Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects/Fake System Cleanup/Fake MTR.exe/Popups


  • This topic is locked This topic is locked
26 replies to this topic

#1 LolCakeLazors

LolCakeLazors

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 10 November 2011 - 10:49 PM

Windows 7 32 bit. Went through a lot of trouble today. Started with a fake MTR.exe that plagued my system and forced me to run MWB in safe mode just to rid of it. Then I deleted my Temp folder. Afterwards, the MTR problem went away only for me to find that webpages kept popping up randomly directing me to infected websites. Also, MWB couldn't delete a Winlogon (Shell) registry file that was infected. My friend said that I should try ComboFix and it rid of the popups and the Winlogon problem. I ran another MWB scan and it said my computer was clean. However, a few hours later, my netbook became infected again and used the Fake System Cleanup into tricking my mom (owner of the netbook) to letting it infect the netbook. I quickly switched into Safe Mode w/ Networking (what I'm on right now) and let MWB run (log will be posted). I deleted the files that MWB found but to no avail, the redirects kept happening. In addition, the malware hijacked my start menu leaving me with no shortcuts and hiding all my files. (Is there anyway to "unhide" all of these files?)

Anyways, I used Defogger just in case and ran dds. Then I ran gmer but I had an error which it said an instance of a driver was already running. This limited me to only Services, Registries, and Files. I'm not sure if this is because of the malware or b/c I'm in safe mode. Here are the logs (dds, gmer, Malwarebytes in that order.)

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Sung at 22:06:32 on 2011-11-10
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.1015.395 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sung\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {25B3D644-9C27-42AB-B416-30B8089BD352} - hxxp://www.i-scream.com/kpeerstream/KPeerStreamActiveX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC} : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\16474777966696 : DhcpNameServer = 184.49.142.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\353484D294530303F523136373 : DhcpNameServer = 192.168.16.1
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\470736 : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\661696C62627F616462616E646 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sung\appdata\roaming\mozilla\firefox\profiles\c98wfyb7.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 uwddrpoc;uwddrpoc;c:\users\sung\appdata\local\temp\uwddrpoc.sys [2011-11-10 100864]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-9 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [2009-9-19 2944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2009-11-25 3567]
.
=============== Created Last 30 ================
.
2011-11-10 23:43:19 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-10 23:21:17 -------- d--h--w- c:\users\sung\appdata\local\temp
2011-11-10 22:17:39 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-10 22:05:23 98816 ----a-w- c:\windows\sed.exe
2011-11-10 22:05:23 518144 ----a-w- c:\windows\SWREG.exe
2011-11-10 22:05:23 256000 ----a-w- c:\windows\PEV.exe
2011-11-10 22:05:23 208896 ----a-w- c:\windows\MBR.exe
2011-11-10 22:03:50 -------- d-----w- C:\ComboFix
2011-11-10 17:25:04 -------- d-----w- C:\$WINDOWS.~LS
2011-11-10 02:39:10 -------- d--h--w- c:\users\sung\appdata\roaming\SUPERAntiSpyware.com
2011-11-10 02:38:46 -------- d--h--w- c:\programdata\!SASCORE
2011-11-10 02:38:38 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
2011-11-10 02:38:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-10 00:54:11 -------- d--h--w- c:\users\sung\appdata\roaming\Malwarebytes
2011-11-10 00:53:57 -------- d--h--w- c:\programdata\Malwarebytes
2011-11-10 00:53:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 05:39:39 -------- d-----w- c:\program files\Unlocker
2011-11-09 04:38:05 -------- d-sh--w- c:\users\sung\appdata\local\601fb19a
.
==================== Find3M ====================
.
.
============= FINISH: 22:12:34.32 ===============

==GMER STARTS HERE==

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-10 22:35:11
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Sung\AppData\Local\Temp\uwddrpoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x78 0xCE 0xB0 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x5A 0x91 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0xCB 0x1F 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0xA0 0xAE 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x5A 0x91 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0xCB 0x1F 0x29 ...

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8128

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/10/2011 9:36:22 PM
mbam-log-2011-11-10 (21-36-22).txt

Scan type: Quick scan
Objects scanned: 172312
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EMcGxdUaDTp.exe (Rogue.FakeAlert) -> Value: EMcGxdUaDTp.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\emcgxduadtp.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\ynefjozfehsus7.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 PM

Posted 15 November 2011 - 10:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427342 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 LolCakeLazors

LolCakeLazors
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 16 November 2011 - 11:05 PM

Here we go!

So I've gotten different viruses the last day ranging from a fake anti-virus program being installed on my netbook VERY silently. I've used Malwarebytes and it's gotten rid of it but it seems there is a virus rooted in my system that does not seem to go away. It's been constantly crashing Internet Explorer, causing Google redirects, and installing new viruses every time I rid of an old one.

The computer is a Windows 7 (Build 7600) because it's a fairly old netbook without a CD drive so I cannot update/get a new copy of Windows onto the computer. 32 bit.

I ran gmer once again and it still can't use anything but services, registries, and files. The exact error was:
LoadDriver("C:\Users\Sung\AppData\Local\Temp\uwddrpoc.sys") error 0xC000010E: An instance of the service is already running.

Here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Sung at 22:21:05 on 2011-11-16
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.1015.377 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [KeyboardBackupOnline] rundll32.exe "c:\programdata\KeyboardBackupOnline.dll",DllRegisterServer
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {25B3D644-9C27-42AB-B416-30B8089BD352} - hxxp://www.i-scream.com/kpeerstream/KPeerStreamActiveX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC} : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\16474777966696 : DhcpNameServer = 184.49.142.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\353484D294530303F523136373 : DhcpNameServer = 192.168.16.1
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\470736 : DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\661696C62627F616462616E646 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sung\appdata\roaming\mozilla\firefox\profiles\c98wfyb7.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-9 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [2009-9-19 2944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2009-11-25 3567]
.
=============== Created Last 30 ================
.
2011-11-16 05:23:16 -------- d-----w- c:\program files\ACBB4
2011-11-16 05:22:23 -------- d-----w- c:\users\sung\appdata\roaming\803AC
2011-11-16 05:22:16 -------- d-----w- c:\program files\LP
2011-11-16 05:21:55 -------- d-----w- c:\users\sung\appdata\roaming\YwkkIVVrlONxPuS
2011-11-16 05:21:54 -------- d-----w- c:\users\sung\appdata\roaming\kWKK77fEL9gTZj
2011-11-16 05:21:44 -------- d-----w- c:\users\sung\appdata\roaming\aXXXqjjYCekVrOt
2011-11-16 05:21:40 -------- d-----w- c:\users\sung\appdata\roaming\cOOONttxP0uc1iD
2011-11-16 04:22:06 118272 ----a-w- c:\programdata\KeyboardBackupOnline.dll
2011-11-11 04:05:37 -------- d-----w- c:\users\sung\appdata\local\ElevatedDiagnostics
2011-11-11 03:28:13 -------- d-----w- c:\users\sung\appdata\roaming\BatteryBar
2011-11-10 23:43:19 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-10 23:21:17 -------- d--h--w- c:\users\sung\appdata\local\temp
2011-11-10 22:17:39 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-10 22:05:23 98816 ----a-w- c:\windows\sed.exe
2011-11-10 22:05:23 518144 ----a-w- c:\windows\SWREG.exe
2011-11-10 22:05:23 256000 ----a-w- c:\windows\PEV.exe
2011-11-10 22:05:23 208896 ----a-w- c:\windows\MBR.exe
2011-11-10 22:03:50 -------- d-----w- C:\ComboFix
2011-11-10 17:25:04 -------- d-----w- C:\$WINDOWS.~LS
2011-11-10 02:39:10 -------- d--h--w- c:\users\sung\appdata\roaming\SUPERAntiSpyware.com
2011-11-10 02:38:46 -------- d--h--w- c:\programdata\!SASCORE
2011-11-10 02:38:38 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
2011-11-10 02:38:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-10 00:54:11 -------- d--h--w- c:\users\sung\appdata\roaming\Malwarebytes
2011-11-10 00:53:57 -------- d--h--w- c:\programdata\Malwarebytes
2011-11-10 00:53:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 05:39:39 -------- d-----w- c:\program files\Unlocker
2011-11-09 04:38:05 -------- d-sh--w- c:\users\sung\appdata\local\601fb19a
.
==================== Find3M ====================
.
.
============= FINISH: 22:28:29.23 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-10 22:35:11
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Sung\AppData\Local\Temp\uwddrpoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x78 0xCE 0xB0 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x5A 0x91 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0xCB 0x1F 0x29 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0xA0 0xAE 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x5A 0x91 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0xCB 0x1F 0x29 ...

