Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

B5a7O.Com runs CPU at 100% in Taskmanager


  • This topic is locked This topic is locked
25 replies to this topic

#1 Mark4398

Mark4398

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 28 November 2011 - 08:52 PM

Hello,
Thanks in advance for any help offered.

Yesterday I was getting random ad's played in the background and I looked in the processes on Task Manager under "Process's From All Users" and there were multiple instances of "Hki####.exe" running and using up most of the CPU, it would be "Hki followed by 4 random numbers.exe". I ran Mal-ware Bytes and it removed about 16 infected files and the "Hki####.exe" was gone. So today I had "Ping.Exe" running in the process's running at a constant 90-100% usage, I would end the process and in about 3-5 minutes it would restart. I also had google redirect and multiple instances of "B57aO.com" running in process's. I ran Tdss Killer and I haven't been having any problems being redirected by google and the "Ping.Exe" is no longer present in Task Manager but the "B57aO.com" comes and goes anywhere from 3-8 instances of "B57aO.com" will run and use 70-100% cpu. I tried to upload the Gmer log but it said the file was too big to attach. I made an error in the topic it is actually "B57aO.com".

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_29
Run by Stacey at 19:26:15 on 2011-11-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3063.2036 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\EnergyCut\utilty.exe
C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EnergyCut_Utility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] c:\windows\test.bat
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Skytel] Skytel.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5F069087-9688-4BC8-B0EA-C55BA1C50283} : DhcpNameServer = 204.126.133.41 198.51.197.103
TCP: Interfaces\{E67428B5-12EA-4CF0-AE0A-8D5A6CD1C4ED} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stacey\appdata\roaming\mozilla\firefox\profiles\y74cqnbp.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\stacey\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-9-1 8192]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-9-14 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
.
=============== Created Last 30 ================
.
2011-11-28 19:10:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-28 19:10:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-26 22:50:18 111616 ----a-w- c:\programdata\eXvyHsXB.exe_
2011-11-26 22:50:18 111616 ----a-w- c:\programdata\eXvyHsXB.exe
2011-11-26 22:38:14 111616 ----a-w- c:\windows\system32\B57aO.com_
2011-11-26 06:34:09 -------- d-----w- c:\users\stacey\appdata\roaming\Malwarebytes
2011-11-26 06:33:56 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 06:33:53 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 06:33:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 06:10:16 -------- d-----w- c:\users\stacey\appdata\roaming\847BD
2011-11-26 06:09:48 -------- d-----w- c:\users\stacey\appdata\roaming\RooobFF4pmGsQJd
2011-11-26 06:09:47 -------- d-----w- c:\users\stacey\appdata\roaming\rjjjUVeelBtNyA1
2011-11-26 06:09:38 -------- d-----w- c:\users\stacey\appdata\roaming\A8E84
2011-11-26 06:09:30 -------- d-----w- c:\users\stacey\appdata\roaming\qibbDD3pnG4a
2011-11-26 06:09:30 -------- d-----w- c:\users\stacey\appdata\roaming\dcSS11ibD3on4aH
2011-11-26 06:09:30 -------- d-----w- c:\users\stacey\appdata\roaming\ajjYYCeekIVzOtx
.
==================== Find3M ====================
.
2011-11-28 18:25:17 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 19:29:57.64 ===============

Attached Files


Edited by Mark4398, 28 November 2011 - 10:25 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:46 PM

Posted 29 November 2011 - 01:05 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:



Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Services
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}"=-
    :Files
    c:\programdata\eXvyHsXB.exe_
    c:\programdata\eXvyHsXB.exe
    c:\windows\system32\B57aO.com_
    c:\users\stacey\appdata\roaming\847BD
    c:\users\stacey\appdata\roaming\RooobFF4pmGsQJd
    c:\users\stacey\appdata\roaming\rjjjUVeelBtNyA1
    c:\users\stacey\appdata\roaming\A8E84
    c:\users\stacey\appdata\roaming\qibbDD3pnG4a
    c:\users\stacey\appdata\roaming\dcSS11ibD3on4aH
    c:\users\stacey\appdata\roaming\ajjYYCeekIVzOtx
    
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [EMPTYFLASH]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:


OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here as an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way.


NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 29 November 2011 - 02:20 AM

Agent St,
Hello and thank you for the response.
Right now the issue is in the processes under Task Manager "B57aO.com" will appear multiple times when I click "Show Processes from all users" and run the CPU usage up to 100% and my fans turn on. I can end process but it will reappear after a little while.

========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790} deleted successfully.
========== FILES ==========
c:\programdata\eXvyHsXB.exe_ moved successfully.
c:\programdata\eXvyHsXB.exe moved successfully.
c:\windows\system32\B57aO.com_ moved successfully.
c:\users\stacey\appdata\roaming\847BD folder moved successfully.
c:\users\stacey\appdata\roaming\RooobFF4pmGsQJd folder moved successfully.
c:\users\stacey\appdata\roaming\rjjjUVeelBtNyA1 folder moved successfully.
c:\users\stacey\appdata\roaming\A8E84 folder moved successfully.
c:\users\stacey\appdata\roaming\qibbDD3pnG4a folder moved successfully.
c:\users\stacey\appdata\roaming\dcSS11ibD3on4aH folder moved successfully.
c:\users\stacey\appdata\roaming\ajjYYCeekIVzOtx folder moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\Stacey\Desktop\cmd.bat deleted successfully.
C:\Users\Stacey\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stacey\Desktop\cmd.bat deleted successfully.
C:\Users\Stacey\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Stacey

Attached Files

  • Attached File  Gmer.zip   51.63KB   1 downloads
  • Attached File  OTS.Txt   83.08KB   1 downloads


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:46 PM

Posted 29 November 2011 - 02:46 AM

Good Evening!

