Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect & Unusual History


  • This topic is locked This topic is locked
17 replies to this topic

#1 arkamas

arkamas

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 23 November 2011 - 06:28 AM

Hi,

It appears I have a piece of malware/virus on my computer. I did have something on there that hid all my desktop icons and start menu icons etc., but I removed that. I was also getting the redirect from Google search results, but that appears to have subsided a bit. Now I see popups from IE about different websites randomly appear on my computer, mainly when it is not in use.

I only use firefox, but when I review the history for IE, there are numerous websites that I have not visited in there. The Start menu is also not showing the recently used programs. ixplore.exe is using a tremendous amount of memory as well.

I have used Mcafee, Malwarebytes Anti-Malware and several online scanners, but they do not show up anything. I'm at a bit of a loss as to what to do next..

The system is 64bit so I did not do GMER.

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Polished at 21:43:08 on 2011-11-23
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Polished\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111108035342.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{19DC6041-39B0-46E6-8D6E-F3D81CFE1483} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{329F31A1-F8B1-4487-85B6-A82DA9BC6EE3} : DhcpNameServer = 203.21.113.40 203.21.112.40
TCP: Interfaces\{337657AB-F7A9-4BAE-A222-EFFCDF0BA918} : DhcpNameServer = 203.21.113.40 203.21.112.40
TCP: Interfaces\{7BB292B1-CD06-4595-A761-1B94F309F243} : DhcpNameServer = 202.124.65.22 202.124.65.18
TCP: Interfaces\{C6E1B0ED-6B45-4B1E-9953-0D52A8F9D121} : DhcpNameServer = 10.1.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111108035342.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Polished\AppData\Roaming\Mozilla\Firefox\Profiles\x8ed4fqj.default\
FF - prefs.js: browser.startup.homepage - hxxp://ninemsn.com.au/
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Polished\AppData\Roaming\Mozilla\Firefox\Profiles\x8ed4fqj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeARMservice;Adobe Acrobat Update Service
R? Apache2.2;Remote Access Media Server
R? BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? ewusbnet;HUAWEI USB-NDIS miniport
R? hcw85cir;Hauppauge Consumer Infrared Receiver
R? hwusbfake;Huawei DataCard USB Fake
R? massfilter;ZTE Mass Storage Filter Driver
R? mferkdet;McAfee Inc. mferkdet
R? PerfHost;Performance Counter DLL Host
R? USBAAPL64;Apple Mobile USB Driver
S? AERTFilters;Andrea RT Filters Service
S? AMD External Events Utility;AMD External Events Utility
S? cfwids;McAfee Inc. cfwids
S? DockLoginService;Dock Login Service
S? dsl-db;Remote Access DB
S? dsl-fs-sync;Remote Access File Sync Service
S? FontCache;Windows Font Cache Service
S? HCW85BDA;Hauppauge WinTV 885 Video Capture
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? McMPFSvc;McAfee Personal Firewall Service
S? McNaiAnn;McAfee VirusScan Announcer
S? McProxy;McAfee Proxy Service
S? McShield;McAfee McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? MSSQL$KRONOS;SQL Server (KRONOS)
S? PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver
S? PSI;PSI
S? PxHlpa64;PxHlpa64
S? RtNdPt60;Realtek NDIS Protocol Driver
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? TeamViewer6;TeamViewer 6
S? VMCService;Vodafone Mobile Connect Service
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-23 10:49:29 -------- d-----w- C:\Users\Polished\AppData\Roaming\QuickScan
2011-11-15 22:31:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2482A17-FB6D-4419-8830-0C1D94E9FB5E}\offreg.dll
2011-11-15 22:31:21 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2482A17-FB6D-4419-8830-0C1D94E9FB5E}\mpengine.dll
2011-11-15 05:00:41 -------- d-----w- C:\Program Files\iPod
2011-11-15 05:00:40 -------- d-----w- C:\Program Files\iTunes
2011-11-15 05:00:40 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-15 04:54:28 -------- d-----w- C:\Program Files (x86)\AirPort
2011-11-14 08:04:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-14 08:00:03 -------- d-----w- C:\Program Files\Bonjour
2011-11-14 08:00:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-10 14:02:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 14:00:12 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-10 14:00:12 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-09 03:19:06 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 03:19:02 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 03:19:01 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 03:19:01 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-08 01:52:56 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-08 01:51:34 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-08 01:38:45 -------- d-----w- C:\Users\Polished\AppData\Local\Secunia PSI
2011-11-08 01:38:37 -------- d-----w- C:\Program Files (x86)\Secunia
2011-11-08 00:58:11 -------- d-----w- C:\Users\Polished\AppData\Roaming\Malwarebytes
2011-11-08 00:58:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-08 00:57:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-08 00:57:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-07 08:41:24 -------- dc----w- C:\ProgramData\{03B86DF2-EB61-41C0-AC4A-A4F0EB62E708}
.
==================== Find3M ====================
.
2011-10-24 03:59:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 03:59:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 02:46:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 02:46:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 02:46:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 02:46:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 02:46:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 02:46:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 02:46:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 02:46:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 02:46:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 12:35:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 12:35:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 12:35:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 12:35:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 12:35:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 12:35:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
.
============= FINISH: 21:51:36.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 26 November 2011 - 10:08 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 arkamas

arkamas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 28 November 2011 - 06:53 AM

Thanks for helping.