---- EOF - GMER 1.0.15 ----

Edited by LolCakeLazors, 16 November 2011 - 11:09 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 PM

Posted 17 November 2011 - 03:23 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LolCakeLazors

LolCakeLazors
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 19 November 2011 - 12:47 PM

Well I ran ComboFix but a family member mistaked the program for a virus and turned off the computer while ComboFix was generating a new log and I lost the first log. I ran ComboFix again just today and a log will be posted down below. Apparently the computer is still susceptible to viruses as I got a System Protection program silently installed onto the computer blocking all programs. I am currently on Safe Mode as an error pops up saying that iexplorer.exe and firefox.exe are marked for deletion. I am wondering if it's a side effect of ComboFix or the malware. Here is the 2nd log.

ComboFix 11-11-19.03 - Sung 9/2011 Sat 11:38:02.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.1015.540 [GMT -5:00]
Running from: c:\users\Sung\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 17:18 . 2011-11-19 17:18 -------- d-----w- c:\users\Dong Hee\AppData\Local\temp
2011-11-19 17:18 . 2011-11-19 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 12:49 . 2011-11-19 17:18 -------- d-----w- c:\users\Sung\AppData\Local\temp
2011-11-18 03:28 . 2009-07-13 23:11 53760 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-11-16 05:23 . 2011-11-17 03:15 -------- d-----w- c:\program files\ACBB4
2011-11-16 05:22 . 2011-11-17 03:15 -------- d-----w- c:\users\Sung\AppData\Roaming\803AC
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\YwkkIVVrlONxPuS
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\kWKK77fEL9gTZj
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\aXXXqjjYCekVrOt
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\cOOONttxP0uc1iD
2011-11-16 05:19 . 2011-11-16 05:19 -------- d-----w- c:\windows\Sun
2011-11-11 04:05 . 2011-11-16 04:22 -------- d-----w- c:\users\Sung\AppData\Local\ElevatedDiagnostics
2011-11-11 03:28 . 2011-11-11 03:28 -------- d-----w- c:\users\Sung\AppData\Roaming\BatteryBar
2011-11-10 22:17 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-10 17:25 . 2011-11-10 17:25 -------- d-----w- C:\$WINDOWS.~LS
2011-11-10 02:39 . 2011-11-10 02:39 -------- d-----w- c:\users\Sung\AppData\Roaming\SUPERAntiSpyware.com
2011-11-10 02:38 . 2011-11-10 02:38 -------- d-----w- c:\programdata\!SASCORE
2011-11-10 02:38 . 2011-11-10 15:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-10 02:38 . 2011-11-10 02:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-10 00:54 . 2011-11-10 00:54 -------- d-----w- c:\users\Sung\AppData\Roaming\Malwarebytes
2011-11-10 00:53 . 2011-11-10 00:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 00:53 . 2011-11-10 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 05:39 . 2011-11-09 05:40 -------- d-----w- c:\program files\Unlocker
2011-11-09 04:38 . 2011-11-10 23:08 -------- d-sh--w- c:\users\Sung\AppData\Local\601fb19a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 02:14 . 2011-06-24 16:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-27 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_23.27.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-21 00:00 . 2011-11-19 16:21 35290 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-19 16:21 39568 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-17 03:34 . 2011-11-17 03:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011111620111117\index.dat
+ 2011-11-16 05:39 . 2011-11-16 05:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-11-16 05:39 . 2011-11-18 01:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-09-19 23:30 . 2011-11-10 23:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-19 23:30 . 2011-11-19 16:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-10 01:19 . 2011-11-10 23:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-10 01:19 . 2011-11-19 16:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-10 01:19 . 2011-11-10 23:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-10 01:19 . 2011-11-19 16:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-10 01:19 . 2011-11-10 23:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-11-10 01:19 . 2011-11-19 16:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2009-09-19 23:30 . 2011-11-19 16:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-19 23:30 . 2011-11-10 23:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-19 23:30 . 2011-11-10 23:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-19 23:30 . 2011-11-19 16:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-19 23:31 . 2011-11-19 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-19 23:31 . 2011-11-10 23:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-19 23:31 . 2011-11-10 23:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-19 23:31 . 2011-11-19 16:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-28 02:21 . 2011-11-18 01:30 5340 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2011-11-19 16:19 . 2011-11-19 16:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-10 22:22 . 2011-11-10 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-10 22:22 . 2011-11-10 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-19 16:19 . 2011-11-19 16:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-20 02:24 . 2011-11-19 01:48 602736 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-11-09 04:37 . 2011-11-16 04:22 118272 c:\windows\System32\sysprep\cryptbase.dll
+ 2009-07-14 02:05 . 2011-11-19 16:23 607190 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-10 22:27 607190 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-10 22:27 103568 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-11-19 16:23 103568 c:\windows\System32\perfc009.dat
+ 2009-09-20 02:13 . 2011-11-18 03:14 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-20 02:13 . 2011-06-06 01:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-20 02:13 . 2011-11-19 00:42 163840 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2011-11-19 00:42 344064 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:47 . 2011-11-10 22:20 401572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-11-19 16:06 401572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-11-11 00:45 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2011-09-09 14:23 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-09-20 02:13 . 2011-11-19 00:42 2211840 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-20 16:20 . 2011-11-19 16:06 1120268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2592985189-1267990104-292155431-1001-8192.dat
- 2010-07-20 16:20 . 2011-11-10 22:20 1120268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2592985189-1267990104-292155431-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-08-14 21975120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-16 150552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Dong Hee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sung\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-9-19 311296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-20 15:02 1238352 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-10 02:40 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [2009-09-20 2944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2009-01-18 3567]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-05 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-11-10 116608]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2592985189-1267990104-292155431-1003Core.job
- c:\users\Dong Hee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 16:10]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2592985189-1267990104-292155431-1003UA.job
- c:\users\Dong Hee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 16:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
DPF: {25B3D644-9C27-42AB-B416-30B8089BD352} - hxxp://www.i-scream.com/kpeerstream/KPeerStreamActiveX.cab
FF - ProfilePath - c:\users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-19 12:38:49
ComboFix-quarantined-files.txt 2011-11-19 17:38
ComboFix2.txt 2011-11-19 00:48
ComboFix3.txt 2011-11-10 23:51
.
Pre-Run: 34,037,575,680 bytes free
Post-Run: 34,083,999,744 bytes free
.
- - End Of File - - F880ABB6A68F9159DEB9E9F90673A3B0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 PM

Posted 19 November 2011 - 12:57 PM

Greetings

I am currently on Safe Mode as an error pops up saying that iexplorer.exe and firefox.exe are marked for deletion.

see note 2 above

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer




Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files\ACBB4
c:\users\Sung\AppData\Roaming\803AC
c:\users\Sung\AppData\Roaming\YwkkIVVrlONxPuS
c:\users\Sung\AppData\Roaming\kWKK77fEL9gTZj
c:\users\Sung\AppData\Roaming\aXXXqjjYCekVrOt
c:\users\Sung\AppData\Roaming\cOOONttxP0uc1iD
c:\users\Sung\AppData\Local\601fb19a

