Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon.F


  • This topic is locked This topic is locked
18 replies to this topic

#1 thehabitatdoctor

thehabitatdoctor

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 December 2011 - 06:16 PM

Alas, I have been infected a day before the start of finals week :ranting:

Here are the symptoms I've noticed, other than the initial "INFECTED! INFECTED! BUY MY PRODUCT!":

1. Nothing on the desktop prior to infection appears except for Computer and Recycle Bin, and no files show up on the hard drive, although the hard drive shows data present (i.e. 62.1 GB free of 135 GB), and when I attempt to download a file to the desktop that existed before infection, I'm asked whether I want to overwrite the file because it already exists.

2. Although windows updates are automatically downloaded, installation fails after restart.

3. I'm unable to update Spybot, due to the following application error: "Exception EInvalidCast in module SDUpdate.exe at 0007690B. Invalid class typecast."

4. On startup, I get this message twice: "Catalyst Control Centre: host application has stopped working."

I'm currently accessing the internet through safe mode with networking by starting iexplore.exe through the task manager.

Following are the logs for the programs that I've run in the order that they were run, which is followed by a current HijackThis log:

MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8293

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/2/2011 10:18:36 PM
mbam-log-2011-12-02 (22-18-36).txt

Scan type: Quick scan
Objects scanned: 186696
Time elapsed: 12 minute(s), 23 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\programdata\gbwxufosmtrrx.exe (Trojan.FakeAlert) -> 6664 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GBWXufOsmTrrX.exe (Trojan.FakeAlert) -> Value: GBWXufOsmTrrX.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\gbwxufosmtrrx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\laz4059\AppData\Local\Temp\2AA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\laz4059\AppData\Local\Temp\nvbuiavoofagqt.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 December 2011 - 06:19 PM


Microsoft Security Essentials (No actual log, but this is what's in the scan history, all from 12/2/2011)

Trojan:DOS/Alureon.F allowed 10:38
Trojan:DOS/Alureon.F removed 10:41
TrojanDownloader:Java/OpenConnection.OU removed 1:51
Exploit:Java/CVE-2010-0840.BE removed 1:51


Norman Malware Cleaner:

Norman Malware Cleaner v2.03.03
Copyright 1990 - 2011, Norman ASA.

Windows running in safe mode.
Norman Scanner Engine Version: 6.07.13
nvcbin.def: Version: 6.07.00, Date: 2011/12/02 14:18:00, Variants: 12203211
nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 09:21:31, Variants: 20465

Operating System: Windows 7 Service Pack 1 x64

Switches: /iagree /nomt
Running without NSAK

Scan started: 2011/12/03 12:55:56

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Scanning running processes and process memory...

Number of objects found: 304
Number of objects scanned: 304
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 15s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\ProgramData\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Error opening file for read: 0x00000020
C:\Users\laz4059\ntuser.dat: Error opening file for read: 0x00000020
C:\Users\laz4059\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\laz4059\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\laz4059\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\laz4059\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\laz4059\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\laz4059\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3100b40a: Archive infected
C:\Users\laz4059\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3100b40a/folder/Glocker.class: File infected with OpenConnection.I
Delete archive object: C:\Users\laz4059\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3100b40a/folder/Glocker.class
Cleaning successful
C:\Windows\ServiceProfiles\LocalService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\default: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\sam: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\security: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\software: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\system: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020

Number of files found: 168214
Number of archives unpacked: 3784
Number of objects found: 750117
Number of objects scanned: 750072
Number of objects not scanned: 45
Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Number of malicious files found: 1
Number of malicious files cleaned: 0
Scanning time: 3h 55m 38s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 1s

Results:
Total number of files found: 168214
Total number of archives unpacked: 3784
Total number of objects found: 750421
Total number of objects scanned: 750376
Total number of objects not scanned: 45
Total number of malicious objects found: 1
Total number of malicious objects cleaned: 1
Total number of malicious files found: 1
Total number of malicious files cleaned: 0
Total number of objects quarantined: 1
Total scanning time: 3h 55m 55s