Here is the DDS.txt file:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Polished at 22:14:20 on 2011-11-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.8190.5901 [GMT 10.5:30]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111108035342.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{19DC6041-39B0-46E6-8D6E-F3D81CFE1483} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{329F31A1-F8B1-4487-85B6-A82DA9BC6EE3} : DhcpNameServer = 203.21.113.40 203.21.112.40
TCP: Interfaces\{337657AB-F7A9-4BAE-A222-EFFCDF0BA918} : DhcpNameServer = 203.21.113.40 203.21.112.40
TCP: Interfaces\{7BB292B1-CD06-4595-A761-1B94F309F243} : DhcpNameServer = 202.124.65.22 202.124.65.18
TCP: Interfaces\{C6E1B0ED-6B45-4B1E-9953-0D52A8F9D121} : DhcpNameServer = 10.1.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111108035342.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Polished\AppData\Roaming\Mozilla\Firefox\Profiles\x8ed4fqj.default\
FF - prefs.js: browser.startup.homepage - hxxp://ninemsn.com.au/
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Polished\AppData\Roaming\Mozilla\Firefox\Profiles\x8ed4fqj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-10 24636]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-6-11 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-7-21 189680]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-8 366152]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-1 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-1 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-1 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-1 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-1 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-1 161168]
R2 MSSQL$KRONOS;SQL Server (KRONOS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-4 2358656]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-7-3 9216]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-10-6 25072]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\system32\drivers\hcw85cir.sys --> C:\Windows\system32\drivers\hcw85cir.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-28 09:50:00 -------- d-----w- C:\Users\Polished\AppData\Local\Apple
2011-11-25 18:01:32 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A34EDE4-6CD6-419B-8721-AFF428FCE0FB}\offreg.dll
2011-11-25 18:01:29 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A34EDE4-6CD6-419B-8721-AFF428FCE0FB}\mpengine.dll
2011-11-25 07:23:06 -------- d-----w- C:\Users\Polished\AppData\Local\Adobe
2011-11-23 10:49:29 -------- d-----w- C:\Users\Polished\AppData\Roaming\QuickScan
2011-11-15 05:00:41 -------- d-----w- C:\Program Files\iPod
2011-11-15 05:00:40 -------- d-----w- C:\Program Files\iTunes
2011-11-15 05:00:40 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-15 04:54:28 -------- d-----w- C:\Program Files (x86)\AirPort
2011-11-14 08:04:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-14 08:00:03 -------- d-----w- C:\Program Files\Bonjour
2011-11-14 08:00:03 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-10 14:02:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 14:00:12 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-10 14:00:12 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-09 03:19:06 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 03:19:02 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 03:19:01 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 03:19:01 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-08 01:52:56 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-08 01:51:34 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-08 01:38:45 -------- d-----w- C:\Users\Polished\AppData\Local\Secunia PSI
2011-11-08 01:38:37 -------- d-----w- C:\Program Files (x86)\Secunia
2011-11-08 00:58:11 -------- d-----w- C:\Users\Polished\AppData\Roaming\Malwarebytes
2011-11-08 00:58:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-08 00:57:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-08 00:57:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-07 08:41:24 -------- dc----w- C:\ProgramData\{03B86DF2-EB61-41C0-AC4A-A4F0EB62E708}
.
==================== Find3M ====================
.
2011-10-24 03:59:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 03:59:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 02:46:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 02:46:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 02:46:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 02:46:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 02:46:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 02:46:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 02:46:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 02:46:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 02:46:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-30 12:35:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 12:35:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 12:35:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 12:35:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 12:35:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 12:35:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 22:21:51.62 ===============