No problem!

It looks like we maybe dealing with an infection known as ZeroAccess.

I can see some malicious files in your logs so lets get started with removing those, and then we will run a more powerful tool.

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Auto | Stopped] -> 
[Registry - Safe List]
< FireFox Extensions [Program Folders] > -> 
YY -> Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
YY -> Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
YY -> Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29]
YN -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29]
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
YN -> "MaxScriptStatements" -> Reg Error: Invalid data type.
YN -> "Use My Stylesheet" -> Reg Error: Invalid data type.
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{38ea3061-da63-11dd-a8e8-0023540d0002}\shell\\"" -> [AutoRun]
YN -> \{38ea3061-da63-11dd-a8e8-0023540d0002}\shell\AutoRun\command\\"" -> [I:\LaunchU3.exe -a]
[Files/Folders - Modified Within 30 Days]
NY ->  At46.job -> C:\Windows\tasks\At46.job
NY ->  At45.job -> C:\Windows\tasks\At45.job
NY ->  At43.job -> C:\Windows\tasks\At43.job
NY ->  At44.job -> C:\Windows\tasks\At44.job
NY ->  At42.job -> C:\Windows\tasks\At42.job
NY ->  At41.job -> C:\Windows\tasks\At41.job
NY ->  At40.job -> C:\Windows\tasks\At40.job
NY ->  At39.job -> C:\Windows\tasks\At39.job
NY ->  At36.job -> C:\Windows\tasks\At36.job
NY ->  At35.job -> C:\Windows\tasks\At35.job
NY ->  At28.job -> C:\Windows\tasks\At28.job
NY ->  At27.job -> C:\Windows\tasks\At27.job
NY ->  At8.job -> C:\Windows\tasks\At8.job
NY ->  At7.job -> C:\Windows\tasks\At7.job
NY ->  At6.job -> C:\Windows\tasks\At6.job
NY ->  At5.job -> C:\Windows\tasks\At5.job
NY ->  At9.job -> C:\Windows\tasks\At9.job
NY ->  At34.job -> C:\Windows\tasks\At34.job
NY ->  At32.job -> C:\Windows\tasks\At32.job
NY ->  At30.job -> C:\Windows\tasks\At30.job
NY ->  At26.job -> C:\Windows\tasks\At26.job
NY ->  At24.job -> C:\Windows\tasks\At24.job
NY ->  At22.job -> C:\Windows\tasks\At22.job
NY ->  At20.job -> C:\Windows\tasks\At20.job
NY ->  At18.job -> C:\Windows\tasks\At18.job
NY ->  At16.job -> C:\Windows\tasks\At16.job
NY ->  At14.job -> C:\Windows\tasks\At14.job
NY ->  At12.job -> C:\Windows\tasks\At12.job
NY ->  At33.job -> C:\Windows\tasks\At33.job
NY ->  At31.job -> C:\Windows\tasks\At31.job
NY ->  At29.job -> C:\Windows\tasks\At29.job
NY ->  At25.job -> C:\Windows\tasks\At25.job
NY ->  At23.job -> C:\Windows\tasks\At23.job
NY ->  At21.job -> C:\Windows\tasks\At21.job
NY ->  At19.job -> C:\Windows\tasks\At19.job
NY ->  At17.job -> C:\Windows\tasks\At17.job
NY ->  At15.job -> C:\Windows\tasks\At15.job
NY ->  At13.job -> C:\Windows\tasks\At13.job
NY ->  At11.job -> C:\Windows\tasks\At11.job
NY ->  At10.job -> C:\Windows\tasks\At10.job
NY ->  At48.job -> C:\Windows\tasks\At48.job
NY ->  At4.job -> C:\Windows\tasks\At4.job
NY ->  At38.job -> C:\Windows\tasks\At38.job
NY ->  At2.job -> C:\Windows\tasks\At2.job
NY ->  At47.job -> C:\Windows\tasks\At47.job
NY ->  At37.job -> C:\Windows\tasks\At37.job
NY ->  At3.job -> C:\Windows\tasks\At3.job
NY ->  At1.job -> C:\Windows\tasks\At1.job
NY ->  eXvyHsXB.exe.b -> C:\ProgramData\eXvyHsXB.exe.b
NY ->  B57aO.com.b -> C:\Windows\System32\B57aO.com.b
NY ->  B57aO.com -> C:\Windows\System32\B57aO.com
NY ->  RDAxJ2e.dat -> C:\ProgramData\RDAxJ2e.dat
NY ->  12 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY ->  12 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files - No Company Name]
NY ->  B57aO.com -> C:\Windows\System32\B57aO.com
NY ->  eXvyHsXB.exe.b -> C:\ProgramData\eXvyHsXB.exe.b
NY ->  B57aO.com.b -> C:\Windows\System32\B57aO.com.b
NY ->  RDAxJ2e.dat -> C:\ProgramData\RDAxJ2e.dat
NY ->  At48.job -> C:\Windows\tasks\At48.job
NY ->  At46.job -> C:\Windows\tasks\At46.job
NY ->  At47.job -> C:\Windows\tasks\At47.job
NY ->  At44.job -> C:\Windows\tasks\At44.job
NY ->  At42.job -> C:\Windows\tasks\At42.job
NY ->  At40.job -> C:\Windows\tasks\At40.job
NY ->  At45.job -> C:\Windows\tasks\At45.job
NY ->  At43.job -> C:\Windows\tasks\At43.job
NY ->  At41.job -> C:\Windows\tasks\At41.job
NY ->  At38.job -> C:\Windows\tasks\At38.job
NY ->  At36.job -> C:\Windows\tasks\At36.job
NY ->  At39.job -> C:\Windows\tasks\At39.job
NY ->  At37.job -> C:\Windows\tasks\At37.job
NY ->  At35.job -> C:\Windows\tasks\At35.job
NY ->  At34.job -> C:\Windows\tasks\At34.job
NY ->  At32.job -> C:\Windows\tasks\At32.job
NY ->  At30.job -> C:\Windows\tasks\At30.job
NY ->  At33.job -> C:\Windows\tasks\At33.job
NY ->  At31.job -> C:\Windows\tasks\At31.job
NY ->  At28.job -> C:\Windows\tasks\At28.job
NY ->  At26.job -> C:\Windows\tasks\At26.job
NY ->  At24.job -> C:\Windows\tasks\At24.job
NY ->  At22.job -> C:\Windows\tasks\At22.job
NY ->  At29.job -> C:\Windows\tasks\At29.job
NY ->  At27.job -> C:\Windows\tasks\At27.job
NY ->  At25.job -> C:\Windows\tasks\At25.job
NY ->  At23.job -> C:\Windows\tasks\At23.job
NY ->  At21.job -> C:\Windows\tasks\At21.job
NY ->  At20.job -> C:\Windows\tasks\At20.job
NY ->  At18.job -> C:\Windows\tasks\At18.job
NY ->  At19.job -> C:\Windows\tasks\At19.job
NY ->  At16.job -> C:\Windows\tasks\At16.job
NY ->  At17.job -> C:\Windows\tasks\At17.job
NY ->  At14.job -> C:\Windows\tasks\At14.job
NY ->  At15.job -> C:\Windows\tasks\At15.job
NY ->  At12.job -> C:\Windows\tasks\At12.job
NY ->  At13.job -> C:\Windows\tasks\At13.job
NY ->  At11.job -> C:\Windows\tasks\At11.job
NY ->  At10.job -> C:\Windows\tasks\At10.job
NY ->  At9.job -> C:\Windows\tasks\At9.job
NY ->  At8.job -> C:\Windows\tasks\At8.job
NY ->  At7.job -> C:\Windows\tasks\At7.job
NY ->  At6.job -> C:\Windows\tasks\At6.job
NY ->  At5.job -> C:\Windows\tasks\At5.job
NY ->  At4.job -> C:\Windows\tasks\At4.job
NY ->  At3.job -> C:\Windows\tasks\At3.job
NY ->  At2.job -> C:\Windows\tasks\At2.job
NY ->  At1.job -> C:\Windows\tasks\At1.job
[Alternate Data Streams]
NY -> @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:69AB9D30
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 29 November 2011 - 03:25 AM

