Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect still after removing Trojan


  • This topic is locked This topic is locked
16 replies to this topic

#1 spencer1982

spencer1982

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 29 November 2011 - 09:38 AM

Hi

I had a trojan that was caught by Malwarebytes 'Rogue.fakeHDD' and was quarantined but ever since my PC hasn't been working properly. I'm running Windows 7 and have a google redirect active and also it crashes firefox. Can you help me find what is still on my PC please!

Thanks

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:27 AM

Posted 29 November 2011 - 05:31 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 30 November 2011 - 03:33 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Spencer at 8:11:53 on 2011-11-30
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3031.1329 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1\ScriptHelper.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\spencer\appdata\local\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D815150B-48BA-4415-A33E-DD33C11B4271} : DhcpNameServer = 192.168.1.254
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\spencer\appdata\roaming\mozilla\firefox\profiles\anox9nf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jamjarprint.co.uk/office/tools.asp
FF - component: c:\users\spencer\appdata\roaming\mozilla\firefox\profiles\anox9nf2.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\spencer\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\spencer\appdata\roaming\mozilla\firefox\profiles\anox9nf2.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-6-6 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-6-5 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-14 47640]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-11-24 246624]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-6-6 273960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-6-6 66592]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb19 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB19 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-28 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-6-14 12800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-10 1343400]
.
=============== Created Last 30 ================
.
2011-11-28 16:51:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-28 13:27:07 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-28 13:27:06 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 13:26:46 -------- d-----w- c:\programdata\Hitman Pro
2011-11-25 11:02:38 -------- d-----w- c:\users\spencer\appdata\roaming\TeraCopy
2011-11-25 11:02:34 -------- d-----w- c:\program files\TeraCopy
2011-11-25 09:03:09 -------- d-----w- c:\users\spencer\appdata\roaming\Malwarebytes
2011-11-25 09:02:48 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 13:13:09 -------- d--h--w- C:\$AVG
2011-11-24 13:00:59 -------- d-----w- c:\users\spencer\appdata\roaming\AVG2012
2011-11-24 13:00:09 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-11-24 13:00:09 -------- d-----w- c:\program files\AVG Secure Search
2011-11-24 12:59:50 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-24 12:59:50 -------- d-----w- c:\programdata\AVG2012
2011-11-24 12:59:28 -------- d-----w- c:\program files\AVG
2011-11-24 12:54:51 -------- d-----w- c:\programdata\MFAData
2011-11-24 11:34:06 -------- d--h--w- c:\users\spencer\appdata\roaming\69A6B98B
.
==================== Find3M ====================
.
2011-10-24 13:49:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-06 07:05:24 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 07:05:24 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-06 07:05:23 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-06 07:05:23 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-04 06:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 06:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 8:18:18.93 ===============




















.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/06/2010 14:56:52
System Uptime: 29/11/2011 12:34:10 (20 hours ago)
.
Motherboard: Dell Inc. | | 054KM3
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 18.338 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
==== System Restore Points ===================
.
RP94: 18/11/2011 00:00:02 - Scheduled Checkpoint
RP95: 24/11/2011 12:59:11 - Installed AVG 2012
RP96: 24/11/2011 12:59:34 - Installed AVG 2012
RP97: 28/11/2011 14:16:41 - Installed QuickBooks Company File Diagnostic Tool
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.4.4
Advanced Renamer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
Bonjour
Broadcom Management Programs
Bullzip PDF Printer 7.1.0.1195
Core FTP LE 2.1
Dell Backup and Recovery Manager
Dell Edoc Viewer
doPDF 7.1 printer
Evernote v. 4.2.1
Google Chrome
GoToAssist 8.0.0.514
GPL Ghostscript Lite 8.70
Hitman Pro 3.5
Intel® Control Center
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 18
Junk Mail filter update
KONICA MINOLTA Universal PCL
LogMeIn
LogMeIn Hamachi
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 Parser and SDK
novaPDF Lite Server 7.1 printer
NVIDIA Drivers
OpenVPN 2.1.3
PowerDVD DX
QB Connection Diagnostic Tool
QODBC Driver
QuarkXPress
QuickBooks
QuickBooks Company File Diagnostic Tool
QuickBooks Pro 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Samsung_MonSetup
Spelling Dictionaries Support For Adobe Reader 9
SupportSoft Assisted Service
TeraCopy 2.27
THE Rename 2.1.6
TweetDeck
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows XP Mode
WinRAR 4.00 beta 4 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
29/11/2011 12:36:50, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
29/11/2011 12:36:48, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
29/11/2011 12:36:48, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
29/11/2011 12:34:33, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
29/11/2011 12:29:45, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
28/11/2011 13:33:47, Error: Service Control Manager [7034] - The QuickBooksDB19 service terminated unexpectedly. It has done this 1 time(s).
25/11/2011 22:41:27, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
25/11/2011 22:41:27, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
24/11/2011 12:55:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
24/11/2011 12:54:28, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/11/2011 12:52:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/11/2011 12:52:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/11/2011 12:52:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/11/2011 12:52:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
24/11/2011 12:52:20, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr vpcvmm Wanarpv6
24/11/2011 12:16:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
24/11/2011 12:10:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
24/11/2011 12:10:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
24/11/2011 12:05:12, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
24/11/2011 12:05:12, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
24/11/2011 12:05:08, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
.
==== End Of File ===========================










I then downloaded aswMBR and tried to run it but it wouldn't run. I renamed it to iexplore as suggested and it still won't run. I since restarted my computer and i all files and become hidden and all of my settings have been deleted. Is there another way to run aswMBR?