Here is the Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 20/09/2009 1:18:42 AM
System Uptime: 24/11/2011 3:32:46 PM (103 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | CPU 1 | 3003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 426.079 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.559 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP377: 5/11/2011 12:00:01 AM - Scheduled Checkpoint
RP378: 6/11/2011 12:00:01 AM - Scheduled Checkpoint
RP379: 7/11/2011 12:00:01 AM - Scheduled Checkpoint
RP380: 8/11/2011 - Scheduled Checkpoint
RP381: 8/11/2011 12:17:57 PM - Windows Update
RP382: 9/11/2011 9:00:43 AM - Windows Update
RP383: 10/11/2011 - Scheduled Checkpoint
RP384: 10/11/2011 3:00:10 AM - Windows Update
RP385: 11/11/2011 - Scheduled Checkpoint
RP386: 11/11/2011 12:28:38 AM - Installed Java™ 6 Update 29
RP387: 12/11/2011 12:50:33 AM - Scheduled Checkpoint
RP388: 13/11/2011 - Scheduled Checkpoint
RP389: 14/11/2011 - Scheduled Checkpoint
RP390: 14/11/2011 6:30:26 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP391: 14/11/2011 6:30:51 PM - Device Driver Package Install: Apple Network adapters
RP394: 15/11/2011 2:53:46 PM - Windows Update
RP395: 16/11/2011 3:00:10 AM - Windows Update
RP396: 16/11/2011 9:00:50 AM - Windows Update
RP397: 17/11/2011 - Scheduled Checkpoint
RP398: 18/11/2011 12:00:01 AM - Scheduled Checkpoint
RP399: 19/11/2011 12:00:01 AM - Scheduled Checkpoint
RP400: 19/11/2011 7:34:09 PM - Installed Adobe Reader X (10.1.0).
RP401: 21/11/2011 12:00:01 AM - Scheduled Checkpoint
RP402: 22/11/2011 - Scheduled Checkpoint
RP403: 24/11/2011 3:41:34 PM - Windows Update
RP404: 24/11/2011 3:44:39 PM - Windows Update
RP405: 26/11/2011 - Scheduled Checkpoint
RP406: 26/11/2011 4:31:18 AM - Windows Update
RP407: 27/11/2011 - Scheduled Checkpoint
RP408: 28/11/2011 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
AirPort
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Crystal Reports 2008 Runtime
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Remote Access
Dropbox
GoToAssist 8.0.0.514
Hauppauge TV Tuner Diagnostics (1.1.7057)
Hauppauge TV Tuner Driver
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Kronos - Salon Edition
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (KRONOS)
Microsoft SQL Server Setup Support Files (English)
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
PowerDVD DX
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secunia PSI (2.0.0.4003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
swMSM
TeamViewer 6
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vodafone Mobile Connect Lite
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
.
==== Event Viewer Messages From Past Week ========
.
24/11/2011 3:40:09 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
24/11/2011 3:38:01 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.
24/11/2011 3:33:05 PM, Error: EventLog [6008] - The previous system shutdown at 3:31:36 PM on 24/11/2011 was unexpected.
22/11/2011 6:18:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 28 November 2011 - 11:11 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you relieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 arkamas

arkamas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 29 November 2011 - 06:13 AM

Here is the combofix log - I'll need to wait and see how the computers is going:

ComboFix 11-11-29.01 - Polished 29/11/2011 20:29:14.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.8190.5880 [GMT 10.5:30]
Running from: c:\users\Polished\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 10:33 . 2011-11-29 10:33 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2011-11-29 10:33 . 2011-11-29 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 09:50 . 2011-11-28 09:50 -------- d-----w- c:\users\Polished\AppData\Local\Apple
2011-11-25 18:01 . 2011-10-17 15:57 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A34EDE4-6CD6-419B-8721-AFF428FCE0FB}\mpengine.dll
2011-11-25 07:23 . 2011-11-25 07:23 -------- d-----w- c:\users\Polished\AppData\Local\Adobe
2011-11-23 10:49 . 2011-11-23 10:50 -------- d-----w- c:\users\Polished\AppData\Roaming\QuickScan
2011-11-15 05:00 . 2011-11-15 05:00 -------- d-----w- c:\program files\iPod
2011-11-15 05:00 . 2011-11-15 05:01 -------- d-----w- c:\program files\iTunes
2011-11-15 05:00 . 2011-11-15 05:01 -------- d-----w- c:\program files (x86)\iTunes
2011-11-15 04:54 . 2011-11-15 04:54 -------- d-----w- c:\program files (x86)\AirPort
2011-11-14 08:04 . 2011-11-14 08:05 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-14 08:00 . 2011-11-14 08:00 -------- d-----w- c:\program files\Bonjour
2011-11-14 08:00 . 2011-11-14 08:00 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-14 07:54 . 2011-11-14 07:54 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-10 14:02 . 2011-11-19 09:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 14:00 . 2011-11-10 14:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-10 14:00 . 2011-10-02 18:36 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-10 14:00 . 2011-10-02 18:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-09 03:19 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 03:19 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 03:19 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 03:19 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 01:51 . 2011-05-24 08:44 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 01:38 . 2011-11-08 01:38 -------- d-----w- c:\users\Polished\AppData\Local\Secunia PSI
2011-11-08 01:38 . 2011-11-08 01:38 -------- d-----w- c:\program files (x86)\Secunia
2011-11-08 00:58 . 2011-11-08 00:58 -------- d-----w- c:\users\Polished\AppData\Roaming\Malwarebytes
2011-11-08 00:58 . 2011-11-08 00:58 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 00:57 . 2011-11-08 00:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-08 00:57 . 2011-08-31 06:30 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 08:41 . 2011-11-07 08:41 -------- dc----w- c:\programdata\{03B86DF2-EB61-41C0-AC4A-A4F0EB62E708}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 03:59 . 2011-10-24 03:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 03:59 . 2011-10-24 03:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-15 02:46 . 2010-09-01 04:36 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 02:46 . 2010-09-01 04:36 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 02:46 . 2010-09-01 04:36 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 02:46 . 2010-09-01 04:36 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 02:46 . 2010-09-01 04:36 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 02:46 . 2010-09-01 04:36 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 02:46 . 2010-09-01 04:36 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 02:46 . 2010-09-01 04:36 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 02:46 . 2010-09-01 04:36 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-09-06 13:56 . 2011-10-12 04:44 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-12 22:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 22:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 22:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 22:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 22:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 22:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Polished\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Polished\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Polished\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-13 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2008-12-09 24636]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2009-06-10 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-07-21 189680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 MSSQL$KRONOS;SQL Server (KRONOS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-11-29 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2009-09-19 11:18]
.
2011-11-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Polished\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Polished\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Polished\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Polished\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 4119552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Polished\AppData\Roaming\Mozilla\Firefox\Profiles\x8ed4fqj.default\
FF - prefs.js: browser.startup.homepage - hxxp://ninemsn.com.au/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-Skytel - Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
c:\program files (x86)\teamviewer\version6\TeamViewer.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-29 21:31:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 11:01
.
Pre-Run: 457,098,932,224 bytes free
Post-Run: 457,477,218,304 bytes free
.
- - End Of File - - 4FBF8CCD1DC6CDE264852DCADA1B9A33