Still running the fix on OTS.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:46 PM

Posted 29 November 2011 - 04:02 AM

Okay. Thanks for the update.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 29 November 2011 - 05:38 AM

Little over 3 hours of the OTS fix, my screen went black but the mouse pointer keeps appearing then disappearing and it's hour glass like something is loading. I had a prompt that said "Internet Explorer Stopped Working" and was forced to close it although I didn't have anything but the Fix running. My Laptop is starting to heat up a little even with a desktop fan on it.

#8 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 29 November 2011 - 06:16 PM

I ran the Fix for about 6 hours and my screen went black and wouldn't load back up but the mouse pointer was visible and was the hour glass. The Lap Top got too hot from running the fix for that long and I had to hold the power button and turn it off so it didn't over heat. I waited a little while and ran the fix again and let it go for a few hours and still it hasn't done anything. The little green bar right above where it says "Additional Scans" was going across but nothing ever happened and it seems like the Fix won't finish and give me a log.

#9 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 29 November 2011 - 10:54 PM

Update.
I now have multiples of Iexplore.exe and eXvyHsXB.exe running in processes. the Iexplore uses 0 CPU and disappears when I end the process for the eXvyHsXB.exe. eXvyHsXB.exe runs at 40-70% cpu per process.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:46 PM

Posted 30 November 2011 - 12:35 AM

Good Evening.

Can you attempt to proceed with the ComboFix instructions?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 30 November 2011 - 02:01 AM

Hello,
When I start up I get a pop up error that says "Can't Open ACPI ATK0100 kernel Mode Driver"
I have attached the log.