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:27 AM

Posted 30 November 2011 - 08:08 AM

Please run unhide


Please download Unhide.exe to your desktop:
  • Double-click on the Unhide.exe icon on your desktop and allow the program to run.
  • This program will remove the hidden attributes from all the files on your system.
  • Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.


let me know that everything has been restored before we continue

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 30 November 2011 - 08:29 AM

I downloaded and ran unhide and nothing restored. I then de-activated AVG and tried again and still nothing restored.

Edited by spencer1982, 30 November 2011 - 08:57 AM.


#6 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 30 November 2011 - 09:02 AM

I restarted my computer and everything is now back. Ok to continue.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:27 AM

Posted 30 November 2011 - 09:19 AM

Hi

Please do the following:


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 30 November 2011 - 11:21 AM

ComboFix 11-11-30.01 - Spencer 30/11/2011 14:46:07.1.8 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3031.2004 [GMT 0:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Spencer\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-30 15:21 . 2011-11-30 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-30 12:03 . 2011-11-30 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-11-30 12:02 . 2011-11-30 12:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\CyberLink
2011-11-30 09:46 . 2011-11-30 09:46 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-11-30 08:41 . 2011-11-30 08:41 -------- d-----w- c:\users\Default\AppData\Local\Apple
2011-11-30 08:32 . 2011-11-30 08:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-30 08:30 . 2011-11-30 08:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Evernote
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- C:\AVG2012
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Intel Corporation
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2011-11-28 16:51 . 2011-11-28 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-28 13:27 . 2011-11-28 13:27 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-28 13:27 . 2011-11-28 13:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 13:26 . 2011-11-28 13:26 -------- d-----w- c:\programdata\Hitman Pro
2011-11-25 11:02 . 2011-11-29 13:53 -------- d-----w- c:\users\Spencer\AppData\Roaming\TeraCopy
2011-11-25 11:02 . 2011-11-25 11:02 -------- d-----w- c:\program files\TeraCopy
2011-11-25 09:03 . 2011-11-25 09:03 -------- d-----w- c:\users\Spencer\AppData\Roaming\Malwarebytes
2011-11-25 09:02 . 2011-11-25 09:02 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 13:13 . 2011-11-24 13:13 -------- d-----w- C:\$AVG
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\users\Spencer\AppData\Roaming\AVG2012
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\program files\AVG Secure Search
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-24 12:59 . 2011-11-30 14:04 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-24 12:59 . 2011-11-24 13:10 -------- d-----w- c:\programdata\AVG2012
2011-11-24 12:59 . 2011-11-24 12:59 -------- d-----w- c:\program files\AVG
2011-11-24 12:54 . 2011-11-30 14:05 -------- d-----w- c:\programdata\MFAData
2011-11-24 11:34 . 2011-11-24 12:00 -------- d-----w- c:\users\Spencer\AppData\Roaming\69A6B98B
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:49 . 2011-06-10 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23 . 2011-10-07 06:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-06 07:05 . 2010-06-14 14:19 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-06 07:05 . 2010-06-14 14:19 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 07:05 . 2010-06-14 14:19 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-06 07:05 . 2010-06-14 14:19 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-04 06:21 . 2011-10-04 06:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 06:30 . 2011-09-13 06:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-11-21 04:04 . 2011-11-28 14:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-24 13:00 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-24 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-24 218464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-18 293950]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-8 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2009-07-27 131072]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-10 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-06 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-24 246624]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2214479086-3985545472-3829505799-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 13:10]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2214479086-3985545472-3829505799-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 13:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\anox9nf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jamjarprint.co.uk/office/tools.asp
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-30 15:39:23
ComboFix-quarantined-files.txt 2011-11-30 15:39
.
Pre-Run: 23,951,724,544 bytes free
Post-Run: 24,495,759,360 bytes free
.
- - End Of File - - 9C534BC08D302ED9270245A674D40321

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:27 AM

Posted 30 November 2011 - 02:26 PM

Hi

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\users\Spencer\AppData\Roaming\69A6B98B

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 01 December 2011 - 04:44 AM

Hi

I wasn't able to run TDSSKiller, I tried numerous ways but nonwe were working so I followed the advice in another thread and ran FixTDSS from Symantec instead. It found and removed one threat but didn't give a log, is there a way to find this log?

Combofix Log:



ComboFix 11-12-01.01 - Spencer 01/12/2011 8:45.2.8 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3031.1957 [GMT 0:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Spencer\AppData\Roaming\69A6B98B
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 08:48 . 2011-12-01 08:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-01 08:48 . 2011-12-01 08:48 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2011-12-01 08:48 . 2011-12-01 08:48 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-12-01 08:48 . 2011-12-01 08:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-01 08:48 . 2011-12-01 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-30 12:03 . 2011-11-30 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-11-30 12:02 . 2011-11-30 12:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\CyberLink
2011-11-30 09:46 . 2011-11-30 09:46 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-11-30 08:41 . 2011-11-30 08:41 -------- d-----w- c:\users\Default\AppData\Local\Apple
2011-11-30 08:32 . 2011-11-30 08:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-30 08:30 . 2011-11-30 08:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Evernote
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- C:\AVG2012
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Intel Corporation
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2011-11-28 16:51 . 2011-11-28 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-28 13:27 . 2011-11-28 13:27 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-28 13:27 . 2011-11-28 13:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 13:26 . 2011-11-28 13:26 -------- d-----w- c:\programdata\Hitman Pro
2011-11-25 11:02 . 2011-11-29 13:53 -------- d-----w- c:\users\Spencer\AppData\Roaming\TeraCopy
2011-11-25 11:02 . 2011-11-25 11:02 -------- d-----w- c:\program files\TeraCopy
2011-11-25 09:03 . 2011-11-25 09:03 -------- d-----w- c:\users\Spencer\AppData\Roaming\Malwarebytes
2011-11-25 09:02 . 2011-11-25 09:02 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 13:13 . 2011-11-24 13:13 -------- d-----w- C:\$AVG
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\users\Spencer\AppData\Roaming\AVG2012
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\program files\AVG Secure Search
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-24 12:59 . 2011-12-01 08:35 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-24 12:59 . 2011-11-24 13:10 -------- d-----w- c:\programdata\AVG2012
2011-11-24 12:59 . 2011-11-24 12:59 -------- d-----w- c:\program files\AVG
2011-11-24 12:54 . 2011-12-01 08:35 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:49 . 2011-06-10 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23 . 2011-10-07 06:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-06 07:05 . 2010-06-14 14:19 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-06 07:05 . 2010-06-14 14:19 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 07:05 . 2010-06-14 14:19 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-06 07:05 . 2010-06-14 14:19 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-04 06:21 . 2011-10-04 06:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 06:30 . 2011-09-13 06:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-11-21 04:04 . 2011-11-28 14:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-24 13:00 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-24 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-24 218464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-18 293950]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-8 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2009-07-27 131072]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-10 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-06 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-24 246624]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2214479086-3985545472-3829505799-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 13:10]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2214479086-3985545472-3829505799-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 13:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\anox9nf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jamjarprint.co.uk/office/tools.asp
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-01 08:49:21
ComboFix-quarantined-files.txt 2011-12-01 08:49
ComboFix2.txt 2011-11-30 15:39
.
Pre-Run: 24,217,747,456 bytes free
Post-Run: 24,277,061,632 bytes free
.
- - End Of File - - F2F49398995651DB92DC34A4241E0353




MBAM LOG:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8282

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01/12/2011 08:58:01
mbam-log-2011-12-01 (08-58-01).txt

Scan type: Quick scan
Objects scanned: 218128
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET Scanner log:

C:\Downloads\Quark.Xpress 8\Quark.Xpress.v8.0.1.For.Windows.Incl.Keymaker-X-FORCE.zip probably a variant of Win32/Agent.FNWSKKL trojan

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:27 AM

Posted 01 December 2011 - 10:33 AM

Hi, I'm not sure where a log would be located for that tool, i have only run it a few times when TDSSKiller wouldn't run,

please don't run other tools during the fix as it may interfere with what I am doing

please see if TDSSKiller will now run.


next


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Downloads\Quark.Xpress 8\Quark.Xpress.v8.0.1.For.Windows.Incl.Keymaker-X-FORCE.zip

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Edited by CatByte, 02 December 2011 - 08:50 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 02 December 2011 - 03:07 AM

Hi

TDSSKiller ran:

15:36:59.0439 5760 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:36:59.0727 5760 ============================================================
15:36:59.0727 5760 Current date / time: 2011/12/01 15:36:59.0727
15:36:59.0727 5760 SystemInfo:
15:36:59.0727 5760
15:36:59.0727 5760 OS Version: 6.1.7600 ServicePack: 0.0
15:36:59.0727 5760 Product type: Workstation
15:36:59.0727 5760 ComputerName: SPENCER-PC
15:36:59.0727 5760 UserName: Spencer
15:36:59.0727 5760 Windows directory: C:\Windows
15:36:59.0728 5760 System windows directory: C:\Windows
15:36:59.0728 5760 Processor architecture: Intel x86
15:36:59.0728 5760 Number of processors: 8
15:36:59.0728 5760 Page size: 0x1000
15:36:59.0728 5760 Boot type: Normal boot
15:36:59.0728 5760 ============================================================
15:37:01.0524 5760 Initialize success
15:37:05.0872 5248 ============================================================
15:37:05.0872 5248 Scan started
15:37:05.0872 5248 Mode: Manual;
15:37:05.0872 5248 ============================================================
15:37:07.0220 5248 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
15:37:07.0223 5248 1394ohci - ok
15:37:07.0342 5248 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:37:07.0348 5248 ACPI - ok
15:37:07.0381 5248 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:37:07.0384 5248 AcpiPmi - ok
15:37:07.0404 5248 adfs - ok
15:37:07.0440 5248 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:37:07.0447 5248 adp94xx - ok
15:37:07.0472 5248 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:37:07.0478 5248 adpahci - ok
15:37:07.0502 5248 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:37:07.0506 5248 adpu320 - ok
15:37:07.0610 5248 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:37:07.0616 5248 AFD - ok
15:37:07.0644 5248 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:37:07.0647 5248 agp440 - ok
15:37:07.0667 5248 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:37:07.0671 5248 aic78xx - ok
15:37:07.0706 5248 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:37:07.0709 5248 aliide - ok
15:37:07.0736 5248 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:37:07.0739 5248 amdagp - ok
15:37:07.0756 5248 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:37:07.0758 5248 amdide - ok
15:37:07.0779 5248 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:37:07.0783 5248 AmdK8 - ok
15:37:07.0803 5248 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:37:07.0807 5248 AmdPPM - ok
15:37:07.0827 5248 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
15:37:07.0830 5248 amdsata - ok
15:37:07.0846 5248 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:37:07.0850 5248 amdsbs - ok
15:37:07.0874 5248 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
15:37:07.0876 5248 amdxata - ok
15:37:07.0903 5248 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:37:07.0907 5248 AppID - ok
15:37:07.0997 5248 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:37:08.0000 5248 arc - ok
15:37:08.0022 5248 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:37:08.0026 5248 arcsas - ok
15:37:08.0073 5248 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:08.0076 5248 AsyncMac - ok
15:37:08.0106 5248 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:37:08.0109 5248 atapi - ok
15:37:08.0166 5248 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:37:08.0168 5248 AVGIDSDriver - ok
15:37:08.0181 5248 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:37:08.0184 5248 AVGIDSEH - ok
15:37:08.0202 5248 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:37:08.0211 5248 AVGIDSFilter - ok
15:37:08.0236 5248 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
15:37:08.0239 5248 AVGIDSShim - ok
15:37:08.0268 5248 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
15:37:08.0274 5248 Avgldx86 - ok
15:37:08.0296 5248 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
15:37:08.0300 5248 Avgmfx86 - ok
15:37:08.0344 5248 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
15:37:08.0347 5248 Avgrkx86 - ok
15:37:08.0370 5248 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
15:37:08.0375 5248 Avgtdix - ok
15:37:08.0450 5248 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:37:08.0458 5248 b06bdrv - ok
15:37:08.0498 5248 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:37:08.0503 5248 b57nd60x - ok
15:37:08.0560 5248 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:37:08.0562 5248 Beep - ok
15:37:08.0597 5248 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:37:08.0605 5248 blbdrive - ok
15:37:08.0687 5248 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:37:08.0691 5248 bowser - ok
15:37:08.0755 5248 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:37:08.0758 5248 BrFiltLo - ok
15:37:08.0769 5248 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:37:08.0774 5248 BrFiltUp - ok
15:37:08.0808 5248 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:37:08.0811 5248 Bridge - ok
15:37:08.0835 5248 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:37:08.0837 5248 BridgeMP - ok
15:37:08.0873 5248 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:37:08.0879 5248 Brserid - ok
15:37:08.0899 5248 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:37:08.0902 5248 BrSerWdm - ok
15:37:08.0923 5248 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:37:08.0925 5248 BrUsbMdm - ok
15:37:08.0936 5248 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:37:08.0938 5248 BrUsbSer - ok
15:37:08.0957 5248 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:37:08.0960 5248 BTHMODEM - ok
15:37:09.0022 5248 catchme - ok
15:37:09.0052 5248 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:37:09.0056 5248 cdfs - ok
15:37:09.0086 5248 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:37:09.0090 5248 cdrom - ok
15:37:09.0110 5248 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:37:09.0112 5248 circlass - ok
15:37:09.0140 5248 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:37:09.0145 5248 CLFS - ok
15:37:09.0175 5248 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:37:09.0177 5248 CmBatt - ok
15:37:09.0197 5248 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:37:09.0199 5248 cmdide - ok
15:37:09.0234 5248 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:37:09.0241 5248 CNG - ok
15:37:09.0252 5248 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:37:09.0254 5248 Compbatt - ok
15:37:09.0296 5248 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:37:09.0299 5248 CompositeBus - ok
15:37:09.0319 5248 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:37:09.0321 5248 crcdisk - ok
15:37:09.0376 5248 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:37:09.0387 5248 CSC - ok
15:37:09.0442 5248 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:37:09.0446 5248 DfsC - ok
15:37:09.0488 5248 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:37:09.0491 5248 discache - ok
15:37:09.0524 5248 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:37:09.0527 5248 Disk - ok
15:37:09.0572 5248 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:37:09.0575 5248 drmkaud - ok
15:37:09.0616 5248 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:37:09.0657 5248 DXGKrnl - ok
