue9Pioneer.zip\Setup.exe
c:\documents and settings\Phil\WINDOWS
c:\windows\$NtUninstallKB16087$
c:\windows\$NtUninstallKB16087$\558201625
c:\windows\$NtUninstallKB16087$\850326406\@
c:\windows\$NtUninstallKB16087$\850326406\L\lolzolsv
c:\windows\$NtUninstallKB16087$\850326406\loader.tlb
c:\windows\$NtUninstallKB16087$\850326406\U\@00000001
c:\windows\$NtUninstallKB16087$\850326406\U\@000000c0
c:\windows\$NtUninstallKB16087$\850326406\U\@000000cb
c:\windows\$NtUninstallKB16087$\850326406\U\@000000cf
c:\windows\$NtUninstallKB16087$\850326406\U\@80000000
c:\windows\$NtUninstallKB16087$\850326406\U\@800000c0
c:\windows\$NtUninstallKB16087$\850326406\U\@800000cb
c:\windows\$NtUninstallKB16087$\850326406\U\@800000cf
c:\windows\2264116786
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\
c:\windows\system32\c_12620.nl_
c:\windows\system32\c_12620.nls
.
Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\program files\SUPERAntiSpyware\SASCORE.EXE was found and disinfected
Restored copy from - c:\program files\SUPERAntiSpyware\
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\program files\WIDCOMM\Bluetooth Software\bin\
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\program files\Java\jre6\bin\
.
Infected copy of c:\program files\Common Files\LightScribe\LSSrvc.exe was found and disinfected
Restored copy from - c:\program files\Common Files\LightScribe\
.
Infected copy of c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe was found and disinfected
Restored copy from - c:\program files\Common Files\LogiShrd\LVCOMSER\
.
Infected copy of c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe was found and disinfected
Restored copy from - c:\program files\Common Files\LogiShrd\LVMVFM\
.
c:\windows\system32\nvsvc32.exe . . . is infected!!
c:\windows\system32\nvsvc32.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\PC Tools Security\pctsAuxs.exe was found and disinfected
Restored copy from - c:\program files\PC Tools Security\
.
Infected copy of c:\program files\Analog Devices\SoundMAX\SMAgent.exe was found and disinfected
Restored copy from - c:\program files\Analog Devices\SoundMAX\
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_32aef386
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 05:19 . 2008-04-13 18:40 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-11-07 04:58 . 2011-11-07 06:02 510942 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-06 22:51 . 2011-11-06 22:51 -------- d-----w- c:\program files\Common Files\Java
2011-11-06 22:51 . 2011-11-06 22:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-06 22:51 . 2011-11-06 22:51 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-06 22:51 . 2011-11-06 22:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 18:57 . 2011-11-07 05:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-04 04:20 . 2011-11-04 04:20 -------- d-----w- c:\documents and settings\Phil\Application Data\SUPERAntiSpyware.com
2011-11-04 04:19 . 2011-11-07 06:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-04 04:19 . 2011-11-04 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-04 04:12 . 2011-11-06 14:33 1152 ----a-w- c:\windows\system32\windrv.sys
2011-11-04 04:12 . 2011-11-04 10:07 -------- d-----w- c:\program files\SpyNoMore
2011-11-04 02:29 . 2011-11-04 04:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-04 02:29 . 2011-11-04 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-04 02:24 . 2011-11-04 02:24 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-11-04 01:55 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-29 23:14 . 2011-11-06 22:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 02:56 . 2011-10-29 02:56 -------- d-----w- c:\program files\GetData
2011-10-29 02:06 . 2011-10-29 02:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-28 02:46 . 2011-10-28 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-10-28 01:52 . 2011-11-04 01:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-27 03:12 . 2011-10-27 03:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-27 03:05 . 2011-11-07 06:10 -------- d-sh--w- c:\documents and settings\Phil\Local Settings\Application Data\32aef386
2011-10-12 06:12 . 2011-10-12 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2011-10-12 06:12 . 2011-10-12 06:12 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-10-12 06:08 . 2011-10-12 06:08 -------- d--h--w- c:\windows\PIF
2011-10-09 00:38 . 2011-10-09 19:23 -------- d-----w- c:\documents and settings\Phil\Application Data\e-on software
2011-10-09 00:37 . 2011-10-09 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\e-onsoftware
2011-10-09 00:37 . 2011-10-09 00:37 72 ----a-w- c:\windows\Vue 7.5 xStream.reg
2011-10-09 00:37 . 2011-10-09 00:37 70 ----a-w- c:\windows\Vue 7 xStream.reg
2011-10-09 00:37 . 2011-10-09 00:37 70 ----a-w- c:\windows\Vue 6 xStream.reg
2011-10-09 00:10 . 2011-10-09 00:10 -------- d-----w- c:\program files\e-on software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 05:00 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-09 09:12 . 2004-08-04 12:00 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-07-04 15:12 . 2011-06-19 01:10 142296 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-20 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2008-07-02 1630208]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-02 86016]
"NVHotkey"="nvHotkey.dll" [2008-07-02 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-02 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-07 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 88365]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Internet Security"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\e frontier\\Poser 71\\Poser.exe"=
"c:\\Program Files\\RegCure\\RegCure.exe"=
"c:\\Program Files\\World of Warcraft\\Wow.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\World of Warcraft\\WowError.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\SpyNoMore\\SNM.exe"=
"e:\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Documents and Settings\\Phil\\Desktop\\jre-6u26-windows-i586-s.exe"=
"c:\\Documents and Settings\\Phil\\Desktop\\tdsskiller\\TDSSKiller.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/19/2011 10:07 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/19/2011 10:07 PM 338880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/6/2011 10:11 PM 116608]
S1 MpKslea3b8e6f;MpKslea3b8e6f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C11B11A9-DD51-4C5D-BC56-EA497E25E775}\MpKslea3b8e6f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C11B11A9-DD51-4C5D-BC56-EA497E25E775}\MpKslea3b8e6f.sys [?]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [5/28/2010 3:16 PM 86656]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [7/23/2003 11:16 AM 22821]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [5/28/2010 3:16 PM 28928]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [9/20/2007 12:08 AM 176640]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [9/19/2011 10:07 PM 366840]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-11-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.alienware.com/Mothership?Comp=AWC&SysCode=PC-LT-AURORAM9700-AB&ai=636E3D34313930333026706F3D34393232383341
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Phil\Application Data\Mozilla\Firefox\Profiles\3h7wukt1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.alienware.com/Mothership?Comp=%ALIENFACTORY_Company%&SysCode=%ALIENFACTORY_SystemCode%&ai=636E3D34313930333026706F3D34393232383341
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
SafeBoot-01510080.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 22:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\AlienGUIse\fastload.dll
.
- - - - - - - > 'lsass.exe'(936)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(6272)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-11-06 22:23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 06:23
.
Pre-Run: 34,822,344,704 bytes free
Post-Run: 37,609,402,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E39B116506E9250F810FF4031C293CB5