#3 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 December 2011 - 06:20 PM


SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2011 at 05:03 PM

Application Version : 5.0.1136

Core Rules Database Version : 8012
Trace Rules Database Version: 5824

Scan type : Complete Scan
Total Scan Time : 00:11:27

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 406
Memory threats detected : 0
Registry items scanned : 81676
Registry threats detected : 2
File items scanned : 26943
File threats detected : 31

Adware.Tracking Cookie
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\6PED2N97.txt [ /ads.undertone.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\VIAZQTE7.txt [ /ad.yieldmanager.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\AC5GGFH6.txt [ /azjmp.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\VFT2XINZ.txt [ /adinterax.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\G491NSP5.txt [ /invitemedia.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\DZNR1X11.txt [ /accounts.google.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\WTMZVEX3.txt [ /questionmarket.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\H5GZFO74.txt [ /tribalfusion.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\YP3MKNDI.txt [ /ru4.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\BMYDX1HW.txt [ /akamai.interclickproxy.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\F2O6I345.txt [ /serving-sys.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\D0BCLW8A.txt [ /ad.wsod.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\GZZPD5YL.txt [ /imrworldwide.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\Y3WE0NJ7.txt [ /yieldmanager.net ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\3O2C7W8P.txt [ /insightexpressai.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\UZ65E56L.txt [ /media6degrees.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\1N5PKJ6H.txt [ /revsci.net ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\983A9RKF.txt [ /a1.interclick.com ]
C:\Users\laz4059\AppData\Roaming\Microsoft\Windows\Cookies\HWUG0F2T.txt [ /interclick.com ]
C:\USERS\LAZ4059\Cookies\VIAZQTE7.txt [ Cookie:laz4059@ad.yieldmanager.com/ ]
C:\USERS\LAZ4059\Cookies\VFT2XINZ.txt [ Cookie:laz4059@adinterax.com/ ]
C:\USERS\LAZ4059\Cookies\G491NSP5.txt [ Cookie:laz4059@invitemedia.com/ ]
C:\USERS\LAZ4059\Cookies\DZNR1X11.txt [ Cookie:laz4059@accounts.google.com/ ]
C:\USERS\LAZ4059\Cookies\H5GZFO74.txt [ Cookie:laz4059@tribalfusion.com/ ]
C:\USERS\LAZ4059\Cookies\YP3MKNDI.txt [ Cookie:laz4059@ru4.com/ ]
C:\USERS\LAZ4059\Cookies\BMYDX1HW.txt [ Cookie:laz4059@akamai.interclickproxy.com/ ]
C:\USERS\LAZ4059\Cookies\F2O6I345.txt [ Cookie:laz4059@serving-sys.com/ ]
C:\USERS\LAZ4059\Cookies\Y3WE0NJ7.txt [ Cookie:laz4059@yieldmanager.net/ ]
C:\USERS\LAZ4059\Cookies\UZ65E56L.txt [ Cookie:laz4059@media6degrees.com/ ]
C:\USERS\LAZ4059\Cookies\1N5PKJ6H.txt [ Cookie:laz4059@revsci.net/ ]
C:\USERS\LAZ4059\Cookies\983A9RKF.txt [ Cookie:laz4059@a1.interclick.com/ ]

Adware.Zugo
(x64) HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
(x64) HKLM\Software\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}

#4 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 December 2011 - 06:45 PM


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:02 PM, on 12/3/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8021 bytes

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:57 PM

Posted 08 December 2011 - 06:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430577 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 09 December 2011 - 08:03 PM

I haven't run anything since posting the original thread since I'm not in much of a hurry since I'm now on break until Jan 1. The main issue is my inability to access previously saved files on C: drive.


DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by laz4059 at 19:52:36 on 2011-12-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1589 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\explorer.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\atibtmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Lookup on Merriam Webster
IE: Lookup on Wikipedia
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 140.254.232.33 140.254.201.4 128.146.117.95
TCP: Interfaces\{69F33C67-2485-4C63-9A18-6D8173862987} : DhcpNameServer = 140.254.232.33 140.254.201.4 128.146.117.95
TCP: Interfaces\{DC6FD661-52DA-4298-BD36-F10A6C17EFF3}\155796564764C616D696E676F6D27657563747 : DhcpNameServer = 207.255.0.130 207.255.0.131
TCP: Interfaces\{DC6FD661-52DA-4298-BD36-F10A6C17EFF3}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{DC6FD661-52DA-4298-BD36-F10A6C17EFF3}\2656C6B696E6E233736663 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DC6FD661-52DA-4298-BD36-F10A6C17EFF3}\742716D6D61602E4020516070797 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DC6FD661-52DA-4298-BD36-F10A6C17EFF3}\86F6D656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DC6FD661-52DA-4298-BD36-F10A6C17EFF3}\D416474775962756C6563737 : DhcpNameServer = 192.168.2.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\laz4059\AppData\Roaming\Mozilla\Firefox\Profiles\kh0mpzh3.default\
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{5d393167-8b1c-4ce1-8593-0ba5f39f3210}: {5d393167-8b1c-4ce1-8593-0ba5f39f3210} - %profile%\extensions\{5d393167-8b1c-4ce1-8593-0ba5f39f3210}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-14 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-3 44768]
R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2009-11-1 3026656]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-4-5 103992]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-17 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-1 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-17 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-12-3 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-12-3 1150936]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-10 00:27:20 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B8CB9E8-5061-449E-88A1-EAB06BC65DA7}\offreg.dll
2011-12-09 16:17:31 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B8CB9E8-5061-449E-88A1-EAB06BC65DA7}\mpengine.dll
2011-12-04 18:29:25 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-03 22:32:37 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-03 22:32:33 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-03 22:32:06 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-03 22:31:54 -------- d-----w- C:\ProgramData\AVAST Software
2011-12-03 22:31:54 -------- d-----w- C:\Program Files\AVAST Software
2011-12-03 18:25:12 -------- d-----w- C:\Users\laz4059\AppData\Roaming\SUPERAntiSpyware.com