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 29 November 2011 - 09:39 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 arkamas

arkamas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 30 November 2011 - 07:01 AM

Here is the TDSSKiller report:

22:29:40.0813 6444 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
22:29:42.0294 6444 ============================================================
22:29:42.0294 6444 Current date / time: 2011/11/30 22:29:42.0294
22:29:42.0294 6444 SystemInfo:
22:29:42.0294 6444
22:29:42.0294 6444 OS Version: 6.0.6002 ServicePack: 2.0
22:29:42.0294 6444 Product type: Workstation
22:29:42.0294 6444 ComputerName: POLISHED-PC
22:29:42.0294 6444 UserName: Polished
22:29:42.0294 6444 Windows directory: C:\Windows
22:29:42.0294 6444 System windows directory: C:\Windows
22:29:42.0294 6444 Running under WOW64
22:29:42.0294 6444 Processor architecture: Intel x64
22:29:42.0294 6444 Number of processors: 2
22:29:42.0294 6444 Page size: 0x1000
22:29:42.0294 6444 Boot type: Normal boot
22:29:42.0294 6444 ============================================================
22:29:43.0193 6444 Initialize success
22:29:50.0241 6048 ============================================================
22:29:50.0241 6048 Scan started
22:29:50.0241 6048 Mode: Manual;
22:29:50.0241 6048 ============================================================
22:29:51.0522 6048 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:29:51.0525 6048 ACPI - ok
22:29:51.0579 6048 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:29:51.0596 6048 adp94xx - ok
22:29:51.0625 6048 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:29:51.0630 6048 adpahci - ok
22:29:51.0646 6048 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:29:51.0649 6048 adpu160m - ok
22:29:51.0663 6048 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:29:51.0666 6048 adpu320 - ok
22:29:51.0740 6048 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:29:51.0745 6048 AFD - ok
22:29:51.0773 6048 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:29:51.0775 6048 agp440 - ok
22:29:51.0789 6048 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:29:51.0791 6048 aic78xx - ok
22:29:51.0811 6048 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
22:29:51.0813 6048 aliide - ok
22:29:51.0842 6048 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:29:51.0843 6048 amdide - ok
22:29:51.0858 6048 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:29:51.0859 6048 AmdK8 - ok
22:29:51.0899 6048 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:29:51.0901 6048 arc - ok
22:29:51.0914 6048 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:29:51.0916 6048 arcsas - ok
22:29:51.0933 6048 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:29:51.0934 6048 AsyncMac - ok
22:29:51.0985 6048 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:29:51.0986 6048 atapi - ok
22:29:52.0125 6048 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys
22:29:52.0241 6048 atikmdag - ok
22:29:52.0289 6048 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
22:29:52.0336 6048 BCM42RLY - ok
22:29:52.0405 6048 BCM43XX (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:29:52.0414 6048 BCM43XX - ok
22:29:52.0436 6048 Beep - ok
22:29:52.0460 6048 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:29:52.0462 6048 blbdrive - ok
22:29:52.0515 6048 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:29:52.0516 6048 bowser - ok
22:29:52.0544 6048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:29:52.0545 6048 BrFiltLo - ok
22:29:52.0560 6048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:29:52.0561 6048 BrFiltUp - ok
22:29:52.0581 6048 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:29:52.0583 6048 Brserid - ok
22:29:52.0600 6048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:29:52.0601 6048 BrSerWdm - ok
22:29:52.0615 6048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:29:52.0617 6048 BrUsbMdm - ok
22:29:52.0628 6048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:29:52.0636 6048 BrUsbSer - ok
22:29:52.0728 6048 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:29:52.0730 6048 BTHMODEM - ok
22:29:52.0798 6048 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
22:29:52.0843 6048 BVRPMPR5a64 - ok
22:29:52.0894 6048 catchme - ok
22:29:52.0911 6048 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:29:52.0913 6048 cdfs - ok
22:29:52.0954 6048 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:29:52.0955 6048 cdrom - ok
22:29:53.0028 6048 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
22:29:53.0029 6048 cfwids - ok
22:29:53.0041 6048 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
22:29:53.0042 6048 circlass - ok
22:29:53.0093 6048 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:29:53.0098 6048 CLFS - ok
22:29:53.0129 6048 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:29:53.0131 6048 cmdide - ok
22:29:53.0137 6048 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
22:29:53.0139 6048 Compbatt - ok
22:29:53.0152 6048 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:29:53.0153 6048 crcdisk - ok
22:29:53.0246 6048 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:29:53.0247 6048 DfsC - ok
22:29:53.0286 6048 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:29:53.0287 6048 disk - ok
22:29:53.0336 6048 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:29:53.0337 6048 drmkaud - ok
22:29:53.0403 6048 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:29:53.0408 6048 DXGKrnl - ok
22:29:53.0438 6048 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
22:29:53.0442 6048 e1express - ok
22:29:53.0460 6048 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:29:53.0462 6048 E1G60 - ok
22:29:53.0512 6048 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:29:53.0514 6048 Ecache - ok
22:29:53.0544 6048 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:29:53.0550 6048 elxstor - ok
22:29:53.0566 6048 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
22:29:53.0567 6048 ErrDev - ok
22:29:53.0603 6048 ewusbnet (251af86e0a4ddf3a6b181ed5103b06b1) C:\Windows\system32\DRIVERS\ewusbnet.sys
22:29:53.0606 6048 ewusbnet - ok
22:29:53.0652 6048 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:29:53.0656 6048 exfat - ok
22:29:53.0684 6048 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:29:53.0687 6048 fastfat - ok
22:29:53.0725 6048 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:29:53.0727 6048 fdc - ok
22:29:53.0744 6048 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:29:53.0745 6048 FileInfo - ok
22:29:53.0756 6048 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:29:53.0758 6048 Filetrace - ok