ComboFix 11-11-29.04 - Stacey 11/30/2011 1:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3063.1990 [GMT -5:00]
Running from: c:\users\Stacey\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eXvyHsXB.exe
c:\programdata\eXvyHsXB.exe_
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\$NtUninstallKB20824$
c:\windows\$NtUninstallKB20824$\2012450619
c:\windows\$NtUninstallKB20824$\3606677409\@
c:\windows\$NtUninstallKB20824$\3606677409\bckfg.tmp
c:\windows\$NtUninstallKB20824$\3606677409\cfg.ini
c:\windows\$NtUninstallKB20824$\3606677409\Desktop.ini
c:\windows\$NtUninstallKB20824$\3606677409\keywords
c:\windows\$NtUninstallKB20824$\3606677409\kwrd.dll
c:\windows\$NtUninstallKB20824$\3606677409\L\qnbwvoto
c:\windows\$NtUninstallKB20824$\3606677409\lsflt7.ver
c:\windows\$NtUninstallKB20824$\3606677409\U\00000001.@
c:\windows\$NtUninstallKB20824$\3606677409\U\00000002.@
c:\windows\$NtUninstallKB20824$\3606677409\U\00000004.@
c:\windows\$NtUninstallKB20824$\3606677409\U\80000000.@
c:\windows\$NtUninstallKB20824$\3606677409\U\80000004.@
c:\windows\$NtUninstallKB20824$\3606677409\U\80000032.@
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At15.job
c:\windows\TEMP\mia4\mEXEFunc.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 06:41 . 2011-11-30 06:44 -------- d-----w- c:\users\Stacey\AppData\Local\temp
2011-11-30 06:41 . 2011-11-30 06:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 07:53 . 2011-11-29 07:53 -------- d-----w- C:\_OTS
2011-11-29 06:57 . 2011-11-29 06:57 -------- d-----w- C:\_OTM
2011-11-29 06:55 . 2011-11-29 06:55 339161226 ----a-w- C:\registrybackup.reg
2011-11-29 01:49 . 2011-11-26 21:27 111616 ----a-w- c:\windows\system32\B57aO.com_
2011-11-28 19:10 . 2011-11-28 22:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-28 19:10 . 2011-11-28 22:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-26 06:34 . 2011-11-26 06:34 -------- d-----w- c:\users\Stacey\AppData\Roaming\Malwarebytes
2011-11-26 06:33 . 2011-11-26 06:33 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 06:33 . 2011-11-26 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 06:33 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 00:20 . 2011-11-02 00:20 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:25 . 2008-09-14 05:59 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-03 09:06 . 2011-05-18 01:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-10-02 04:11 . 2011-08-04 08:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-09-14 07:25 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"EnergyCut_Utility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2005-11-14 2506752]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-11-15 1232896]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-10-26 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-08-05 10:17 224712 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [2003-04-18 8192]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 11776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\y74cqnbp.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-88880690.sys
SafeBoot-97483423.sys
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,87,40,04,14,05,59,44,bc,fe,50,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,87,40,04,14,05,59,44,bc,fe,50,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2676)
c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\windows\System32\osk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-30 01:49:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-30 06:49
.
Pre-Run: 134,051,504,128 bytes free
Post-Run: 133,983,096,832 bytes free
.
- - End Of File - - F99DD7548BBFA6AF5EE1EFEEE6A0BFB8

Attached Files


Edited by SweetTech, 30 November 2011 - 02:07 AM.
expanded CF log.--ST


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:46 PM

Posted 30 November 2011 - 02:09 AM

Hi!

Please run these scans:

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
AtJob::
File::
c:\windows\system32\B57aO.com_
Folder::
Registry::
Driver::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 30 November 2011 - 02:38 AM

Tdss found 0 threats so I was given no options.


ComboFix 11-11-30.01 - Stacey 11/30/2011 2:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3063.1925 [GMT -5:00]
Running from: c:\users\Stacey\Desktop\ComboFix.exe
Command switches used :: c:\users\Stacey\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\B57aO.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\B57aO.com_
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 07:24 . 2011-11-30 07:26 -------- d-----w- c:\users\Stacey\AppData\Local\temp
2011-11-30 07:24 . 2011-11-30 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 07:53 . 2011-11-29 07:53 -------- d-----w- C:\_OTS
2011-11-29 06:57 . 2011-11-29 06:57 -------- d-----w- C:\_OTM
2011-11-29 06:55 . 2011-11-29 06:55 339161226 ----a-w- C:\registrybackup.reg
2011-11-28 19:10 . 2011-11-28 22:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-28 19:10 . 2011-11-28 22:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-26 06:34 . 2011-11-26 06:34 -------- d-----w- c:\users\Stacey\AppData\Roaming\Malwarebytes
2011-11-26 06:33 . 2011-11-26 06:33 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 06:33 . 2011-11-26 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-26 06:33 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 00:20 . 2011-11-02 00:20 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:25 . 2008-09-14 05:59 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-03 09:06 . 2011-05-18 01:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-10-02 04:11 . 2011-08-04 08:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-09-14 07:25 241752 ----a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"EnergyCut_Utility"="c:\program files\Lenovo\EnergyCut\utilty.exe" [2005-11-14 2506752]
"EnergyCut"="c:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-11-15 1232896]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-10-26 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-08-05 10:17 224712 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [2003-04-18 8192]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2007-06-05 11776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stacey\AppData\Roaming\Mozilla\Firefox\Profiles\y74cqnbp.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 02:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,87,40,04,14,05,59,44,bc,fe,50,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,87,40,04,14,05,59,44,bc,fe,50,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2996)
c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-30 02:31:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-30 07:31
ComboFix2.txt 2011-11-30 06:49
.
Pre-Run: 134,030,954,496 bytes free
Post-Run: 133,982,863,360 bytes free
.
- - End Of File - - 9D28529D1DAAEA5F3317DFC02CF8E375