15:37:09.0769 5248 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:37:09.0833 5248 ebdrv - ok
15:37:09.0866 5248 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:37:09.0870 5248 elxstor - ok
15:37:09.0881 5248 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:37:09.0883 5248 ErrDev - ok
15:37:09.0935 5248 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:37:09.0939 5248 exfat - ok
15:37:09.0975 5248 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:37:09.0979 5248 fastfat - ok
15:37:09.0993 5248 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:37:09.0995 5248 fdc - ok
15:37:10.0056 5248 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:37:10.0059 5248 FileInfo - ok
15:37:10.0095 5248 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:37:10.0098 5248 Filetrace - ok
15:37:10.0109 5248 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:37:10.0111 5248 flpydisk - ok
15:37:10.0147 5248 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:37:10.0151 5248 FltMgr - ok
15:37:10.0187 5248 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:37:10.0195 5248 FsDepends - ok
15:37:10.0224 5248 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:37:10.0229 5248 Fs_Rec - ok
15:37:10.0264 5248 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:37:10.0269 5248 fvevol - ok
15:37:10.0294 5248 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:37:10.0297 5248 gagp30kx - ok
15:37:10.0317 5248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:37:10.0319 5248 GEARAspiWDM - ok
15:37:10.0364 5248 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:37:10.0367 5248 hamachi - ok
15:37:10.0415 5248 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:37:10.0418 5248 hcw85cir - ok
15:37:10.0454 5248 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:37:10.0458 5248 HDAudBus - ok
15:37:10.0487 5248 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
15:37:10.0490 5248 HECI - ok
15:37:10.0500 5248 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:37:10.0502 5248 HidBatt - ok
15:37:10.0530 5248 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:37:10.0533 5248 HidBth - ok
15:37:10.0542 5248 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:37:10.0543 5248 HidIr - ok
15:37:10.0575 5248 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:37:10.0577 5248 HidUsb - ok
15:37:10.0615 5248 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:37:10.0618 5248 HpSAMD - ok
15:37:10.0662 5248 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:37:10.0671 5248 HTTP - ok
15:37:10.0692 5248 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:37:10.0694 5248 hwpolicy - ok
15:37:10.0739 5248 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:37:10.0742 5248 i8042prt - ok
15:37:10.0773 5248 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
15:37:10.0778 5248 iaStor - ok
15:37:10.0804 5248 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
15:37:10.0810 5248 iaStorV - ok
15:37:10.0840 5248 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:37:10.0844 5248 iirsp - ok
15:37:10.0934 5248 IntcAzAudAddService (5ceef2cccb4fe00d3ffbfeb12bcfa07f) C:\Windows\system32\drivers\RTKVHDA.sys
15:37:10.0995 5248 IntcAzAudAddService - ok
15:37:11.0031 5248 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:37:11.0034 5248 intelide - ok
15:37:11.0063 5248 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:37:11.0066 5248 intelppm - ok
15:37:11.0100 5248 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:37:11.0103 5248 IpFilterDriver - ok
15:37:11.0126 5248 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:37:11.0129 5248 IPMIDRV - ok
15:37:11.0153 5248 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:37:11.0156 5248 IPNAT - ok
15:37:11.0192 5248 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:37:11.0194 5248 IRENUM - ok
15:37:11.0224 5248 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:37:11.0230 5248 isapnp - ok
15:37:11.0261 5248 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:37:11.0265 5248 iScsiPrt - ok
15:37:11.0299 5248 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
15:37:11.0304 5248 k57nd60x - ok
15:37:11.0341 5248 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:37:11.0345 5248 kbdclass - ok
15:37:11.0362 5248 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:37:11.0365 5248 kbdhid - ok
15:37:11.0391 5248 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
15:37:11.0395 5248 KSecDD - ok
15:37:11.0442 5248 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
15:37:11.0457 5248 KSecPkg - ok
15:37:11.0520 5248 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:37:11.0522 5248 lltdio - ok
15:37:11.0670 5248 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
15:37:11.0671 5248 LMIInfo - ok
15:37:11.0739 5248 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
15:37:11.0742 5248 lmimirr - ok
15:37:11.0770 5248 LMIRfsClientNP - ok
15:37:11.0796 5248 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
15:37:11.0799 5248 LMIRfsDriver - ok
15:37:11.0835 5248 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:37:11.0838 5248 LSI_FC - ok
15:37:11.0865 5248 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:37:11.0868 5248 LSI_SAS - ok
15:37:11.0889 5248 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:37:11.0892 5248 LSI_SAS2 - ok
15:37:11.0915 5248 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:37:11.0918 5248 LSI_SCSI - ok
15:37:11.0959 5248 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:37:11.0962 5248 luafv - ok
15:37:12.0042 5248 MBAMProtector - ok
15:37:12.0072 5248 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:37:12.0075 5248 megasas - ok
15:37:12.0108 5248 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:37:12.0113 5248 MegaSR - ok
15:37:12.0138 5248 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:37:12.0141 5248 Modem - ok
15:37:12.0158 5248 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:37:12.0161 5248 monitor - ok
15:37:12.0186 5248 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:37:12.0189 5248 mouclass - ok
15:37:12.0208 5248 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:37:12.0211 5248 mouhid - ok
15:37:12.0244 5248 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:37:12.0247 5248 mountmgr - ok
15:37:12.0288 5248 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:37:12.0293 5248 mpio - ok
15:37:12.0318 5248 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:37:12.0380 5248 mpsdrv - ok
15:37:12.0400 5248 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:37:12.0404 5248 MRxDAV - ok
15:37:12.0445 5248 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:37:12.0450 5248 mrxsmb - ok
15:37:12.0485 5248 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:37:12.0489 5248 mrxsmb10 - ok
15:37:12.0508 5248 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:37:12.0514 5248 mrxsmb20 - ok
15:37:12.0555 5248 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
15:37:12.0558 5248 msahci - ok
15:37:12.0591 5248 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:37:12.0595 5248 msdsm - ok
15:37:12.0632 5248 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:37:12.0635 5248 Msfs - ok
15:37:12.0652 5248 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:37:12.0655 5248 mshidkmdf - ok
15:37:12.0681 5248 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:37:12.0687 5248 msisadrv - ok