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LolCakeLazors

LolCakeLazors
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 19 November 2011 - 02:30 PM

No problems this time. Ran ComboFix and restarted. Here's the log:

ComboFix 11-11-19.03 - Sung 9/2011 Sat 13:18:20.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.1015.523 [GMT -5:00]
Running from: c:\users\Sung\Desktop\ComboFix.exe
Command switches used :: c:\users\Sung\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 18:59 . 2011-11-19 18:59 -------- d-----w- c:\users\Dong Hee\AppData\Local\temp
2011-11-19 18:59 . 2011-11-19 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 12:49 . 2011-11-19 19:04 -------- d-----w- c:\users\Sung\AppData\Local\temp
2011-11-18 03:28 . 2009-07-13 23:11 53760 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-11-16 05:23 . 2011-11-17 03:15 -------- d-----w- c:\program files\ACBB4
2011-11-16 05:22 . 2011-11-17 03:15 -------- d-----w- c:\users\Sung\AppData\Roaming\803AC
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\YwkkIVVrlONxPuS
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\kWKK77fEL9gTZj
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\aXXXqjjYCekVrOt
2011-11-16 05:21 . 2011-11-16 05:21 -------- d-----w- c:\users\Sung\AppData\Roaming\cOOONttxP0uc1iD
2011-11-16 05:19 . 2011-11-16 05:19 -------- d-----w- c:\windows\Sun
2011-11-11 04:05 . 2011-11-16 04:22 -------- d-----w- c:\users\Sung\AppData\Local\ElevatedDiagnostics
2011-11-11 03:28 . 2011-11-11 03:28 -------- d-----w- c:\users\Sung\AppData\Roaming\BatteryBar
2011-11-10 22:17 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-10 17:25 . 2011-11-10 17:25 -------- d-----w- C:\$WINDOWS.~LS
2011-11-10 02:39 . 2011-11-10 02:39 -------- d-----w- c:\users\Sung\AppData\Roaming\SUPERAntiSpyware.com
2011-11-10 02:38 . 2011-11-10 02:38 -------- d-----w- c:\programdata\!SASCORE
2011-11-10 02:38 . 2011-11-10 15:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-10 02:38 . 2011-11-10 02:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-10 00:54 . 2011-11-10 00:54 -------- d-----w- c:\users\Sung\AppData\Roaming\Malwarebytes
2011-11-10 00:53 . 2011-11-10 00:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 00:53 . 2011-11-10 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 05:39 . 2011-11-09 05:40 -------- d-----w- c:\program files\Unlocker
2011-11-09 04:38 . 2011-11-10 23:08 -------- d-sh--w- c:\users\Sung\AppData\Local\601fb19a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 02:14 . 2011-06-24 16:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-02-27 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_23.27.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-21 00:00 . 2011-11-19 18:02 35314 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-19 18:02 39568 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-17 03:34 . 2011-11-17 03:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011111620111117\index.dat
+ 2011-11-16 05:39 . 2011-11-16 05:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-11-16 05:39 . 2011-11-18 01:05 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-09-19 23:30 . 2011-11-10 23:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-19 23:30 . 2011-11-19 19:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-10 01:19 . 2011-11-19 19:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-10 01:19 . 2011-11-10 23:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-10 01:19 . 2011-11-19 19:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-10 01:19 . 2011-11-10 23:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-10 01:19 . 2011-11-19 19:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-11-10 01:19 . 2011-11-10 23:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2009-09-19 23:30 . 2011-11-10 23:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-19 23:30 . 2011-11-19 19:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-19 23:30 . 2011-11-19 19:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-19 23:30 . 2011-11-10 23:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-19 23:31 . 2011-11-10 23:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-19 23:31 . 2011-11-19 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-19 23:31 . 2011-11-10 23:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-19 23:31 . 2011-11-19 19:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-28 02:21 . 2011-11-18 01:30 5340 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2011-11-10 22:22 . 2011-11-10 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-19 18:00 . 2011-11-19 19:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-10 22:22 . 2011-11-10 23:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-19 18:00 . 2011-11-19 19:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-20 02:24 . 2011-11-19 01:48 602736 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-11-09 04:37 . 2011-11-16 04:22 118272 c:\windows\System32\sysprep\cryptbase.dll
- 2009-07-14 02:05 . 2011-11-10 22:27 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-11-19 19:08 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-11-19 19:08 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-11-10 22:27 103568 c:\windows\System32\perfc009.dat
+ 2009-09-20 02:13 . 2011-11-18 03:14 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-20 02:13 . 2011-06-06 01:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-20 02:13 . 2011-11-19 00:42 163840 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2011-11-19 00:42 344064 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:47 . 2011-11-10 22:20 401572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-11-19 16:06 401572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2011-11-11 00:45 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2011-09-09 14:23 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-09-20 02:13 . 2011-11-19 00:42 2211840 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-20 16:20 . 2011-11-19 16:06 1120268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2592985189-1267990104-292155431-1001-8192.dat
- 2010-07-20 16:20 . 2011-11-10 22:20 1120268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2592985189-1267990104-292155431-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-08-14 21975120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-16 150552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Dong Hee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sung\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-9-19 311296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-20 15:02 1238352 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-10 02:40 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dciiodrv.sys [2009-09-20 2944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2009-01-18 3567]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-05 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-11-10 116608]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2592985189-1267990104-292155431-1003Core.job
- c:\users\Dong Hee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 16:10]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2592985189-1267990104-292155431-1003UA.job
- c:\users\Dong Hee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-31 16:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
DPF: {25B3D644-9C27-42AB-B416-30B8089BD352} - hxxp://www.i-scream.com/kpeerstream/KPeerStreamActiveX.cab
FF - ProfilePath - c:\users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2740)
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-11-19 14:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 19:23
ComboFix2.txt 2011-11-19 17:39
ComboFix3.txt 2011-11-19 00:48
ComboFix4.txt 2011-11-10 23:51
.
Pre-Run: 34,505,134,080 bytes free
Post-Run: 34,201,079,808 bytes free
.
- - End Of File - - 6F371D5CCCC570C71F90B1121466307B

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 PM

Posted 19 November 2011 - 02:51 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LolCakeLazors

LolCakeLazors
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 19 November 2011 - 07:46 PM

Ran OTL. No trouble while running it.

OTL logfile created on: 11/19/2011 7:33:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sung\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.24 Mb Total Physical Memory | 281.61 Mb Available Physical Memory | 27.74% Memory free
1.99 Gb Paging File | 1.19 Gb Available in Paging File | 59.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 31.93 Gb Free Space | 44.31% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 65.14 Gb Free Space | 90.40% Space Free | Partition Type: NTFS

Computer Name: ASUSEEE | User Name: Sung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sung\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (dciiodrv) -- C:\Windows\System32\drivers\dciiodrv.sys ()
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (CSC) -- C:\Windows\System32\drivers\csc.sys ()
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (PortTalk) -- C:\Windows\System32\drivers\porttalk.sys (Beyond Logic http://www.beyondlogic.org)
DRV - (AsusACPI) -- C:\Windows\System32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2E 2C 73 0F BC 62 3F 4E AD B4 D0 7B D7 6D 4F 26 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2E 2C 73 0F BC 62 3F 4E AD B4 D0 7B D7 6D 4F 26 [binary data]

IE - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 AA 0C 4E 4A 9F CC 01 [binary data]
IE - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2E 2C 73 0F BC 62 3F 4E AD B4 D0 7B D7 6D 4F 26 [binary data]
IE - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 21:14:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 11:37:24 | 000,000,000 | ---D | M]