02:34:34.0070 1340 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
02:34:34.0362 1340 ============================================================
02:34:34.0362 1340 Current date / time: 2011/11/30 02:34:34.0362
02:34:34.0362 1340 SystemInfo:
02:34:34.0362 1340
02:34:34.0362 1340 OS Version: 6.0.6002 ServicePack: 2.0
02:34:34.0362 1340 Product type: Workstation
02:34:34.0362 1340 ComputerName: GHOST
02:34:34.0363 1340 UserName: Stacey
02:34:34.0363 1340 Windows directory: C:\Windows
02:34:34.0363 1340 System windows directory: C:\Windows
02:34:34.0363 1340 Processor architecture: Intel x86
02:34:34.0363 1340 Number of processors: 2
02:34:34.0363 1340 Page size: 0x1000
02:34:34.0363 1340 Boot type: Normal boot
02:34:34.0363 1340 ============================================================
02:34:34.0938 1340 Initialize success
02:34:41.0427 1188 ============================================================
02:34:41.0427 1188 Scan started
02:34:41.0427 1188 Mode: Manual; SigCheck; TDLFS;
02:34:41.0427 1188 ============================================================
02:34:42.0154 1188 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:34:42.0271 1188 ACPI - ok
02:34:42.0383 1188 ACPIVPC (66aabe301244294c412dfb5797f5f47f) C:\Windows\system32\DRIVERS\AcpiVpc.sys
02:34:42.0467 1188 ACPIVPC - ok
02:34:42.0627 1188 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
02:34:42.0651 1188 adp94xx - ok
02:34:42.0901 1188 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
02:34:42.0934 1188 adpahci - ok
02:34:43.0153 1188 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
02:34:43.0174 1188 adpu160m - ok
02:34:43.0393 1188 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
02:34:43.0409 1188 adpu320 - ok
02:34:43.0596 1188 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:34:43.0641 1188 AFD - ok
02:34:43.0789 1188 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
02:34:43.0815 1188 agp440 - ok
02:34:43.0841 1188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:34:43.0853 1188 aic78xx - ok
02:34:44.0038 1188 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
02:34:44.0047 1188 aliide - ok
02:34:44.0264 1188 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
02:34:44.0290 1188 amdagp - ok
02:34:44.0417 1188 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
02:34:44.0454 1188 amdide - ok
02:34:44.0621 1188 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
02:34:44.0800 1188 AmdK7 - ok
02:34:44.0968 1188 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
02:34:45.0034 1188 AmdK8 - ok
02:34:45.0217 1188 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
02:34:45.0229 1188 arc - ok
02:34:45.0535 1188 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
02:34:45.0566 1188 arcsas - ok
02:34:45.0722 1188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:34:45.0770 1188 AsyncMac - ok
02:34:45.0975 1188 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:34:45.0984 1188 atapi - ok
02:34:46.0240 1188 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:34:46.0369 1188 b57nd60x - ok
02:34:47.0150 1188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:34:47.0222 1188 Beep - ok
02:34:47.0522 1188 blbdrive - ok
02:34:47.0846 1188 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:34:47.0909 1188 bowser - ok
02:34:48.0220 1188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:34:48.0307 1188 BrFiltLo - ok
02:34:48.0412 1188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:34:48.0451 1188 BrFiltUp - ok
02:34:48.0641 1188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:34:48.0699 1188 Brserid - ok
02:34:49.0067 1188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:34:49.0140 1188 BrSerWdm - ok
02:34:49.0372 1188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:34:49.0422 1188 BrUsbMdm - ok
02:34:49.0612 1188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:34:49.0662 1188 BrUsbSer - ok
02:34:49.0792 1188 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:34:49.0847 1188 BTHMODEM - ok
02:34:50.0036 1188 Cam5607 (4d33abcdd4fc8eb904111b21520d502a) C:\Windows\system32\Drivers\BisonC07.sys
02:34:50.0098 1188 Cam5607 - ok
02:34:50.0321 1188 catchme - ok
02:34:50.0465 1188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:34:50.0526 1188 cdfs - ok
02:34:50.0721 1188 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:34:50.0757 1188 cdrom - ok
02:34:51.0090 1188 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
02:34:51.0154 1188 circlass - ok
02:34:51.0273 1188 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:34:51.0326 1188 CLFS - ok
02:34:51.0600 1188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
02:34:51.0635 1188 CmBatt - ok
02:34:52.0003 1188 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
02:34:52.0030 1188 cmdide - ok
02:34:52.0400 1188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
02:34:52.0408 1188 Compbatt - ok
02:34:52.0650 1188 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
02:34:52.0658 1188 crcdisk - ok
02:34:52.0880 1188 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
02:34:52.0947 1188 Crusoe - ok
02:34:53.0371 1188 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
02:34:53.0419 1188 DfsC - ok
02:34:53.0717 1188 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:34:53.0740 1188 disk - ok
02:34:53.0975 1188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:34:54.0031 1188 drmkaud - ok
02:34:54.0399 1188 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
02:34:54.0571 1188 DXGKrnl - ok
02:34:54.0831 1188 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:34:54.0917 1188 E1G60 - ok
02:34:55.0229 1188 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:34:55.0271 1188 Ecache - ok
02:34:55.0598 1188 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
02:34:55.0614 1188 elxstor - ok
02:34:55.0783 1188 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:34:55.0818 1188 exfat - ok
02:34:56.0175 1188 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:34:56.0224 1188 fastfat - ok
02:34:56.0410 1188 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
02:34:56.0561 1188 fdc - ok
02:34:56.0957 1188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:34:56.0974 1188 FileInfo - ok
02:34:57.0257 1188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:34:57.0334 1188 Filetrace - ok
02:34:57.0586 1188 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
02:34:57.0659 1188 flpydisk - ok
02:34:57.0896 1188 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:34:57.0910 1188 FltMgr - ok
02:34:57.0947 1188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
02:34:57.0970 1188 Fs_Rec - ok
02:34:58.0045 1188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
02:34:58.0078 1188 gagp30kx - ok
02:34:58.0149 1188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:34:58.0156 1188 GEARAspiWDM - ok
02:34:58.0456 1188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
02:34:58.0558 1188 HdAudAddService - ok
02:34:58.0903 1188 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:34:58.0963 1188 HDAudBus - ok
02:34:59.0140 1188 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:34:59.0217 1188 HidBth - ok
02:34:59.0475 1188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:34:59.0537 1188 HidIr - ok
02:34:59.0685 1188 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:34:59.0759 1188 HidUsb - ok
02:34:59.0909 1188 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
02:34:59.0932 1188 HpCISSs - ok
02:34:59.0972 1188 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:35:00.0016 1188 HTTP - ok
02:35:00.0248 1188 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
02:35:00.0286 1188 i2omp - ok
02:35:00.0543 1188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:35:00.0605 1188 i8042prt - ok
02:35:00.0793 1188 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys
02:35:00.0804 1188 iaStor - ok
02:35:01.0099 1188 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
02:35:01.0141 1188 iaStorV - ok
02:35:01.0748 1188 igfx (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:35:01.0899 1188 igfx - ok
02:35:02.0167 1188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:35:02.0183 1188 iirsp - ok
02:35:02.0439 1188 IntcAzAudAddService (ae3df3265781543b616e0a8830f6774b) C:\Windows\system32\drivers\RTKVHDA.sys
02:35:02.0589 1188 IntcAzAudAddService - ok
02:35:02.0921 1188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