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 07 November 2011 - 06:01 PM

Ormurin:

Please do this next:

A component of your Norton Internet Security program was infected and removed by ComboFix, so you will need to uninstall/reinstall that program.

Please do this now:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Ormurin

Ormurin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 08 November 2011 - 01:02 AM

I ran Anti Malware and the log is posted below.

I'm not worried about the Norton Internet Security files, I've uninstalled it. I'm using MSE now, when I can get it to work, that is.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8111

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/7/2011 9:57:59 PM
mbam-log-2011-11-07 (21-57-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 480897
Time elapsed: 2 hour(s), 31 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\documents and settings\Phil\local settings\application data\32aef386\X.vir (Backdoor.0Access) -> Not selected for removal.
c:\Qoobox\quarantine\C\documents and settings\Phil\local settings\application data\32aef386\U\800000cb.@.vir (Backdoor.0Access) -> Not selected for removal.
c:\Qoobox\quarantine\C\WINDOWS\system32\c_12620.nl_.vir (Backdoor.0Access) -> Not selected for removal.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 08 November 2011 - 09:08 PM

Ormurin:

Please do this next:

Posted Image Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start > Run or press the Windows key + r Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
Please include the following in your next post:
  • junction log

Edited by RPMcMurphy, 08 November 2011 - 09:08 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Ormurin

Ormurin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 11 November 2011 - 01:36 AM

Here is the junction log.


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Documents and Settings\Phil\Desktop\gmer\gmer.exe: Access is denied.


...

...

...
Failed to open \\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 3 for gmer.zip\gmer.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 4 for gmer.zip\gmer.exe: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\PC Tools Security\pctsSvc.exe: Access is denied.


...
Failed to open \\?\c:\\Program Files\RegCure\RegCure.exe: Access is denied.




...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe: Access is denied.


..

...

...

...

...

..
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


.

...

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...

...

...

.

Thanks.

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 11 November 2011 - 11:20 AM

Ormurin:

Please do this next:

Posted Image Please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
  • Copy and paste the following in the edit box:

    c:\\System Volume Information
    c:\\Documents and Settings\Phil\Desktop\gmer\gmer.exe
    c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
    c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe
    c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 3 for gmer.zip\gmer.exe
    c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 4 for gmer.zip\gmer.exe
    c:\\Program Files\PC Tools Security\pctsSvc.exe
    c:\\Program Files\RegCure\RegCure.exe
    c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\\Qoobox\BackEnv
  • Click Unlock. When it is done click "OK".
  • Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
Please include the following in your next post:
  • GrantPerms log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Ormurin

Ormurin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 16 November 2011 - 02:05 AM

Grant Perms Log:

GrantPerms by Farbar
Ran by Phil (administrator) at 2011-11-15 23:04:16

===============================================
\\?\c:\\System Volume Information

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


ERROR: Parsing the SD of <\\?\c:\\Documents and Settings\Phil\Desktop\gmer\gmer.exe> failed with: The system cannot find the path specified.


Operating system error message: The system cannot find the path specified.
\\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 3 for gmer.zip\gmer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Phil\Local Settings\Temp\Temporary Directory 4 for gmer.zip\gmer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\PC Tools Security\pctsSvc.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\RegCure\RegCure.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Qoobox\BackEnv

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 16 November 2011 - 10:40 PM

Ormurin:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java™ can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 22 November 2011 - 11:39 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users