15:37:12.0717 5248 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:37:12.0720 5248 MSKSSRV - ok
15:37:12.0738 5248 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:37:12.0741 5248 MSPCLOCK - ok
15:37:12.0758 5248 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:37:12.0760 5248 MSPQM - ok
15:37:12.0785 5248 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:37:12.0789 5248 MsRPC - ok
15:37:12.0808 5248 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:37:12.0811 5248 mssmbios - ok
15:37:12.0834 5248 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:37:12.0837 5248 MSTEE - ok
15:37:12.0880 5248 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:37:12.0883 5248 MTConfig - ok
15:37:12.0923 5248 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:37:12.0926 5248 Mup - ok
15:37:12.0966 5248 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:37:12.0971 5248 NativeWifiP - ok
15:37:13.0010 5248 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:37:13.0017 5248 NDIS - ok
15:37:13.0034 5248 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:37:13.0036 5248 NdisCap - ok
15:37:13.0063 5248 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:37:13.0095 5248 NdisTapi - ok
15:37:13.0114 5248 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:37:13.0117 5248 Ndisuio - ok
15:37:13.0142 5248 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:37:13.0146 5248 NdisWan - ok
15:37:13.0175 5248 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:37:13.0178 5248 NDProxy - ok
15:37:13.0195 5248 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:37:13.0199 5248 NetBIOS - ok
15:37:13.0222 5248 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:37:13.0227 5248 NetBT - ok
15:37:13.0284 5248 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:37:13.0287 5248 nfrd960 - ok
15:37:13.0308 5248 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:37:13.0311 5248 Npfs - ok
15:37:13.0326 5248 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:37:13.0329 5248 nsiproxy - ok
15:37:13.0364 5248 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
15:37:13.0396 5248 Ntfs - ok
15:37:13.0417 5248 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:37:13.0420 5248 Null - ok
15:37:13.0452 5248 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
15:37:13.0455 5248 NVHDA - ok
15:37:13.0654 5248 nvlddmkm (a6e06d1ae86b4fd2cd4af1e5f2b8a241) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:37:13.0811 5248 nvlddmkm - ok
15:37:13.0839 5248 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
15:37:13.0873 5248 nvraid - ok
15:37:13.0917 5248 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
15:37:13.0921 5248 nvstor - ok
15:37:13.0953 5248 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:37:13.0957 5248 nv_agp - ok
15:37:13.0986 5248 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:37:13.0990 5248 ohci1394 - ok
15:37:14.0043 5248 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:37:14.0047 5248 Parport - ok
15:37:14.0073 5248 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:37:14.0076 5248 partmgr - ok
15:37:14.0095 5248 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:37:14.0098 5248 Parvdm - ok
15:37:14.0130 5248 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:37:14.0135 5248 pci - ok
15:37:14.0147 5248 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:37:14.0149 5248 pciide - ok
15:37:14.0174 5248 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:37:14.0178 5248 pcmcia - ok
15:37:14.0201 5248 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:37:14.0204 5248 pcw - ok
15:37:14.0240 5248 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:37:14.0249 5248 PEAUTH - ok
15:37:14.0312 5248 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:37:14.0314 5248 PptpMiniport - ok
15:37:14.0335 5248 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:37:14.0338 5248 Processor - ok
15:37:14.0369 5248 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:37:14.0373 5248 Psched - ok
15:37:14.0413 5248 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
15:37:14.0416 5248 PxHelp20 - ok
15:37:14.0474 5248 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:37:14.0509 5248 ql2300 - ok
15:37:14.0534 5248 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:37:14.0538 5248 ql40xx - ok
15:37:14.0591 5248 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:37:14.0594 5248 QWAVEdrv - ok
15:37:14.0622 5248 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:37:14.0625 5248 RasAcd - ok
15:37:14.0660 5248 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:37:14.0713 5248 RasAgileVpn - ok
15:37:14.0735 5248 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:14.0740 5248 Rasl2tp - ok
15:37:14.0774 5248 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:14.0777 5248 RasPppoe - ok
15:37:14.0797 5248 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:37:14.0843 5248 RasSstp - ok
15:37:14.0891 5248 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:37:14.0897 5248 rdbss - ok
15:37:14.0942 5248 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:37:14.0945 5248 rdpbus - ok
15:37:14.0971 5248 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:14.0974 5248 RDPCDD - ok
15:37:15.0004 5248 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:37:15.0008 5248 RDPDR - ok
15:37:15.0028 5248 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:37:15.0030 5248 RDPENCDD - ok
15:37:15.0051 5248 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:37:15.0053 5248 RDPREFMP - ok
15:37:15.0077 5248 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:37:15.0082 5248 RDPWD - ok
15:37:15.0108 5248 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:37:15.0112 5248 rdyboost - ok
15:37:15.0165 5248 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:37:15.0167 5248 rspndr - ok
15:37:15.0199 5248 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:37:15.0201 5248 s3cap - ok
15:37:15.0231 5248 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:37:15.0235 5248 sbp2port - ok
15:37:15.0257 5248 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:37:15.0260 5248 scfilter - ok
15:37:15.0305 5248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:37:15.0308 5248 secdrv - ok
15:37:15.0349 5248 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:37:15.0352 5248 Serenum - ok
15:37:15.0370 5248 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:37:15.0374 5248 Serial - ok
15:37:15.0396 5248 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:37:15.0399 5248 sermouse - ok
15:37:15.0436 5248 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:37:15.0438 5248 sffdisk - ok
15:37:15.0448 5248 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:37:15.0450 5248 sffp_mmc - ok
15:37:15.0463 5248 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:37:15.0465 5248 sffp_sd - ok
15:37:15.0478 5248 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:37:15.0480 5248 sfloppy - ok
15:37:15.0522 5248 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:37:15.0527 5248 sisagp - ok
15:37:15.0550 5248 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:37:15.0552 5248 SiSRaid2 - ok
15:37:15.0573 5248 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:37:15.0578 5248 SiSRaid4 - ok