22:29:53.0775 6048 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:29:53.0776 6048 flpydisk - ok
22:29:53.0824 6048 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:29:53.0827 6048 FltMgr - ok
22:29:53.0858 6048 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:29:53.0858 6048 Fs_Rec - ok
22:29:53.0873 6048 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:29:53.0874 6048 gagp30kx - ok
22:29:53.0903 6048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:29:53.0948 6048 GEARAspiWDM - ok
22:29:54.0050 6048 HCW85BDA (b01225208d7ee6af0b04d23600fe38af) C:\Windows\system32\drivers\HCW85BDA.sys
22:29:54.0080 6048 HCW85BDA - ok
22:29:54.0108 6048 hcw85cir (6f79e97b71060abd19e6ae5c3ac70f4b) C:\Windows\system32\drivers\hcw85cir.sys
22:29:54.0110 6048 hcw85cir - ok
22:29:54.0176 6048 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
22:29:54.0178 6048 HdAudAddService - ok
22:29:54.0244 6048 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:29:54.0249 6048 HDAudBus - ok
22:29:54.0266 6048 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:29:54.0267 6048 HidBth - ok
22:29:54.0316 6048 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
22:29:54.0317 6048 HidIr - ok
22:29:54.0330 6048 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:29:54.0331 6048 HidUsb - ok
22:29:54.0361 6048 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:29:54.0362 6048 HpCISSs - ok
22:29:54.0411 6048 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:29:54.0428 6048 HTTP - ok
22:29:54.0472 6048 hwdatacard (4b5c07db91a0099272faae732e1152bd) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:29:54.0474 6048 hwdatacard - ok
22:29:54.0508 6048 hwusbfake (9c13a2691ac410cc7469f298684dca5d) C:\Windows\system32\DRIVERS\ewusbfake.sys
22:29:54.0510 6048 hwusbfake - ok
22:29:54.0542 6048 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:29:54.0556 6048 i2omp - ok
22:29:54.0596 6048 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:29:54.0597 6048 i8042prt - ok
22:29:54.0646 6048 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\drivers\iastor.sys
22:29:54.0694 6048 iaStor - ok
22:29:54.0712 6048 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:29:54.0716 6048 iaStorV - ok
22:29:54.0730 6048 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:29:54.0731 6048 iirsp - ok
22:29:54.0768 6048 IntcAzAudAddService (0dd17d4b59d0ec40e3c86a505bb0b6dd) C:\Windows\system32\drivers\RTKVHD64.sys
22:29:54.0804 6048 IntcAzAudAddService - ok
22:29:54.0821 6048 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
22:29:54.0821 6048 intelide - ok
22:29:54.0831 6048 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:29:54.0832 6048 intelppm - ok
22:29:54.0899 6048 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:29:54.0901 6048 IpFilterDriver - ok
22:29:54.0925 6048 IpInIp - ok
22:29:54.0959 6048 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:29:54.0961 6048 IPMIDRV - ok
22:29:54.0977 6048 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:29:54.0979 6048 IPNAT - ok
22:29:55.0015 6048 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:29:55.0016 6048 IRENUM - ok
22:29:55.0034 6048 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:29:55.0035 6048 isapnp - ok
22:29:55.0095 6048 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:29:55.0097 6048 iScsiPrt - ok
22:29:55.0117 6048 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:29:55.0118 6048 iteatapi - ok
22:29:55.0131 6048 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:29:55.0132 6048 iteraid - ok
22:29:55.0144 6048 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:29:55.0145 6048 kbdclass - ok
22:29:55.0199 6048 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:29:55.0200 6048 kbdhid - ok
22:29:55.0247 6048 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:29:55.0263 6048 KSecDD - ok
22:29:55.0278 6048 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:29:55.0279 6048 ksthunk - ok
22:29:55.0298 6048 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:29:55.0299 6048 lltdio - ok
22:29:55.0331 6048 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:29:55.0334 6048 LSI_FC - ok
22:29:55.0360 6048 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:29:55.0363 6048 LSI_SAS - ok
22:29:55.0387 6048 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:29:55.0390 6048 LSI_SCSI - ok
22:29:55.0404 6048 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:29:55.0406 6048 luafv - ok
22:29:55.0413 6048 massfilter - ok
22:29:55.0450 6048 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
22:29:55.0451 6048 MBAMProtector - ok
22:29:55.0539 6048 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:29:55.0541 6048 megasas - ok
22:29:55.0575 6048 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:29:55.0584 6048 MegaSR - ok
22:29:55.0615 6048 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
22:29:55.0616 6048 mfeapfk - ok
22:29:55.0639 6048 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
22:29:55.0641 6048 mfeavfk - ok
22:29:55.0648 6048 mfeavfk01 - ok
22:29:55.0714 6048 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
22:29:55.0717 6048 mfefirek - ok
22:29:55.0753 6048 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
22:29:55.0758 6048 mfehidk - ok
22:29:55.0782 6048 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
22:29:55.0784 6048 mfenlfk - ok
22:29:55.0813 6048 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
22:29:55.0814 6048 mferkdet - ok
22:29:55.0837 6048 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
22:29:55.0839 6048 mfewfpk - ok
22:29:55.0862 6048 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:29:55.0863 6048 Modem - ok
22:29:55.0876 6048 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:29:55.0877 6048 monitor - ok
22:29:55.0890 6048 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:29:55.0891 6048 mouclass - ok
22:29:55.0917 6048 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:29:55.0918 6048 mouhid - ok
22:29:55.0928 6048 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:29:55.0929 6048 MountMgr - ok
22:29:55.0970 6048 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:29:55.0973 6048 mpio - ok
22:29:55.0988 6048 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:29:55.0990 6048 mpsdrv - ok
22:29:56.0010 6048 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:29:56.0012 6048 Mraid35x - ok
22:29:56.0070 6048 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:29:56.0072 6048 MRxDAV - ok
22:29:56.0114 6048 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:29:56.0115 6048 mrxsmb - ok