2011-12-03 18:24:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-03 18:24:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-03 18:21:03 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-12-03 18:15:14 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-03 18:03:35 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-12-03 18:03:35 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-12-03 18:03:34 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-12-03 18:03:34 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-12-03 18:03:32 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-12-03 18:03:22 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-12-03 18:03:06 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-12-03 18:03:05 -------- d-----w- C:\Users\laz4059\AppData\Roaming\PC Tools
2011-12-03 18:03:05 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2011-12-03 18:00:36 -------- d-----w- C:\ProgramData\PC Tools
2011-12-03 17:38:39 -------- d-----w- C:\Users\laz4059\AppData\Local\Norman Malware Cleaner
2011-12-03 17:37:12 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-12-03 17:35:08 -------- d-----w- C:\ProgramData\Hitman Pro
2011-12-03 17:33:02 -------- d-----w- C:\Users\laz4059\AppData\Local\Adobe
2011-12-03 05:05:35 -------- d-----w- C:\Program Files\CCleaner
2011-12-03 03:33:31 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3F5510B-3180-424D-BFF2-E416CD6A5217}\gapaengine.dll
2011-12-03 03:32:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-03 03:32:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-02 16:01:32 8822856 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46CE417E-2085-4365-A451-C8B4A16D68A2}\mpengine.dll
2011-11-29 00:30:49 -------- d--h--w- C:\ProgramData\VirtualizedApplications
2011-11-28 22:14:27 -------- d--h--w- C:\Users\laz4059\AppData\Local\SoftGrid Client
2011-11-28 22:14:21 -------- d--h--w- C:\Users\laz4059\AppData\Roaming\SoftGrid Client
2011-11-28 22:12:16 -------- d--h--w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-11-28 22:11:22 -------- d--h--w- C:\Users\laz4059\AppData\Roaming\TP
2011-11-19 04:00:09 -------- d--h--w- C:\Users\laz4059\AppData\Roaming\Turning Technologies
2011-11-19 03:59:31 50640 ---ha-r- C:\Users\laz4059\AppData\Roaming\Microsoft\Installer\{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}\NewShortcut3_39591E1D44664DD0B2594573FFBCE0C5.exe
2011-11-19 03:59:31 50640 ---ha-r- C:\Users\laz4059\AppData\Roaming\Microsoft\Installer\{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}\NewShortcut2_87DEAC974F1943CB9E51ECF67A4B4E39.exe
2011-11-19 03:59:31 50640 ---ha-r- C:\Users\laz4059\AppData\Roaming\Microsoft\Installer\{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}\NewShortcut1_7E7F9FDBA8A34998869DAC739C139534.exe
2011-11-19 03:59:31 50640 ---ha-r- C:\Users\laz4059\AppData\Roaming\Microsoft\Installer\{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}\ARPPRODUCTICON.exe
2011-11-19 03:59:29 -------- d--h--w- C:\Program Files (x86)\Turning Technologies
2011-11-19 03:58:18 -------- d--h--w- C:\ProgramData\Turning Technologies
2011-11-11 20:38:24 -------- d--h--w- C:\Program Files\Drug Lord 2
2011-11-11 08:40:06 -------- d--h--w- C:\Users\laz4059\AppData\Local\ESRI
2011-11-11 00:41:01 -------- d--h--w- C:\Users\laz4059\AppData\Roaming\Macrovision
2011-11-11 00:28:21 -------- d--h--w- C:\Program Files (x86)\Explorer
.
==================== Find3M ====================
.
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-28 21:03:34 404640 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:53:16.04 ===============