[2009/09/19 18:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sung\AppData\Roaming\Mozilla\Extensions
[2011/11/15 23:22:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions
[2011/11/08 23:37:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{3267330c-314c-4f09-84b3-f93989499112}
[2011/11/15 23:49:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{63844652-bff4-48f5-a5b6-3e54c747f329}
[2011/11/10 21:15:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/09 00:29:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{c2fedfc3-4ad3-4bfe-81ab-c7487ea95204}
[2010/10/26 20:11:15 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\firesheep@codebutler.com
[2009/09/19 19:14:17 | 000,000,000 | ---D | M] (Pimpoflage) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\pimpoflage@ffpimp.com
[2011/11/10 21:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/06 13:08:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\SUNG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C98WFYB7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/10 21:14:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/16 20:40:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/24 21:04:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 21:14:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/19 14:03:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-2592985189-1267990104-292155431-1001..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Dong Hee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\Dong Hee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2592985189-1267990104-292155431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {25B3D644-9C27-42AB-B416-30B8089BD352} http://www.i-scream.com/kpeerstream/KPeerStreamActiveX.cab (KPeerStream Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18F46DFE-88E6-4054-97F5-1512385C89AC}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/19 19:32:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sung\Desktop\OTL.exe
[2011/11/19 14:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/19 14:19:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/19 13:06:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/18 07:49:29 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Local\temp
[2011/11/16 00:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\ACBB4
[2011/11/16 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\803AC
[2011/11/16 00:21:56 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
[2011/11/16 00:21:55 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\YwkkIVVrlONxPuS
[2011/11/16 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\kWKK77fEL9gTZj
[2011/11/16 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\aXXXqjjYCekVrOt
[2011/11/16 00:21:40 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\cOOONttxP0uc1iD
[2011/11/16 00:19:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/10 23:05:37 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Local\ElevatedDiagnostics
[2011/11/10 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\BatteryBar
[2011/11/10 21:46:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sung\Desktop\dds.scr
[2011/11/10 21:18:13 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/10 17:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/10 17:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/10 17:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/10 17:00:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/10 16:57:40 | 004,301,841 | R--- | C] (Swearware) -- C:\Users\Sung\Desktop\ComboFix.exe
[2011/11/10 16:54:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/10 12:25:04 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2011/11/09 21:39:10 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/09 21:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/11/09 21:38:45 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/09 21:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/09 21:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/09 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\Malwarebytes
[2011/11/09 19:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/09 19:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/09 19:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/09 00:39:39 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/11/09 00:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/11/08 23:38:05 | 000,000,000 | -HSD | C] -- C:\Users\Sung\AppData\Local\601fb19a

========== Files - Modified Within 30 Days ==========

[2011/11/19 19:32:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sung\Desktop\OTL.exe
[2011/11/19 19:05:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/19 18:47:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592985189-1267990104-292155431-1003UA.job
[2011/11/19 18:46:35 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/19 18:46:35 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/19 18:42:09 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 14:03:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/19 11:25:02 | 004,301,841 | R--- | M] (Swearware) -- C:\Users\Sung\Desktop\ComboFix.exe
[2011/11/18 20:48:11 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2592985189-1267990104-292155431-1003Core.job
[2011/11/10 22:06:24 | 000,000,176 | ---- | M] () -- C:\Users\Sung\defogger_reenable
[2011/11/10 22:00:48 | 000,302,592 | ---- | M] () -- C:\Users\Sung\Desktop\l2m8s016.exe
[2011/11/10 21:46:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sung\Desktop\dds.scr
[2011/11/10 21:44:25 | 000,001,994 | ---- | M] () -- C:\Users\Sung\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/10 21:18:21 | 000,000,304 | ---- | M] () -- C:\ProgramData\~YNeFJoZFEhSUs7
[2011/11/10 21:18:21 | 000,000,240 | ---- | M] () -- C:\ProgramData\~YNeFJoZFEhSUs7r
[2011/11/10 21:18:14 | 000,000,681 | ---- | M] () -- C:\Users\Sung\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/10 21:18:14 | 000,000,657 | ---- | M] () -- C:\Users\Sung\Desktop\System Restore.lnk
[2011/11/10 21:18:06 | 000,000,344 | ---- | M] () -- C:\ProgramData\YNeFJoZFEhSUs7
[2011/11/10 16:24:00 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/11/10 14:32:37 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/11/10 14:32:37 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/11/10 14:10:03 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 14:10:03 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 12:22:07 | 000,001,832 | ---- | M] () -- C:\Users\Sung\Desktop\Windows Compatibility Report.htm
[2011/11/09 21:38:45 | 000,001,961 | ---- | M] () -- C:\Users\Sung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/09 01:03:05 | 000,007,606 | ---- | M] () -- C:\Users\Sung\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2011/11/18 07:26:46 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SuperHybridEngine.lnk
[2011/11/18 07:25:06 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/18 07:25:05 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/18 07:25:04 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/18 07:25:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/18 07:25:01 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/18 07:25:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/18 07:24:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/18 07:24:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/10 22:05:54 | 000,000,176 | ---- | C] () -- C:\Users\Sung\defogger_reenable
[2011/11/10 22:01:01 | 000,302,592 | ---- | C] () -- C:\Users\Sung\Desktop\l2m8s016.exe
[2011/11/10 21:18:21 | 000,000,240 | ---- | C] () -- C:\ProgramData\~YNeFJoZFEhSUs7r
[2011/11/10 21:18:20 | 000,000,304 | ---- | C] () -- C:\ProgramData\~YNeFJoZFEhSUs7
[2011/11/10 21:18:14 | 000,000,681 | ---- | C] () -- C:\Users\Sung\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/10 21:18:14 | 000,000,657 | ---- | C] () -- C:\Users\Sung\Desktop\System Restore.lnk
[2011/11/10 21:18:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\YNeFJoZFEhSUs7
[2011/11/10 17:05:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/10 17:05:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/10 17:05:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/10 17:05:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/10 17:05:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/10 12:22:07 | 000,001,832 | ---- | C] () -- C:\Users\Sung\Desktop\Windows Compatibility Report.htm
[2011/11/10 11:30:27 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/11/10 11:30:27 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/11/09 21:38:45 | 000,001,961 | ---- | C] () -- C:\Users\Sung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/09 01:03:05 | 000,007,606 | ---- | C] () -- C:\Users\Sung\AppData\Local\Resmon.ResmonCfg
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/12/25 11:57:20 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/10 20:37:52 | 000,003,584 | ---- | C] () -- C:\Users\Sung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/19 19:18:27 | 000,002,944 | ---- | C] () -- C:\Windows\System32\drivers\dciiodrv.sys
[2009/09/19 19:09:04 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2009/09/19 19:09:04 | 000,012,208 | ---- | C] () -- C:\Windows\AsTrayLang.ini
[2009/09/19 19:04:20 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/07/31 15:41:30 | 000,345,552 | ---- | C] () -- C:\Windows\KPeerStreamUpdater.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,408,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 18:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/13 18:15:13 | 000,387,584 | ---- | C] () -- C:\Windows\System32\drivers\csc.sys
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/06/18 12:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 PM