22:29:56.0167 6048 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:29:56.0170 6048 mrxsmb10 - ok
22:29:56.0184 6048 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:29:56.0186 6048 mrxsmb20 - ok
22:29:56.0202 6048 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
22:29:56.0203 6048 msahci - ok
22:29:56.0218 6048 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:29:56.0221 6048 msdsm - ok
22:29:56.0289 6048 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:29:56.0290 6048 Msfs - ok
22:29:56.0312 6048 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:29:56.0313 6048 msisadrv - ok
22:29:56.0349 6048 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:29:56.0350 6048 MSKSSRV - ok
22:29:56.0363 6048 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:29:56.0364 6048 MSPCLOCK - ok
22:29:56.0377 6048 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:29:56.0377 6048 MSPQM - ok
22:29:56.0450 6048 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:29:56.0456 6048 MsRPC - ok
22:29:56.0472 6048 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:29:56.0473 6048 mssmbios - ok
22:29:56.0507 6048 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:29:56.0509 6048 MSTEE - ok
22:29:56.0527 6048 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:29:56.0528 6048 Mup - ok
22:29:56.0583 6048 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:29:56.0586 6048 NativeWifiP - ok
22:29:56.0644 6048 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:29:56.0649 6048 NDIS - ok
22:29:56.0657 6048 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:29:56.0658 6048 NdisTapi - ok
22:29:56.0673 6048 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:29:56.0674 6048 Ndisuio - ok
22:29:56.0722 6048 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:29:56.0725 6048 NdisWan - ok
22:29:56.0742 6048 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:29:56.0743 6048 NDProxy - ok
22:29:56.0756 6048 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:29:56.0757 6048 NetBIOS - ok
22:29:56.0808 6048 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:29:56.0812 6048 netbt - ok
22:29:56.0839 6048 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:29:56.0841 6048 nfrd960 - ok
22:29:56.0906 6048 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:29:56.0907 6048 Npfs - ok
22:29:56.0918 6048 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:29:56.0920 6048 nsiproxy - ok
22:29:56.0997 6048 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:29:57.0106 6048 Ntfs - ok
22:29:57.0122 6048 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:29:57.0123 6048 Null - ok
22:29:57.0143 6048 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:29:57.0147 6048 nvraid - ok
22:29:57.0169 6048 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:29:57.0171 6048 nvstor - ok
22:29:57.0216 6048 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:29:57.0219 6048 nv_agp - ok
22:29:57.0225 6048 NwlnkFlt - ok
22:29:57.0233 6048 NwlnkFwd - ok
22:29:57.0289 6048 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:29:57.0290 6048 ohci1394 - ok
22:29:57.0331 6048 Packet (99e6aa0ae2d05389ba7f7dff6866b569) C:\Windows\system32\DRIVERS\packet.sys
22:29:57.0377 6048 Packet - ok
22:29:57.0398 6048 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:29:57.0400 6048 Parport - ok
22:29:57.0433 6048 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:29:57.0435 6048 partmgr - ok
22:29:57.0519 6048 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
22:29:57.0520 6048 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
22:29:57.0539 6048 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:29:57.0542 6048 pci - ok
22:29:57.0558 6048 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
22:29:57.0558 6048 pciide - ok
22:29:57.0577 6048 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:29:57.0581 6048 pcmcia - ok
22:29:57.0607 6048 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:29:57.0624 6048 PEAUTH - ok
22:29:57.0709 6048 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:29:57.0711 6048 PptpMiniport - ok
22:29:57.0729 6048 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:29:57.0734 6048 Processor - ok
22:29:57.0796 6048 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:29:57.0797 6048 PSched - ok
22:29:57.0835 6048 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
22:29:57.0835 6048 PSI - ok
22:29:57.0885 6048 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
22:29:57.0886 6048 PxHlpa64 - ok
22:29:57.0919 6048 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:29:57.0936 6048 ql2300 - ok
22:29:57.0983 6048 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:29:57.0985 6048 ql40xx - ok
22:29:58.0018 6048 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:29:58.0019 6048 QWAVEdrv - ok
22:29:58.0152 6048 R300 (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys
22:29:58.0180 6048 R300 - ok
22:29:58.0216 6048 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:29:58.0217 6048 RasAcd - ok
22:29:58.0321 6048 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:29:58.0359 6048 Rasl2tp - ok
22:29:58.0408 6048 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:29:58.0409 6048 RasPppoe - ok
22:29:58.0517 6048 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:29:58.0519 6048 RasSstp - ok
22:29:58.0564 6048 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:29:58.0567 6048 rdbss - ok
22:29:58.0580 6048 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:29:58.0581 6048 RDPCDD - ok
22:29:58.0619 6048 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:29:58.0623 6048 rdpdr - ok
22:29:58.0630 6048 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:29:58.0631 6048 RDPENCDD - ok
22:29:58.0657 6048 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:29:58.0661 6048 RDPWD - ok
22:29:58.0698 6048 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:29:58.0700 6048 rspndr - ok
22:29:58.0759 6048 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:29:58.0761 6048 RTL8169 - ok
22:29:58.0790 6048 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
22:29:58.0790 6048 RtNdPt60 - ok
22:29:58.0807 6048 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:29:58.0809 6048 sbp2port - ok
22:29:58.0820 6048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:29:58.0821 6048 secdrv - ok
22:29:58.0844 6048 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:29:58.0845 6048 Serenum - ok
22:29:58.0865 6048 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:29:58.0867 6048 Serial - ok
22:29:58.0888 6048 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:29:58.0889 6048 sermouse - ok