Attached Files



#7 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 09 December 2011 - 08:07 PM

Also, 64 bit, so no GMER.

I can, however, tell you that I'm using:

Windows 7 Home Premium
Service Pack 1
Compaq Presario CQ62
AMD V120 Processor 2.20 GHz
3 GB RAM, 2.74 usable

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 15 December 2011 - 09:09 AM

Hello, my name is Elise and I'll assist you with this issue.

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or MS Security Essentials.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 15 December 2011 - 07:18 PM

Thanks for the help!

TDSS killer didn't find anything, but here's the log:

19:11:35.0335 2936 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
19:11:35.0382 2936 ============================================================
19:11:35.0382 2936 Current date / time: 2011/12/15 19:11:35.0382
19:11:35.0382 2936 SystemInfo:
19:11:35.0382 2936
19:11:35.0382 2936 OS Version: 6.1.7601 ServicePack: 1.0
19:11:35.0382 2936 Product type: Workstation
19:11:35.0382 2936 ComputerName: LAZ4059-PC
19:11:35.0382 2936 UserName: laz4059
19:11:35.0382 2936 Windows directory: C:\Windows
19:11:35.0382 2936 System windows directory: C:\Windows
19:11:35.0382 2936 Running under WOW64
19:11:35.0382 2936 Processor architecture: Intel x64
19:11:35.0382 2936 Number of processors: 1
19:11:35.0382 2936 Page size: 0x1000
19:11:35.0382 2936 Boot type: Normal boot
19:11:35.0382 2936 ============================================================
19:11:36.0427 2936 Initialize success
19:11:44.0742 3076 ============================================================
19:11:44.0742 3076 Scan started
19:11:44.0742 3076 Mode: Manual;
19:11:44.0742 3076 ============================================================
19:11:45.0351 3076 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:11:45.0351 3076 1394ohci - ok
19:11:45.0413 3076 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:11:45.0413 3076 ACPI - ok
19:11:45.0491 3076 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:11:45.0491 3076 AcpiPmi - ok
19:11:45.0553 3076 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:11:45.0569 3076 adp94xx - ok
19:11:45.0600 3076 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:11:45.0600 3076 adpahci - ok
19:11:45.0647 3076 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:11:45.0647 3076 adpu320 - ok
19:11:45.0741 3076 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:11:45.0756 3076 AFD - ok
19:11:45.0787 3076 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:11:45.0803 3076 agp440 - ok
19:11:45.0850 3076 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:11:45.0850 3076 aliide - ok
19:11:45.0928 3076 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:11:45.0928 3076 amdide - ok
19:11:45.0975 3076 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:11:45.0975 3076 AmdK8 - ok
19:11:46.0209 3076 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
19:11:46.0365 3076 amdkmdag - ok
19:11:46.0396 3076 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
19:11:46.0396 3076 amdkmdap - ok
19:11:46.0443 3076 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:11:46.0443 3076 AmdPPM - ok
19:11:46.0474 3076 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
19:11:46.0474 3076 amdsata - ok
19:11:46.0521 3076 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:11:46.0521 3076 amdsbs - ok
19:11:46.0552 3076 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
19:11:46.0552 3076 amdxata - ok
19:11:46.0614 3076 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:11:46.0614 3076 AppID - ok
19:11:46.0677 3076 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:11:46.0677 3076 arc - ok
19:11:46.0708 3076 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:11:46.0708 3076 arcsas - ok
19:11:46.0755 3076 ASPI - ok
19:11:46.0801 3076 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
19:11:46.0817 3076 aswFsBlk - ok
19:11:46.0848 3076 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
19:11:46.0864 3076 aswMonFlt - ok
19:11:46.0895 3076 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
19:11:46.0895 3076 aswRdr - ok
19:11:46.0926 3076 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
19:11:46.0942 3076 aswSnx - ok
19:11:46.0973 3076 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
19:11:46.0973 3076 aswSP - ok
19:11:47.0004 3076 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
19:11:47.0004 3076 aswTdi - ok
19:11:47.0035 3076 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:11:47.0035 3076 AsyncMac - ok
19:11:47.0067 3076 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:11:47.0067 3076 atapi - ok
19:11:47.0113 3076 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:11:47.0113 3076 AtiPcie - ok
19:11:47.0207 3076 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:11:47.0207 3076 b06bdrv - ok
19:11:47.0238 3076 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:11:47.0254 3076 b57nd60a - ok
19:11:47.0301 3076 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:11:47.0316 3076 Beep - ok
19:11:47.0379 3076 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:11:47.0379 3076 blbdrive - ok
19:11:47.0457 3076 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:11:47.0457 3076 bowser - ok
19:11:47.0503 3076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:11:47.0503 3076 BrFiltLo - ok
19:11:47.0519 3076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:11:47.0535 3076 BrFiltUp - ok
19:11:47.0566 3076 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:11:47.0566 3076 Brserid - ok
19:11:47.0597 3076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:11:47.0597 3076 BrSerWdm - ok