Posted 20 November 2011 - 01:20 PM

Hello

I want you to run this custom OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - Startup: C:\Users\Dong Hee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2011/11/08 23:37:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{3267330c-314c-4f09-84b3-f93989499112}
    [2011/11/15 23:49:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{63844652-bff4-48f5-a5b6-3e54c747f329}
    [2011/11/09 00:29:23 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{c2fedfc3-4ad3-4bfe-81ab-c7487ea95204}
    [2011/11/16 00:21:55 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\YwkkIVVrlONxPuS
    [2011/11/16 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\kWKK77fEL9gTZj
    [2011/11/16 00:21:44 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\aXXXqjjYCekVrOt
    [2011/11/16 00:21:40 | 000,000,000 | ---D | C] -- C:\Users\Sung\AppData\Roaming\cOOONttxP0uc1iD
    [2011/11/10 21:18:21 | 000,000,304 | ---- | M] () -- C:\ProgramData\~YNeFJoZFEhSUs7
    [2011/11/10 21:18:21 | 000,000,240 | ---- | M] () -- C:\ProgramData\~YNeFJoZFEhSUs7r
    [2011/11/10 21:18:14 | 000,000,681 | ---- | M] () -- C:\Users\Sung\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/11/10 21:18:14 | 000,000,657 | ---- | M] () -- C:\Users\Sung\Desktop\System Restore.lnk
    [2011/11/10 21:18:06 | 000,000,344 | ---- | M] () -- C:\ProgramData\YNeFJoZFEhSUs7
    [2011/11/10 21:18:21 | 000,000,240 | ---- | C] () -- C:\ProgramData\~YNeFJoZFEhSUs7r
    [2011/11/10 21:18:20 | 000,000,304 | ---- | C] () -- C:\ProgramData\~YNeFJoZFEhSUs7
    [2011/11/10 21:18:14 | 000,000,681 | ---- | C] () -- C:\Users\Sung\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/11/10 21:18:14 | 000,000,657 | ---- | C] () -- C:\Users\Sung\Desktop\System Restore.lnk
    [2011/11/10 21:18:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\YNeFJoZFEhSUs7
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 LolCakeLazors

LolCakeLazors
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 21 November 2011 - 10:26 PM

Still getting redirects, nothing major though.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Users\Dong Hee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{3267330c-314c-4f09-84b3-f93989499112}\defaults\preferences folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{3267330c-314c-4f09-84b3-f93989499112}\defaults folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{3267330c-314c-4f09-84b3-f93989499112}\chrome folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{3267330c-314c-4f09-84b3-f93989499112} folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{63844652-bff4-48f5-a5b6-3e54c747f329}\defaults\preferences folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{63844652-bff4-48f5-a5b6-3e54c747f329}\defaults folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{63844652-bff4-48f5-a5b6-3e54c747f329}\chrome folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{63844652-bff4-48f5-a5b6-3e54c747f329} folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{c2fedfc3-4ad3-4bfe-81ab-c7487ea95204}\defaults\preferences folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{c2fedfc3-4ad3-4bfe-81ab-c7487ea95204}\defaults folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{c2fedfc3-4ad3-4bfe-81ab-c7487ea95204}\chrome folder moved successfully.
C:\Users\Sung\AppData\Roaming\Mozilla\Firefox\Profiles\c98wfyb7.default\extensions\{c2fedfc3-4ad3-4bfe-81ab-c7487ea95204} folder moved successfully.
C:\Users\Sung\AppData\Roaming\YwkkIVVrlONxPuS folder moved successfully.
C:\Users\Sung\AppData\Roaming\kWKK77fEL9gTZj folder moved successfully.
C:\Users\Sung\AppData\Roaming\aXXXqjjYCekVrOt folder moved successfully.
C:\Users\Sung\AppData\Roaming\cOOONttxP0uc1iD folder moved successfully.
C:\ProgramData\~YNeFJoZFEhSUs7 moved successfully.
C:\ProgramData\~YNeFJoZFEhSUs7r moved successfully.
C:\Users\Sung\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
C:\Users\Sung\Desktop\System Restore.lnk moved successfully.
C:\ProgramData\YNeFJoZFEhSUs7 moved successfully.
File C:\ProgramData\~YNeFJoZFEhSUs7r not found.
File C:\ProgramData\~YNeFJoZFEhSUs7 not found.
File C:\Users\Sung\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.
File C:\Users\Sung\Desktop\System Restore.lnk not found.
File C:\ProgramData\YNeFJoZFEhSUs7 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sung\Desktop\cmd.bat deleted successfully.
C:\Users\Sung\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dong Hee
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sung
->Temp folder emptied: 122221 bytes
->Temporary Internet Files folder emptied: 58994770 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 125052390 bytes
->Flash cache emptied: 17721 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 176.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Dong Hee

User: Public

User: Sung
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Dong Hee
->Flash cache emptied: 0 bytes

User: Public

User: Sung
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_221812

Files\Folders moved on Reboot...
File\Folder C:\Users\Sung\AppData\Local\Temp\~DF1E5283D6C5255EBA.TMP not found!
File\Folder C:\Users\Sung\AppData\Local\Temp\~DF2422721BFEAEA194.TMP not found!
File\Folder C:\Users\Sung\AppData\Local\Temp\~DF78E7032A776D2ABD.TMP not found!
File\Folder C:\Users\Sung\AppData\Local\Temp\~DFAE4368A4E17865E4.TMP not found!
File\Folder C:\Users\Sung\AppData\Local\Temp\~DFEA011D93D31B37AA.TMP not found!
File\Folder C:\Users\Sung\AppData\Local\Temp\~DFF8AB6ECF6F8CF285.TMP not found!
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3F468IG\emily[2].html moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3F468IG\fw-nonplayer-bannerCASL87CX.htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3F468IG\fw-nonplayer-banner[11].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3F468IG\fw-nonplayer-banner[9].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3F468IG\login_statusCAYY1VBA.htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3F468IG\roi_300x250[1].html moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3F468IG\sandbox[7].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\aceUACping[1].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\andes_c[1].html moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\ff2[1].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\ff2[2].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\fw-nonplayer-bannerCA55KSBF.htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\fw-nonplayer-bannerCACGH3RS.htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\fw-nonplayer-bannerCAZV4O53.htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\iframe3[4].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\iframe3[5].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\redirect_v94_cim_11_16_0[1].html moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\roi_728x90[1].html moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T4UBG9C\xd_receiver[1].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MDQPPAF\emii-stilettos-music-video[1].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MDQPPAF\iframe3[3].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MDQPPAF\img[1].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MDQPPAF\img[2].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MDQPPAF\img[3].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MDQPPAF\img[4].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MDQPPAF\sandbox[5].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13CDMR8H\holiday-buying-guide-iphone-cases[1].htm moved successfully.
C:\Users\Sung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13CDMR8H\iframe3[3].htm moved successfully.

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 PM

Posted 21 November 2011 - 11:23 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 LolCakeLazors

LolCakeLazors
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 22 November 2011 - 10:22 PM

TDSSKiller won't work as it seems like it is being blocked by the virus.

I've noticed that iexplorer.exe keeps popping up and that winlogin.exe is open (is that normal?) I feel like winlogin.exe is a problem as one of the registry files in winlogin.exe were detected as malware before by Malwarebytes.

Help?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:52 PM

Posted 22 November 2011 - 11:41 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 LolCakeLazors

LolCakeLazors
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 22 November 2011 - 11:59 PM

fixTDSS detected an infected MBR and fixed it.

TDSSkiller found a ZeroAccess rootkit. Here is the log:

23:54:26.0464 3684 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
23:54:26.0776 3684 ============================================================
23:54:26.0776 3684 Current date / time: 2011/11/22 23:54:26.0776
23:54:26.0776 3684 SystemInfo:
23:54:26.0776 3684
23:54:26.0776 3684 OS Version: 6.1.7600 ServicePack: 0.0
23:54:26.0776 3684 Product type: Workstation
23:54:26.0776 3684 ComputerName: ASUSEEE
23:54:26.0776 3684 UserName: Sung
23:54:26.0776 3684 Windows directory: C:\Windows
23:54:26.0776 3684 System windows directory: C:\Windows
23:54:26.0776 3684 Processor architecture: Intel x86
23:54:26.0776 3684 Number of processors: 2
23:54:26.0776 3684 Page size: 0x1000
23:54:26.0776 3684 Boot type: Normal boot
23:54:26.0776 3684 ============================================================
23:54:30.0660 3684 Initialize success
23:54:35.0309 3776 ============================================================
23:54:35.0309 3776 Scan started
23:54:35.0309 3776 Mode: Manual;
23:54:35.0309 3776 ============================================================
23:54:38.0960 3776 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:54:38.0975 3776 1394ohci - ok
23:54:39.0350 3776 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:54:39.0350 3776 ACPI - ok
23:54:39.0818 3776 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:54:39.0818 3776 AcpiPmi - ok
23:54:40.0208 3776 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:54:40.0208 3776 adp94xx - ok
23:54:40.0520 3776 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:54:40.0535 3776 adpahci - ok
23:54:40.0816 3776 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:54:40.0832 3776 adpu320 - ok
23:54:41.0066 3776 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
23:54:41.0081 3776 AFD - ok
23:54:41.0128 3776 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:54:41.0128 3776 agp440 - ok
23:54:41.0315 3776 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:54:41.0331 3776 aic78xx - ok
23:54:41.0502 3776 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:54:41.0502 3776 aliide - ok
23:54:41.0549 3776 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:54:41.0549 3776 amdagp - ok
23:54:41.0627 3776 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:54:41.0627 3776 amdide - ok
23:54:41.0939 3776 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:54:41.0939 3776 AmdK8 - ok
23:54:42.0173 3776 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:54:42.0189 3776 AmdPPM - ok
23:54:42.0282 3776 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
23:54:42.0298 3776 amdsata - ok
23:54:42.0345 3776 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:54:42.0345 3776 amdsbs - ok
23:54:42.0392 3776 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
23:54:42.0392 3776 amdxata - ok
23:54:42.0470 3776 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:54:42.0470 3776 AppID - ok
23:54:42.0688 3776 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:54:42.0688 3776 arc - ok
23:54:42.0750 3776 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:54:42.0750 3776 arcsas - ok
23:54:42.0828 3776 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\Windows\system32\DRIVERS\ASUSACPI.sys
23:54:42.0828 3776 AsusACPI - ok
23:54:42.0891 3776 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:54:42.0891 3776 AsyncMac - ok
23:54:42.0922 3776 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:54:42.0922 3776 atapi - ok
23:54:43.0000 3776 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
23:54:43.0047 3776 athr - ok
23:54:43.0234 3776 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:54:43.0250 3776 b06bdrv - ok
23:54:43.0312 3776 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:54:43.0312 3776 b57nd60x - ok
23:54:43.0484 3776 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:54:43.0484 3776 Beep - ok
23:54:43.0577 3776 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:54:43.0577 3776 blbdrive - ok
23:54:43.0749 3776 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
23:54:43.0764 3776 bowser - ok
23:54:43.0811 3776 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:54:43.0811 3776 BrFiltLo - ok
23:54:43.0905 3776 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:54:43.0905 3776 BrFiltUp - ok
23:54:44.0061 3776 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:54:44.0061 3776 Brserid - ok
23:54:44.0108 3776 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:54:44.0108 3776 BrSerWdm - ok
23:54:44.0201 3776 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:54:44.0201 3776 BrUsbMdm - ok
23:54:44.0310 3776 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:54:44.0310 3776 BrUsbSer - ok
23:54:44.0342 3776 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:54:44.0342 3776 BTHMODEM - ok
23:54:44.0466 3776 catchme - ok
23:54:44.0591 3776 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:54:44.0591 3776 cdfs - ok
23:54:44.0669 3776 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:54:44.0685 3776 cdrom - ok
23:54:44.0825 3776 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:54:44.0825 3776 circlass - ok
23:54:44.0888 3776 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:54:44.0903 3776 CLFS - ok
23:54:44.0966 3776 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:54:44.0981 3776 CmBatt - ok
23:54:45.0012 3776 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:54:45.0012 3776 cmdide - ok
23:54:45.0059 3776 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
23:54:45.0075 3776 CNG - ok
23:54:45.0122 3776 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:54:45.0122 3776 Compbatt - ok
23:54:45.0278 3776 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:54:45.0293 3776 CompositeBus - ok
23:54:45.0356 3776 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:54:45.0356 3776 crcdisk - ok
23:54:45.0512 3776 CSC (7794cdef1690f6278a206f5ade4625b4) C:\Windows\system32\drivers\csc.sys
23:54:45.0512 3776 CSC ( Rootkit.Win32.ZAccess.h ) - infected
23:54:45.0512 3776 CSC - detected Rootkit.Win32.ZAccess.h (0)
23:54:45.0652 3776 dciiodrv (a575d398599d2e99fa0ad3e461fd697c) C:\Windows\system32\drivers\dciiodrv.sys
23:54:45.0652 3776 dciiodrv - ok
23:54:45.0777 3776 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
23:54:45.0777 3776 DfsC - ok
23:54:45.0917 3776 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:54:45.0933 3776 discache - ok
23:54:46.0042 3776 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:54:46.0042 3776 Disk - ok
23:54:46.0245 3776 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
23:54:46.0260 3776 Dot4 - ok
23:54:46.0307 3776 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:54:46.0307 3776 Dot4Print - ok
23:54:46.0448 3776 Dot4Scan (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
23:54:46.0448 3776 Dot4Scan - ok
23:54:46.0619 3776 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
23:54:46.0635 3776 dot4usb - ok
23:54:46.0869 3776 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:54:46.0869 3776 drmkaud - ok
23:54:47.0072 3776 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
23:54:47.0072 3776 DXGKrnl - ok
23:54:47.0228 3776 EagleNT - ok
23:54:47.0415 3776 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:54:47.0508 3776 ebdrv - ok
23:54:47.0727 3776 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:54:47.0758 3776 elxstor - ok
23:54:47.0883 3776 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:54:47.0883 3776 ErrDev - ok
23:54:47.0976 3776 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:54:47.0976 3776 exfat - ok
23:54:48.0023 3776 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:54:48.0039 3776 fastfat - ok
23:54:48.0117 3776 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:54:48.0117 3776 fdc - ok
23:54:48.0210 3776 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:54:48.0210 3776 FileInfo - ok
23:54:48.0320 3776 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:54:48.0320 3776 Filetrace - ok
23:54:48.0491 3776 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:54:48.0491 3776 flpydisk - ok
23:54:48.0710 3776 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:54:48.0725 3776 FltMgr - ok
23:54:48.0959 3776 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:54:48.0959 3776 FsDepends - ok
23:54:49.0068 3776 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:54:49.0068 3776 Fs_Rec - ok
23:54:49.0209 3776 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
23:54:49.0209 3776 fvevol - ok
23:54:49.0302 3776 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:54:49.0302 3776 gagp30kx - ok
23:54:49.0505 3776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:54:49.0505 3776 GEARAspiWDM - ok
23:54:49.0677 3776 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:54:49.0677 3776 hcw85cir - ok
23:54:49.0848 3776 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:54:49.0864 3776 HdAudAddService - ok
23:54:50.0020 3776 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:54:50.0020 3776 HDAudBus - ok
23:54:50.0192 3776 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:54:50.0192 3776 HidBatt - ok
23:54:50.0363 3776 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:54:50.0363 3776 HidBth - ok
23:54:50.0519 3776 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:54:50.0519 3776 HidIr - ok
23:54:50.0722 3776 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:54:50.0738 3776 HidUsb - ok
23:54:50.0972 3776 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:54:50.0987 3776 HpSAMD - ok
23:54:51.0174 3776 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:54:51.0190 3776 HTTP - ok
23:54:51.0377 3776 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:54:51.0377 3776 hwpolicy - ok