22:29:58.0911 6048 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:29:58.0912 6048 sffdisk - ok
22:29:58.0928 6048 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:29:58.0929 6048 sffp_mmc - ok
22:29:58.0948 6048 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:29:58.0950 6048 sffp_sd - ok
22:29:58.0974 6048 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:29:58.0975 6048 sfloppy - ok
22:29:58.0999 6048 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:29:59.0001 6048 SiSRaid2 - ok
22:29:59.0027 6048 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:29:59.0028 6048 SiSRaid4 - ok
22:29:59.0076 6048 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:29:59.0077 6048 Smb - ok
22:29:59.0141 6048 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:29:59.0142 6048 spldr - ok
22:29:59.0309 6048 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:29:59.0314 6048 srv - ok
22:29:59.0369 6048 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:29:59.0371 6048 srv2 - ok
22:29:59.0417 6048 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:29:59.0418 6048 srvnet - ok
22:29:59.0445 6048 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:29:59.0446 6048 swenum - ok
22:29:59.0465 6048 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:29:59.0466 6048 Symc8xx - ok
22:29:59.0482 6048 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:29:59.0484 6048 Sym_hi - ok
22:29:59.0497 6048 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:29:59.0499 6048 Sym_u3 - ok
22:29:59.0680 6048 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
22:29:59.0844 6048 Tcpip - ok
22:29:59.0866 6048 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
22:29:59.0874 6048 Tcpip6 - ok
22:29:59.0919 6048 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:29:59.0920 6048 tcpipreg - ok
22:29:59.0935 6048 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:29:59.0937 6048 TDPIPE - ok
22:29:59.0966 6048 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:29:59.0971 6048 TDTCP - ok
22:30:00.0028 6048 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:30:00.0030 6048 tdx - ok
22:30:00.0064 6048 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:30:00.0068 6048 TermDD - ok
22:30:00.0115 6048 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:30:00.0117 6048 tssecsrv - ok
22:30:00.0140 6048 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:30:00.0141 6048 tunmp - ok
22:30:00.0199 6048 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:30:00.0200 6048 tunnel - ok
22:30:00.0228 6048 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:30:00.0230 6048 uagp35 - ok
22:30:00.0272 6048 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:30:00.0277 6048 udfs - ok
22:30:00.0311 6048 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:30:00.0313 6048 uliagpkx - ok
22:30:00.0354 6048 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:30:00.0358 6048 uliahci - ok
22:30:00.0370 6048 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:30:00.0373 6048 UlSata - ok
22:30:00.0396 6048 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:30:00.0399 6048 ulsata2 - ok
22:30:00.0415 6048 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:30:00.0416 6048 umbus - ok
22:30:00.0470 6048 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
22:30:00.0472 6048 USBAAPL64 - ok
22:30:00.0539 6048 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:30:00.0540 6048 usbccgp - ok
22:30:00.0575 6048 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
22:30:00.0577 6048 usbcir - ok
22:30:00.0616 6048 usbehci (b1c7edb07f61bdee587831b440fc7656) C:\Windows\system32\DRIVERS\usbehci.sys
22:30:00.0617 6048 usbehci - ok
22:30:00.0676 6048 usbhub (697c45d6cea9ad978f90636be7c93229) C:\Windows\system32\DRIVERS\usbhub.sys
22:30:00.0680 6048 usbhub - ok
22:30:00.0699 6048 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:30:00.0701 6048 usbohci - ok
22:30:00.0720 6048 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
22:30:00.0721 6048 usbprint - ok
22:30:00.0766 6048 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:30:00.0768 6048 USBSTOR - ok
22:30:00.0794 6048 usbuhci (c8d88a2a3587a8424b4b17a6f7eb67fa) C:\Windows\system32\DRIVERS\usbuhci.sys
22:30:00.0795 6048 usbuhci - ok
22:30:00.0814 6048 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:30:00.0815 6048 vga - ok
22:30:00.0832 6048 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:30:00.0833 6048 VgaSave - ok
22:30:00.0850 6048 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:30:00.0851 6048 viaide - ok
22:30:00.0879 6048 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:30:00.0881 6048 volmgr - ok
22:30:00.0935 6048 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:30:00.0940 6048 volmgrx - ok
22:30:00.0974 6048 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:30:00.0978 6048 volsnap - ok
22:30:01.0011 6048 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:30:01.0014 6048 vsmraid - ok
22:30:01.0073 6048 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:30:01.0075 6048 WacomPen - ok
22:30:01.0143 6048 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:30:01.0145 6048 Wanarp - ok
22:30:01.0149 6048 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:30:01.0150 6048 Wanarpv6 - ok
22:30:01.0175 6048 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:30:01.0177 6048 Wd - ok
22:30:01.0203 6048 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:30:01.0219 6048 Wdf01000 - ok
22:30:01.0271 6048 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
22:30:01.0272 6048 WmiAcpi - ok
22:30:01.0338 6048 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
22:30:01.0339 6048 WpdUsb - ok
22:30:01.0360 6048 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:30:01.0362 6048 ws2ifsl - ok
22:30:01.0396 6048 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:30:01.0399 6048 WUDFRd - ok
22:30:01.0448 6048 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:30:01.0463 6048 \Device\Harddisk0\DR0 - ok
22:30:01.0477 6048 Boot (0x1200) (1a290ddf3ff418324c8610f08ffc9939) \Device\Harddisk0\DR0\Partition0
22:30:01.0477 6048 \Device\Harddisk0\DR0\Partition0 - ok
22:30:01.0480 6048 Boot (0x1200) (5bbfcf7eaf8575ce8a4a9792a0831508) \Device\Harddisk0\DR0\Partition1
22:30:01.0481 6048 \Device\Harddisk0\DR0\Partition1 - ok
22:30:01.0482 6048 ============================================================
22:30:01.0482 6048 Scan finished
22:30:01.0482 6048 ============================================================
22:30:01.0492 5892 Detected object count: 0
22:30:01.0492 5892 Actual detected object count: 0