15:37:15.0607 5248 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:37:15.0610 5248 Smb - ok
15:37:15.0655 5248 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:37:15.0658 5248 spldr - ok
15:37:15.0705 5248 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:37:15.0724 5248 srv - ok
15:37:15.0757 5248 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:37:15.0762 5248 srv2 - ok
15:37:15.0793 5248 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:37:15.0797 5248 srvnet - ok
15:37:15.0847 5248 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:37:15.0850 5248 stexstor - ok
15:37:15.0884 5248 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:37:15.0888 5248 storflt - ok
15:37:15.0902 5248 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:37:15.0905 5248 storvsc - ok
15:37:15.0926 5248 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:37:15.0927 5248 swenum - ok
15:37:15.0982 5248 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
15:37:15.0985 5248 tap0901 - ok
15:37:16.0046 5248 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
15:37:16.0082 5248 Tcpip - ok
15:37:16.0147 5248 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
15:37:16.0160 5248 TCPIP6 - ok
15:37:16.0184 5248 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:37:16.0187 5248 tcpipreg - ok
15:37:16.0206 5248 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:37:16.0209 5248 TDPIPE - ok
15:37:16.0221 5248 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:37:16.0223 5248 TDTCP - ok
15:37:16.0245 5248 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:37:16.0252 5248 tdx - ok
15:37:16.0277 5248 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:37:16.0280 5248 TermDD - ok
15:37:16.0321 5248 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:16.0323 5248 tssecsrv - ok
15:37:16.0340 5248 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:37:16.0344 5248 tunnel - ok
15:37:16.0382 5248 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:37:16.0385 5248 uagp35 - ok
15:37:16.0415 5248 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
15:37:16.0429 5248 udfs - ok
15:37:16.0464 5248 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:37:16.0468 5248 uliagpkx - ok
15:37:16.0504 5248 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:37:16.0507 5248 umbus - ok
15:37:16.0536 5248 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:37:16.0538 5248 UmPass - ok
15:37:16.0562 5248 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
15:37:16.0565 5248 USBAAPL - ok
15:37:16.0589 5248 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:16.0592 5248 usbccgp - ok
15:37:16.0619 5248 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:37:16.0622 5248 usbcir - ok
15:37:16.0645 5248 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
15:37:16.0647 5248 usbehci - ok
15:37:16.0672 5248 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
15:37:16.0677 5248 usbhub - ok
15:37:16.0696 5248 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
15:37:16.0699 5248 usbohci - ok
15:37:16.0716 5248 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:37:16.0719 5248 usbprint - ok
15:37:16.0736 5248 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:16.0739 5248 USBSTOR - ok
15:37:16.0752 5248 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
15:37:16.0754 5248 usbuhci - ok
15:37:16.0781 5248 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:37:16.0782 5248 vdrvroot - ok
15:37:16.0799 5248 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:16.0801 5248 vga - ok
15:37:16.0820 5248 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:37:16.0823 5248 VgaSave - ok
15:37:16.0845 5248 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:37:16.0849 5248 vhdmp - ok
15:37:16.0873 5248 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:37:16.0876 5248 viaagp - ok
15:37:16.0898 5248 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:37:16.0901 5248 ViaC7 - ok
15:37:16.0914 5248 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:37:16.0917 5248 viaide - ok
15:37:16.0945 5248 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:37:16.0949 5248 vmbus - ok
15:37:16.0962 5248 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:37:16.0964 5248 VMBusHID - ok
15:37:16.0989 5248 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:37:16.0992 5248 volmgr - ok
15:37:17.0018 5248 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:37:17.0024 5248 volmgrx - ok
15:37:17.0061 5248 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:37:17.0066 5248 volsnap - ok
15:37:17.0109 5248 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
15:37:17.0114 5248 vpcbus - ok
15:37:17.0157 5248 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:37:17.0160 5248 vpcnfltr - ok
15:37:17.0188 5248 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
15:37:17.0191 5248 vpcusb - ok
15:37:17.0224 5248 vpcuxd (f49c0d1f8dae860ee47e5f34ac0f6008) C:\Windows\system32\DRIVERS\vpcuxd.sys
15:37:17.0227 5248 vpcuxd - ok
15:37:17.0263 5248 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
15:37:17.0268 5248 vpcvmm - ok
15:37:17.0313 5248 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:37:17.0317 5248 vsmraid - ok
15:37:17.0350 5248 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:37:17.0353 5248 vwifibus - ok
15:37:17.0380 5248 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:37:17.0383 5248 WacomPen - ok
15:37:17.0411 5248 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:17.0414 5248 WANARP - ok
15:37:17.0419 5248 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:17.0420 5248 Wanarpv6 - ok
15:37:17.0464 5248 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:37:17.0467 5248 Wd - ok
15:37:17.0491 5248 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:37:17.0499 5248 Wdf01000 - ok
15:37:17.0531 5248 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:37:17.0533 5248 WfpLwf - ok
15:37:17.0548 5248 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:37:17.0561 5248 WIMMount - ok
15:37:17.0609 5248 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
15:37:17.0611 5248 WinUsb - ok
15:37:17.0646 5248 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:37:17.0649 5248 WmiAcpi - ok
15:37:17.0674 5248 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:37:17.0675 5248 ws2ifsl - ok
15:37:17.0706 5248 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
15:37:17.0708 5248 WudfPf - ok
15:37:17.0746 5248 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:17.0749 5248 WUDFRd - ok
15:37:17.0807 5248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:37:17.0816 5248 \Device\Harddisk0\DR0 - ok
15:37:17.0824 5248 Boot (0x1200) (3241535af6b26813163fa5fe5399ffea) \Device\Harddisk0\DR0\Partition0
15:37:17.0826 5248 \Device\Harddisk0\DR0\Partition0 - ok
15:37:17.0841 5248 Boot (0x1200) (d265ec058743e843a7acddbda31d0aab) \Device\Harddisk0\DR0\Partition1
15:37:17.0843 5248 \Device\Harddisk0\DR0\Partition1 - ok
15:37:17.0844 5248 ============================================================
15:37:17.0844 5248 Scan finished
15:37:17.0844 5248 ============================================================
15:37:17.0855 1720 Detected object count: 0
15:37:17.0855 1720 Actual detected object count: 0
15:39:08.0842 5300 Deinitialize success