23:54:51.0580 3776 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:54:51.0580 3776 i8042prt - ok
23:54:51.0814 3776 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
23:54:51.0814 3776 iaStorV - ok
23:54:52.0329 3776 igfx (c4097c4f60b7603b77e36715663d56eb) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:54:52.0469 3776 igfx - ok
23:54:52.0656 3776 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:54:52.0656 3776 iirsp - ok
23:54:52.0890 3776 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:54:52.0890 3776 intelide - ok
23:54:53.0015 3776 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:54:53.0031 3776 intelppm - ok
23:54:53.0093 3776 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:54:53.0093 3776 IpFilterDriver - ok
23:54:53.0296 3776 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:54:53.0296 3776 IPMIDRV - ok
23:54:53.0483 3776 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:54:53.0499 3776 IPNAT - ok
23:54:53.0717 3776 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:54:53.0733 3776 IRENUM - ok
23:54:53.0904 3776 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:54:53.0904 3776 isapnp - ok
23:54:54.0092 3776 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:54:54.0092 3776 iScsiPrt - ok
23:54:54.0294 3776 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:54:54.0294 3776 kbdclass - ok
23:54:54.0450 3776 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:54:54.0450 3776 kbdhid - ok
23:54:54.0653 3776 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
23:54:54.0653 3776 KSecDD - ok
23:54:54.0794 3776 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
23:54:54.0794 3776 KSecPkg - ok
23:54:54.0934 3776 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
23:54:54.0934 3776 L1C - ok
23:54:55.0137 3776 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:54:55.0137 3776 lltdio - ok
23:54:55.0340 3776 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:54:55.0340 3776 LSI_FC - ok
23:54:55.0464 3776 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:54:55.0464 3776 LSI_SAS - ok
23:54:55.0542 3776 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:54:55.0542 3776 LSI_SAS2 - ok
23:54:55.0776 3776 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:54:55.0792 3776 LSI_SCSI - ok
23:54:55.0932 3776 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:54:55.0932 3776 luafv - ok
23:54:56.0104 3776 MBAMProtector - ok
23:54:56.0244 3776 MBAMSwissArmy - ok
23:54:56.0338 3776 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:54:56.0338 3776 megasas - ok
23:54:56.0478 3776 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:54:56.0478 3776 MegaSR - ok
23:54:56.0619 3776 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:54:56.0619 3776 Modem - ok
23:54:56.0759 3776 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:54:56.0759 3776 monitor - ok
23:54:56.0900 3776 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:54:56.0900 3776 mouclass - ok
23:54:57.0056 3776 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:54:57.0056 3776 mouhid - ok
23:54:57.0212 3776 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:54:57.0212 3776 mountmgr - ok
23:54:57.0274 3776 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:54:57.0274 3776 mpio - ok
23:54:57.0773 3776 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:54:57.0773 3776 mpsdrv - ok
23:54:57.0898 3776 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:54:57.0914 3776 MRxDAV - ok
23:54:57.0976 3776 mrxsmb (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:54:57.0976 3776 mrxsmb - ok
23:54:58.0023 3776 mrxsmb10 (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:54:58.0023 3776 mrxsmb10 - ok
23:54:58.0070 3776 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:54:58.0085 3776 mrxsmb20 - ok
23:54:58.0116 3776 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:54:58.0116 3776 msahci - ok
23:54:58.0148 3776 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:54:58.0163 3776 msdsm - ok
23:54:58.0226 3776 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:54:58.0241 3776 Msfs - ok
23:54:58.0288 3776 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:54:58.0288 3776 mshidkmdf - ok
23:54:58.0319 3776 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:54:58.0319 3776 msisadrv - ok
23:54:58.0506 3776 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:54:58.0506 3776 MSKSSRV - ok
23:54:58.0569 3776 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:54:58.0584 3776 MSPCLOCK - ok
23:54:58.0694 3776 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:54:58.0709 3776 MSPQM - ok
23:54:58.0772 3776 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:54:58.0772 3776 MsRPC - ok
23:54:58.0834 3776 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:54:58.0834 3776 mssmbios - ok
23:54:58.0928 3776 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:54:58.0928 3776 MSTEE - ok
23:54:58.0990 3776 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:54:58.0990 3776 MTConfig - ok
23:54:59.0068 3776 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:54:59.0068 3776 Mup - ok
23:54:59.0240 3776 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:54:59.0240 3776 NativeWifiP - ok
23:54:59.0318 3776 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:54:59.0349 3776 NDIS - ok
23:54:59.0474 3776 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:54:59.0489 3776 NdisCap - ok
23:54:59.0536 3776 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:54:59.0536 3776 NdisTapi - ok
23:54:59.0661 3776 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:54:59.0661 3776 Ndisuio - ok
23:54:59.0708 3776 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:54:59.0723 3776 NdisWan - ok
23:54:59.0770 3776 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:54:59.0770 3776 NDProxy - ok
23:54:59.0832 3776 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:54:59.0832 3776 NetBIOS - ok
23:54:59.0942 3776 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:54:59.0942 3776 NetBT - ok
23:55:00.0160 3776 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:55:00.0176 3776 nfrd960 - ok
23:55:00.0332 3776 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
23:55:00.0347 3776 NPF - ok
23:55:00.0410 3776 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:55:00.0410 3776 Npfs - ok
23:55:00.0456 3776 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:55:00.0456 3776 nsiproxy - ok
23:55:00.0534 3776 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
23:55:00.0566 3776 Ntfs - ok
23:55:00.0628 3776 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:55:00.0644 3776 Null - ok
23:55:00.0815 3776 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
23:55:00.0815 3776 nvraid - ok
23:55:00.0862 3776 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
23:55:00.0878 3776 nvstor - ok
23:55:00.0940 3776 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:55:00.0956 3776 nv_agp - ok
23:55:01.0049 3776 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:55:01.0049 3776 ohci1394 - ok
23:55:01.0283 3776 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:55:01.0299 3776 Parport - ok
23:55:01.0408 3776 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
23:55:01.0408 3776 partmgr - ok
23:55:01.0486 3776 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:55:01.0486 3776 Parvdm - ok
23:55:01.0611 3776 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:55:01.0611 3776 pci - ok
23:55:01.0736 3776 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:55:01.0736 3776 pciide - ok
23:55:01.0798 3776 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:55:01.0798 3776 pcmcia - ok
23:55:01.0860 3776 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:55:01.0860 3776 pcw - ok
23:55:01.0923 3776 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:55:01.0938 3776 PEAUTH - ok
23:55:02.0219 3776 PortTalk (7d5a2d755b6c6579f63657b527d6ff1b) C:\Windows\system32\Drivers\PortTalk.sys
23:55:02.0219 3776 PortTalk - ok
23:55:02.0297 3776 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:55:02.0297 3776 PptpMiniport - ok
23:55:02.0344 3776 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:55:02.0344 3776 Processor - ok
23:55:02.0516 3776 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:55:02.0531 3776 Psched - ok
23:55:02.0609 3776 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:55:02.0656 3776 ql2300 - ok
23:55:02.0703 3776 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:55:02.0703 3776 ql40xx - ok
23:55:02.0828 3776 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:55:02.0843 3776 QWAVEdrv - ok
23:55:02.0890 3776 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:55:02.0890 3776 RasAcd - ok
23:55:02.0968 3776 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:55:02.0968 3776 RasAgileVpn - ok
23:55:03.0030 3776 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:55:03.0030 3776 Rasl2tp - ok
23:55:03.0077 3776 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:55:03.0077 3776 RasPppoe - ok
23:55:03.0124 3776 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:55:03.0140 3776 RasSstp - ok
23:55:03.0171 3776 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:55:03.0186 3776 rdbss - ok
23:55:03.0202 3776 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:55:03.0218 3776 rdpbus - ok
23:55:03.0233 3776 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:55:03.0249 3776 RDPCDD - ok
23:55:03.0311 3776 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:55:03.0311 3776 RDPDR - ok
23:55:03.0358 3776 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:55:03.0358 3776 RDPENCDD - ok
23:55:03.0405 3776 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:55:03.0405 3776 RDPREFMP - ok