02:35:02.0929 1188 intelide - ok
02:35:03.0184 1188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:35:03.0245 1188 intelppm - ok
02:35:03.0433 1188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:35:03.0499 1188 IpFilterDriver - ok
02:35:03.0687 1188 IpInIp - ok
02:35:03.0867 1188 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
02:35:03.0929 1188 IPMIDRV - ok
02:35:04.0095 1188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:35:04.0153 1188 IPNAT - ok
02:35:04.0329 1188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:35:04.0394 1188 IRENUM - ok
02:35:04.0418 1188 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
02:35:04.0427 1188 isapnp - ok
02:35:04.0577 1188 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:35:04.0589 1188 iScsiPrt - ok
02:35:04.0606 1188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:35:04.0615 1188 iteatapi - ok
02:35:04.0778 1188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:35:04.0787 1188 iteraid - ok
02:35:04.0836 1188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:35:04.0845 1188 kbdclass - ok
02:35:05.0069 1188 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
02:35:05.0134 1188 kbdhid - ok
02:35:05.0278 1188 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
02:35:05.0300 1188 KSecDD - ok
02:35:05.0481 1188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:35:05.0531 1188 lltdio - ok
02:35:05.0665 1188 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
02:35:05.0676 1188 LSI_FC - ok
02:35:05.0690 1188 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
02:35:05.0700 1188 LSI_SAS - ok
02:35:05.0834 1188 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
02:35:05.0845 1188 LSI_SCSI - ok
02:35:05.0998 1188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:35:06.0062 1188 luafv - ok
02:35:06.0158 1188 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
02:35:06.0167 1188 megasas - ok
02:35:06.0209 1188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:35:06.0271 1188 Modem - ok
02:35:06.0424 1188 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
02:35:06.0486 1188 MODEMCSA - ok
02:35:06.0601 1188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:35:06.0646 1188 monitor - ok
02:35:06.0711 1188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:35:06.0720 1188 mouclass - ok
02:35:06.0925 1188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:35:06.0967 1188 mouhid - ok
02:35:07.0049 1188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:35:07.0073 1188 MountMgr - ok
02:35:07.0131 1188 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
02:35:07.0141 1188 mpio - ok
02:35:07.0222 1188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:35:07.0251 1188 mpsdrv - ok
02:35:07.0344 1188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:35:07.0353 1188 Mraid35x - ok
02:35:07.0494 1188 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:35:07.0548 1188 MRxDAV - ok
02:35:07.0641 1188 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:35:07.0671 1188 mrxsmb - ok
02:35:07.0799 1188 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:35:07.0851 1188 mrxsmb10 - ok
02:35:07.0983 1188 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:35:08.0037 1188 mrxsmb20 - ok
02:35:08.0167 1188 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
02:35:08.0176 1188 msahci - ok
02:35:08.0441 1188 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
02:35:08.0468 1188 msdsm - ok
02:35:08.0574 1188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:35:08.0610 1188 Msfs - ok
02:35:08.0785 1188 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:35:08.0793 1188 msisadrv - ok
02:35:09.0017 1188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:35:09.0073 1188 MSKSSRV - ok
02:35:09.0172 1188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:35:09.0197 1188 MSPCLOCK - ok
02:35:09.0224 1188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:35:09.0248 1188 MSPQM - ok
02:35:09.0533 1188 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:35:09.0557 1188 MsRPC - ok
02:35:09.0775 1188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:35:09.0783 1188 mssmbios - ok
02:35:10.0080 1188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:35:10.0113 1188 MSTEE - ok
02:35:10.0319 1188 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:35:10.0345 1188 Mup - ok
02:35:10.0504 1188 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:35:10.0550 1188 NativeWifiP - ok
02:35:10.0728 1188 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:35:10.0771 1188 NDIS - ok
02:35:10.0911 1188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:35:10.0939 1188 NdisTapi - ok
02:35:11.0224 1188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:35:11.0266 1188 Ndisuio - ok
02:35:11.0548 1188 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:35:11.0571 1188 NdisWan - ok
02:35:11.0734 1188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:35:11.0787 1188 NDProxy - ok
02:35:12.0052 1188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:35:12.0108 1188 NetBIOS - ok
02:35:12.0287 1188 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:35:12.0309 1188 netbt - ok
02:35:12.0655 1188 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
02:35:12.0747 1188 NETw3v32 - ok
02:35:13.0078 1188 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
02:35:13.0338 1188 NETw4v32 - ok
02:35:13.0480 1188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:35:13.0489 1188 nfrd960 - ok
02:35:13.0644 1188 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:35:13.0674 1188 Npfs - ok
02:35:13.0814 1188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:35:13.0857 1188 nsiproxy - ok
02:35:14.0019 1188 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:35:14.0102 1188 Ntfs - ok
02:35:14.0229 1188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:35:14.0272 1188 ntrigdigi - ok
02:35:14.0415 1188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:35:14.0458 1188 Null - ok
02:35:14.0572 1188 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
02:35:14.0597 1188 nvraid - ok
02:35:14.0760 1188 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
02:35:14.0769 1188 nvstor - ok
02:35:14.0913 1188 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
02:35:14.0924 1188 nv_agp - ok
02:35:14.0965 1188 NwlnkFlt - ok
02:35:15.0110 1188 NwlnkFwd - ok
02:35:15.0229 1188 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
02:35:15.0259 1188 ohci1394 - ok
02:35:15.0536 1188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:35:15.0626 1188 Parport - ok
02:35:15.0850 1188 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
02:35:15.0881 1188 partmgr - ok
02:35:15.0988 1188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:35:16.0043 1188 Parvdm - ok
02:35:16.0192 1188 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:35:16.0225 1188 pci - ok
02:35:16.0451 1188 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
02:35:16.0477 1188 pciide - ok
02:35:16.0769 1188 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:35:16.0810 1188 pcmcia - ok
02:35:17.0230 1188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:35:17.0445 1188 PEAUTH - ok
02:35:17.0694 1188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:35:17.0735 1188 PptpMiniport - ok
02:35:18.0190 1188 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
02:35:18.0245 1188 Processor - ok
02:35:18.0444 1188 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:35:18.0474 1188 PSched - ok
02:35:18.0711 1188 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
02:35:18.0746 1188 ql2300 - ok
02:35:18.0967 1188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:35:18.0978 1188 ql40xx - ok
02:35:19.0093 1188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:35:19.0119 1188 QWAVEdrv - ok
02:35:19.0365 1188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:35:19.0401 1188 RasAcd - ok
02:35:19.0657 1188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:35:19.0704 1188 Rasl2tp - ok
02:35:20.0079 1188 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:35:20.0115 1188 RasPppoe - ok
02:35:20.0464 1188 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:35:20.0518 1188 RasSstp - ok
02:35:20.0715 1188 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:35:20.0754 1188 rdbss - ok
02:35:21.0026 1188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:35:21.0050 1188 RDPCDD - ok
02:35:21.0440 1188 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