#13 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 02 December 2011 - 03:11 AM

Combofix has given a very long log however so I have had to remove the 'snapshot' section. Let me know if you would like me ot post it as an attachment.

ComboFix 11-12-01.03 - Spencer 02/12/2011 7:55.4.8 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3031.2050 [GMT 0:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\downloads\Quark.Xpress 8\Quark.Xpress.v8.0.1.For.Windows.Incl.Keymaker-X-FORCE.zip"
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 07:59 . 2011-12-02 07:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-02 07:59 . 2011-12-02 07:59 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2011-12-02 07:59 . 2011-12-02 07:59 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-12-02 07:59 . 2011-12-02 07:59 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-02 07:59 . 2011-12-02 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 10:33 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-12-01 10:33 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-12-01 10:33 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-12-01 10:33 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-12-01 10:33 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-12-01 10:32 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-12-01 10:32 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-01 10:32 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-01 10:32 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-01 10:32 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-12-01 10:32 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-01 10:32 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-01 10:32 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-01 10:32 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-01 10:32 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-12-01 10:10 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-12-01 10:04 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-12-01 10:02 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2011-12-01 10:00 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-12-01 10:00 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2011-12-01 10:00 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-12-01 10:00 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-01 10:00 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2011-12-01 10:00 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-12-01 09:57 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-12-01 09:57 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-01 09:57 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-12-01 08:59 . 2011-12-01 08:59 -------- d-----w- c:\program files\ESET
2011-11-30 12:03 . 2011-11-30 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-11-30 12:02 . 2011-11-30 12:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\CyberLink
2011-11-30 09:46 . 2011-11-30 09:46 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-11-30 08:41 . 2011-11-30 08:41 -------- d-----w- c:\users\Default\AppData\Local\Apple
2011-11-30 08:32 . 2011-11-30 08:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-30 08:30 . 2011-11-30 08:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Evernote
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- C:\AVG2012
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Intel Corporation
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2011-11-30 08:28 . 2011-11-30 08:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2011-11-28 16:51 . 2011-11-28 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-28 13:27 . 2011-11-28 13:27 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-28 13:27 . 2011-11-28 13:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 13:26 . 2011-11-28 13:26 -------- d-----w- c:\programdata\Hitman Pro
2011-11-25 11:02 . 2011-11-29 13:53 -------- d-----w- c:\users\Spencer\AppData\Roaming\TeraCopy
2011-11-25 11:02 . 2011-11-25 11:02 -------- d-----w- c:\program files\TeraCopy
2011-11-25 09:03 . 2011-11-25 09:03 -------- d-----w- c:\users\Spencer\AppData\Roaming\Malwarebytes
2011-11-25 09:02 . 2011-11-25 09:02 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 13:13 . 2011-11-24 13:13 -------- d-----w- C:\$AVG
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\users\Spencer\AppData\Roaming\AVG2012
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\program files\AVG Secure Search
2011-11-24 13:00 . 2011-11-24 13:00 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-11-24 12:59 . 2011-12-01 18:28 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-24 12:59 . 2011-11-24 13:10 -------- d-----w- c:\programdata\AVG2012
2011-11-24 12:59 . 2011-11-24 12:59 -------- d-----w- c:\program files\AVG
2011-11-24 12:54 . 2011-12-01 18:28 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:49 . 2011-06-10 10:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23 . 2011-10-07 06:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-06 07:05 . 2010-06-14 14:19 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-06 07:05 . 2010-06-14 14:19 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 07:05 . 2010-06-14 14:19 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-06 07:05 . 2010-06-14 14:19 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-04 06:21 . 2011-10-04 06:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 06:30 . 2011-09-13 06:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-11-21 04:04 . 2011-11-28 14:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-24 13:00 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-24 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-11-24 218464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-18 293950]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-8 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2009-07-27 131072]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-10 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-06 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-24 246624]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2214479086-3985545472-3829505799-1000Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 13:10]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2214479086-3985545472-3829505799-1000UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 13:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\anox9nf2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jamjarprint.co.uk/office/tools.asp
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-02 08:00:39
ComboFix-quarantined-files.txt 2011-12-02 08:00
ComboFix2.txt 2011-12-01 17:39
ComboFix3.txt 2011-12-01 08:49
ComboFix4.txt 2011-11-30 15:39
.
Pre-Run: 22,789,214,208 bytes free
Post-Run: 22,494,404,608 bytes free
.
- - End Of File - - A837FA2771CC1AA90B8B79B017FAB19A



Is this normal?

I haven't come across a good redirect yet and everything else seems to be running normal.


Thank you very much for your help.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:27 AM

Posted 02 December 2011 - 08:54 AM

Yes, that log looks good,

Just some housekeeping to do now. Please run the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 29
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT




You can delete the FixTDSS, TDSSKiller, DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 spencer1982

spencer1982
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 02 December 2011 - 09:22 AM

Thank you so much for your help, all running nice and smoothly now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users