23:55:03.0452 3776 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
23:55:03.0452 3776 RDPWD - ok
23:55:03.0514 3776 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:55:03.0514 3776 rdyboost - ok
23:55:03.0732 3776 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:55:03.0732 3776 rspndr - ok
23:55:03.0795 3776 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:55:03.0795 3776 s3cap - ok
23:55:03.0904 3776 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:55:03.0904 3776 SASDIFSV - ok
23:55:03.0951 3776 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:55:03.0951 3776 SASKUTIL - ok
23:55:04.0076 3776 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:55:04.0076 3776 sbp2port - ok
23:55:04.0138 3776 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:55:04.0154 3776 scfilter - ok
23:55:04.0232 3776 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:55:04.0232 3776 secdrv - ok
23:55:04.0310 3776 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:55:04.0310 3776 Serenum - ok
23:55:04.0356 3776 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:55:04.0372 3776 Serial - ok
23:55:04.0403 3776 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:55:04.0403 3776 sermouse - ok
23:55:04.0497 3776 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:55:04.0497 3776 sffdisk - ok
23:55:04.0544 3776 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:55:04.0544 3776 sffp_mmc - ok
23:55:04.0590 3776 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:55:04.0606 3776 sffp_sd - ok
23:55:04.0637 3776 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:55:04.0653 3776 sfloppy - ok
23:55:04.0731 3776 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:55:04.0731 3776 sisagp - ok
23:55:04.0793 3776 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:55:04.0793 3776 SiSRaid2 - ok
23:55:04.0856 3776 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:55:04.0856 3776 SiSRaid4 - ok
23:55:04.0934 3776 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:55:04.0949 3776 Smb - ok
23:55:05.0074 3776 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:55:05.0074 3776 spldr - ok
23:55:05.0292 3776 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
23:55:05.0324 3776 sptd - ok
23:55:05.0386 3776 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
23:55:05.0402 3776 srv - ok
23:55:05.0448 3776 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
23:55:05.0464 3776 srv2 - ok
23:55:05.0511 3776 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
23:55:05.0526 3776 srvnet - ok
23:55:05.0682 3776 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:55:05.0698 3776 stexstor - ok
23:55:05.0760 3776 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:55:05.0776 3776 storflt - ok
23:55:05.0807 3776 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:55:05.0807 3776 storvsc - ok
23:55:05.0854 3776 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:55:05.0854 3776 swenum - ok
23:55:06.0026 3776 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\Windows\system32\DRIVERS\SynTP.sys
23:55:06.0026 3776 SynTP - ok
23:55:06.0228 3776 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
23:55:06.0275 3776 Tcpip - ok
23:55:06.0369 3776 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
23:55:06.0384 3776 TCPIP6 - ok
23:55:06.0447 3776 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:55:06.0447 3776 tcpipreg - ok
23:55:06.0540 3776 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:55:06.0540 3776 TDPIPE - ok
23:55:06.0572 3776 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
23:55:06.0572 3776 TDTCP - ok
23:55:06.0634 3776 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
23:55:06.0634 3776 tdx - ok
23:55:06.0696 3776 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:55:06.0696 3776 TermDD - ok
23:55:06.0868 3776 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:55:06.0884 3776 tssecsrv - ok
23:55:07.0008 3776 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:55:07.0008 3776 tunnel - ok
23:55:07.0055 3776 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:55:07.0071 3776 uagp35 - ok
23:55:07.0118 3776 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:55:07.0133 3776 udfs - ok
23:55:07.0227 3776 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:55:07.0242 3776 uliagpkx - ok
23:55:07.0352 3776 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:55:07.0367 3776 umbus - ok
23:55:07.0414 3776 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:55:07.0430 3776 UmPass - ok
23:55:07.0554 3776 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
23:55:07.0554 3776 USBAAPL - ok
23:55:07.0648 3776 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
23:55:07.0664 3776 usbaudio - ok
23:55:07.0726 3776 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
23:55:07.0726 3776 usbccgp - ok
23:55:07.0788 3776 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:55:07.0788 3776 usbcir - ok
23:55:07.0851 3776 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
23:55:07.0851 3776 usbehci - ok
23:55:07.0913 3776 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
23:55:07.0913 3776 usbhub - ok
23:55:07.0960 3776 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
23:55:07.0976 3776 usbohci - ok
23:55:08.0022 3776 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:55:08.0022 3776 usbprint - ok
23:55:08.0100 3776 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
23:55:08.0116 3776 usbscan - ok
23:55:08.0163 3776 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:55:08.0178 3776 USBSTOR - ok
23:55:08.0210 3776 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
23:55:08.0225 3776 usbuhci - ok
23:55:08.0288 3776 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
23:55:08.0303 3776 usbvideo - ok
23:55:08.0381 3776 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:55:08.0381 3776 vdrvroot - ok
23:55:08.0444 3776 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:55:08.0444 3776 vga - ok
23:55:08.0475 3776 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:55:08.0475 3776 VgaSave - ok
23:55:08.0537 3776 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:55:08.0537 3776 vhdmp - ok
23:55:08.0584 3776 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:55:08.0600 3776 viaagp - ok
23:55:08.0631 3776 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:55:08.0646 3776 ViaC7 - ok
23:55:08.0709 3776 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:55:08.0709 3776 viaide - ok
23:55:08.0771 3776 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:55:08.0771 3776 vmbus - ok
23:55:08.0802 3776 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:55:08.0818 3776 VMBusHID - ok
23:55:08.0849 3776 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:55:08.0849 3776 volmgr - ok
23:55:08.0896 3776 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:55:08.0912 3776 volmgrx - ok
23:55:08.0958 3776 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:55:08.0958 3776 volsnap - ok
23:55:09.0005 3776 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:55:09.0021 3776 vsmraid - ok
23:55:09.0068 3776 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:55:09.0068 3776 vwifibus - ok
23:55:09.0146 3776 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:55:09.0146 3776 vwififlt - ok
23:55:09.0224 3776 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
23:55:09.0239 3776 vwifimp - ok
23:55:09.0333 3776 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:55:09.0333 3776 WacomPen - ok
23:55:09.0395 3776 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:55:09.0411 3776 WANARP - ok
23:55:09.0426 3776 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:55:09.0442 3776 Wanarpv6 - ok
23:55:09.0567 3776 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:55:09.0582 3776 Wd - ok
23:55:09.0660 3776 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:55:09.0676 3776 Wdf01000 - ok
23:55:09.0941 3776 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:55:09.0941 3776 WfpLwf - ok
23:55:10.0019 3776 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:55:10.0019 3776 WIMMount - ok
23:55:10.0300 3776 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
23:55:10.0300 3776 WinUsb - ok
23:55:10.0394 3776 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:55:10.0394 3776 WmiAcpi - ok
23:55:10.0565 3776 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:55:10.0565 3776 ws2ifsl - ok
23:55:10.0815 3776 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:55:10.0830 3776 WudfPf - ok
23:55:10.0986 3776 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:10.0986 3776 WUDFRd - ok
23:55:11.0158 3776 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:55:11.0174 3776 \Device\Harddisk0\DR0 - ok
23:55:11.0205 3776 Boot (0x1200) (dbaba8e8b8728a4ece4f552fd7d31055) \Device\Harddisk0\DR0\Partition0
23:55:11.0205 3776 \Device\Harddisk0\DR0\Partition0 - ok
23:55:11.0252 3776 Boot (0x1200) (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1
23:55:11.0267 3776 \Device\Harddisk0\DR0\Partition1 - ok
23:55:11.0267 3776 ============================================================
23:55:11.0267 3776 Scan finished
23:55:11.0267 3776 ============================================================
23:55:11.0392 3768 Detected object count: 1
23:55:11.0392 3768 Actual detected object count: 1
23:57:01.0436 3768 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\csc.sys) error 1813
23:57:06.0334 3768 Backup copy found, using it..
23:57:06.0365 3768 C:\Windows\system32\drivers\csc.sys - will be cured on reboot
23:57:10.0686 3768 CSC ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
23:57:16.0271 3672 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users