02:35:21.0526 1188 rdpdr - ok
02:35:21.0851 1188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:35:21.0900 1188 RDPENCDD - ok
02:35:22.0070 1188 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
02:35:22.0117 1188 RDPWD - ok
02:35:22.0312 1188 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
02:35:22.0353 1188 rimmptsk - ok
02:35:22.0492 1188 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
02:35:22.0516 1188 rimsptsk - ok
02:35:22.0692 1188 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
02:35:22.0733 1188 rismxdp - ok
02:35:23.0038 1188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:35:23.0090 1188 rspndr - ok
02:35:23.0345 1188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:35:23.0364 1188 sbp2port - ok
02:35:23.0587 1188 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
02:35:23.0607 1188 sdbus - ok
02:35:23.0858 1188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:35:23.0936 1188 secdrv - ok
02:35:24.0196 1188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:35:24.0264 1188 Serenum - ok
02:35:24.0573 1188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:35:24.0618 1188 Serial - ok
02:35:24.0897 1188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:35:24.0941 1188 sermouse - ok
02:35:25.0174 1188 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
02:35:25.0211 1188 sffdisk - ok
02:35:25.0386 1188 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
02:35:25.0447 1188 sffp_mmc - ok
02:35:25.0611 1188 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
02:35:25.0645 1188 sffp_sd - ok
02:35:25.0887 1188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:35:25.0941 1188 sfloppy - ok
02:35:26.0086 1188 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
02:35:26.0096 1188 sisagp - ok
02:35:26.0340 1188 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
02:35:26.0350 1188 SiSRaid2 - ok
02:35:26.0541 1188 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
02:35:26.0564 1188 SiSRaid4 - ok
02:35:26.0692 1188 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:35:26.0733 1188 Smb - ok
02:35:27.0030 1188 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
02:35:27.0108 1188 smserial - ok
02:35:27.0231 1188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:35:27.0240 1188 spldr - ok
02:35:27.0596 1188 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:35:27.0640 1188 srv - ok
02:35:27.0923 1188 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:35:27.0965 1188 srv2 - ok
02:35:28.0252 1188 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:35:28.0279 1188 srvnet - ok
02:35:28.0510 1188 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:35:28.0519 1188 swenum - ok
02:35:28.0708 1188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:35:28.0731 1188 Symc8xx - ok
02:35:28.0910 1188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:35:28.0920 1188 Sym_hi - ok
02:35:29.0106 1188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:35:29.0131 1188 Sym_u3 - ok
02:35:29.0326 1188 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
02:35:29.0336 1188 SynTP - ok
02:35:29.0730 1188 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
02:35:29.0768 1188 Tcpip - ok
02:35:30.0032 1188 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
02:35:30.0070 1188 Tcpip6 - ok
02:35:30.0193 1188 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
02:35:30.0219 1188 tcpipreg - ok
02:35:30.0303 1188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:35:30.0328 1188 TDPIPE - ok
02:35:30.0568 1188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:35:30.0605 1188 TDTCP - ok
02:35:30.0894 1188 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:35:30.0955 1188 tdx - ok
02:35:31.0158 1188 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:35:31.0168 1188 TermDD - ok
02:35:31.0365 1188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:35:31.0389 1188 tssecsrv - ok
02:35:31.0497 1188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:35:31.0537 1188 tunmp - ok
02:35:31.0787 1188 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
02:35:31.0812 1188 tunnel - ok
02:35:31.0917 1188 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
02:35:31.0936 1188 uagp35 - ok
02:35:32.0083 1188 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:35:32.0124 1188 udfs - ok
02:35:32.0262 1188 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
02:35:32.0272 1188 uliagpkx - ok
02:35:32.0370 1188 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
02:35:32.0385 1188 uliahci - ok
02:35:32.0445 1188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:35:32.0456 1188 UlSata - ok
02:35:32.0506 1188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:35:32.0517 1188 ulsata2 - ok
02:35:32.0548 1188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:35:32.0598 1188 umbus - ok
02:35:32.0854 1188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
02:35:32.0911 1188 USBAAPL - ok
02:35:33.0039 1188 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
02:35:33.0087 1188 usbaudio - ok
02:35:33.0202 1188 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:35:33.0223 1188 usbccgp - ok
02:35:33.0248 1188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:35:33.0292 1188 usbcir - ok
02:35:33.0419 1188 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:35:33.0458 1188 usbehci - ok
02:35:33.0740 1188 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:35:33.0845 1188 usbhub - ok
02:35:34.0226 1188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
02:35:34.0312 1188 usbohci - ok
02:35:34.0694 1188 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
02:35:34.0779 1188 usbprint - ok
02:35:35.0115 1188 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:35:35.0222 1188 USBSTOR - ok
02:35:35.0566 1188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:35:35.0627 1188 usbuhci - ok
02:35:36.0057 1188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
02:35:36.0155 1188 usbvideo - ok
02:35:36.0345 1188 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:35:36.0411 1188 vga - ok
02:35:36.0679 1188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:35:36.0740 1188 VgaSave - ok
02:35:36.0900 1188 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
02:35:36.0915 1188 viaagp - ok
02:35:37.0018 1188 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
02:35:37.0084 1188 ViaC7 - ok
02:35:37.0143 1188 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
02:35:37.0152 1188 viaide - ok
02:35:37.0283 1188 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:35:37.0313 1188 volmgr - ok
02:35:37.0488 1188 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:35:37.0531 1188 volmgrx - ok
02:35:37.0859 1188 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:35:37.0893 1188 volsnap - ok
02:35:38.0106 1188 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
02:35:38.0117 1188 vsmraid - ok
02:35:38.0311 1188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:35:38.0366 1188 WacomPen - ok
02:35:38.0515 1188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:35:38.0559 1188 Wanarp - ok
02:35:38.0582 1188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:35:38.0601 1188 Wanarpv6 - ok
02:35:38.0864 1188 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
02:35:38.0878 1188 Wd - ok
02:35:39.0316 1188 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:35:39.0532 1188 Wdf01000 - ok
02:35:40.0217 1188 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:35:40.0368 1188 WmiAcpi - ok
02:35:40.0591 1188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:35:40.0632 1188 ws2ifsl - ok
02:35:40.0792 1188 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:35:40.0923 1188 WUDFRd - ok
02:35:40.0963 1188 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:35:41.0190 1188 \Device\Harddisk0\DR0 - ok
02:35:41.0195 1188 Boot (0x1200) (c46f711a69a46c2c9bcbd0ca75689b0e) \Device\Harddisk0\DR0\Partition0
02:35:41.0196 1188 \Device\Harddisk0\DR0\Partition0 - ok
02:35:41.0224 1188 Boot (0x1200) (aa9911aaf7c06eb8d3fd842886ab13c1) \Device\Harddisk0\DR0\Partition1
02:35:41.0225 1188 \Device\Harddisk0\DR0\Partition1 - ok
02:35:41.0225 1188 ============================================================
02:35:41.0225 1188 Scan finished
02:35:41.0225 1188 ============================================================
02:35:41.0237 1664 Detected object count: 0
02:35:41.0237 1664 Actual detected object count: 0