#8 arkamas

arkamas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 30 November 2011 - 07:03 AM

I've also checked the IE history for today (prior to to running TDSSKiller but after Combofix).

It still has heaps of sites in there that I have not visited.

I also have no recent programs in the start menu.

Thanks for your help so far.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 30 November 2011 - 08:53 AM

You can restore the Start menu to its original,default settings.
Right click the Task Bar and choose Properties
Click the Start Menu tab, and then click Customize.
In the Customize Start Menu dialog box, click Use Default Settings, click OK, and then click OK again


If that does not work - change the number to 0 restart the computer and change it again to 10


This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 03 December 2011 - 02:14 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 arkamas

arkamas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 03 December 2011 - 07:02 AM

Hi,

I tried to run this program (aswMBR), but on both occasions, the computer stalled and rebooted itself after clicking the Scan button.

Any ideas?

Thanks

Edited by arkamas, 03 December 2011 - 07:07 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 03 December 2011 - 01:20 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 arkamas

arkamas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 05 December 2011 - 04:30 AM

I ran the fixTDSS and an Infected MBR was detected.

I repaired it, which was successful.

I then rebooted and ran aswMBR. It froze and then rebooted as before. I tried this twice.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 AM

Posted 05 December 2011 - 02:29 PM

Hello


Besides ASWMBR how is the computer doing?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 arkamas

arkamas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 05 December 2011 - 08:27 PM

It appears that it is gone. There has been no new history in IE since I ran fixTDSS.

Thanks very much for your help.

What's the best way to avoid/protect myself in the future?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users