Edited by Mark4398, 30 November 2011 - 02:39 AM.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:46 PM

Posted 30 November 2011 - 03:52 AM

How are things running right now?

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Mark4398

Mark4398
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 30 November 2011 - 09:26 PM

I haven't noticed any unusual processes running in Task Manger and the CPU Usage hasn't been spiking up and down and my laptop has not been heating up.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8280

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

11/30/2011 7:24:47 PM
mbam-log-2011-11-30 (19-24-47).txt

Scan type: Quick scan
Objects scanned: 164143
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




C:\Qoobox\Quarantine\C\ProgramData\eXvyHsXB.exe.vir a variant of Win32/Kryptik.VRX trojan
C:\Qoobox\Quarantine\C\ProgramData\eXvyHsXB.exe_.vir a variant of Win32/Kryptik.VRX trojan
C:\Qoobox\Quarantine\C\Windows\System32\B57aO.com_.vir a variant of Win32/Kryptik.VRX trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\p3i5d98214[1].htm HTML/Fraud.BD.Gen trojan
C:\_OTM\MovedFiles\11292011_015732\c_programdata\eXvyHsXB.exe a variant of Win32/Kryptik.VRX trojan
C:\_OTM\MovedFiles\11292011_015732\c_programdata\eXvyHsXB.exe_ a variant of Win32/Kryptik.VRX trojan




Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Adobe Flash Player ( 10.0.42.34) Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (7.0.1) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

C:\_OTM\MovedFiles\11292011_015732\c_windows\system32\B57aO.com_ a variant of Win32/Kryptik.VRX trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users