19:11:47.0644 3076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:11:47.0644 3076 BrUsbMdm - ok
19:11:47.0691 3076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:11:47.0691 3076 BrUsbSer - ok
19:11:47.0722 3076 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:11:47.0737 3076 BTHMODEM - ok
19:11:47.0784 3076 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:11:47.0784 3076 cdfs - ok
19:11:47.0815 3076 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:11:47.0815 3076 cdrom - ok
19:11:47.0847 3076 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:11:47.0847 3076 circlass - ok
19:11:47.0893 3076 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:11:47.0909 3076 CLFS - ok
19:11:47.0956 3076 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:11:47.0956 3076 CmBatt - ok
19:11:47.0987 3076 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:11:47.0987 3076 cmdide - ok
19:11:48.0049 3076 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:11:48.0065 3076 CNG - ok
19:11:48.0096 3076 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:11:48.0096 3076 Compbatt - ok
19:11:48.0174 3076 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:11:48.0174 3076 CompositeBus - ok
19:11:48.0221 3076 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:11:48.0237 3076 crcdisk - ok
19:11:48.0330 3076 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:11:48.0330 3076 DfsC - ok
19:11:48.0377 3076 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
19:11:48.0377 3076 DgiVecp - ok
19:11:48.0439 3076 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:11:48.0439 3076 discache - ok
19:11:48.0502 3076 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:11:48.0502 3076 Disk - ok
19:11:48.0549 3076 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:11:48.0549 3076 drmkaud - ok
19:11:48.0627 3076 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:11:48.0642 3076 DXGKrnl - ok
19:11:48.0783 3076 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:11:48.0876 3076 ebdrv - ok
19:11:48.0954 3076 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:11:48.0954 3076 elxstor - ok
19:11:49.0001 3076 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:11:49.0001 3076 ErrDev - ok
19:11:49.0063 3076 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:11:49.0079 3076 exfat - ok
19:11:49.0110 3076 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:11:49.0126 3076 fastfat - ok
19:11:49.0173 3076 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:11:49.0173 3076 fdc - ok
19:11:49.0219 3076 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:11:49.0219 3076 FileInfo - ok
19:11:49.0266 3076 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:11:49.0266 3076 Filetrace - ok
19:11:49.0297 3076 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:49.0297 3076 flpydisk - ok
19:11:49.0360 3076 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:11:49.0360 3076 FltMgr - ok
19:11:49.0391 3076 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:11:49.0407 3076 FsDepends - ok
19:11:49.0422 3076 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:11:49.0422 3076 Fs_Rec - ok
19:11:49.0469 3076 FTDIBUS (0f210048c6bfbfbc0f50816bce40b575) C:\Windows\system32\drivers\ftdibus.sys
19:11:49.0469 3076 FTDIBUS - ok
19:11:49.0563 3076 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:11:49.0563 3076 fvevol - ok
19:11:49.0609 3076 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:11:49.0609 3076 gagp30kx - ok
19:11:49.0703 3076 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:11:49.0703 3076 hcw85cir - ok
19:11:49.0781 3076 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:11:49.0797 3076 HdAudAddService - ok
19:11:49.0828 3076 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:11:49.0843 3076 HDAudBus - ok
19:11:49.0875 3076 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:11:49.0875 3076 HidBatt - ok
19:11:49.0921 3076 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:11:49.0921 3076 HidBth - ok
19:11:49.0953 3076 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:11:49.0968 3076 HidIr - ok
19:11:50.0015 3076 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:11:50.0031 3076 HidUsb - ok
19:11:50.0124 3076 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:11:50.0140 3076 HpSAMD - ok
19:11:50.0202 3076 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:11:50.0233 3076 HTTP - ok
19:11:50.0280 3076 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:11:50.0280 3076 hwpolicy - ok
19:11:50.0327 3076 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:11:50.0327 3076 i8042prt - ok
19:11:50.0374 3076 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
19:11:50.0389 3076 iaStorV - ok
19:11:50.0592 3076 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:11:50.0764 3076 igfx - ok
19:11:50.0779 3076 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:11:50.0779 3076 iirsp - ok
19:11:50.0920 3076 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
19:11:50.0951 3076 IntcAzAudAddService - ok
19:11:50.0998 3076 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:11:50.0998 3076 intelide - ok
19:11:51.0029 3076 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:11:51.0029 3076 intelppm - ok
19:11:51.0076 3076 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:11:51.0091 3076 IpFilterDriver - ok
19:11:51.0123 3076 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:11:51.0123 3076 IPMIDRV - ok
19:11:51.0138 3076 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:11:51.0138 3076 IPNAT - ok
19:11:51.0185 3076 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:11:51.0185 3076 IRENUM - ok
19:11:51.0216 3076 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:11:51.0216 3076 isapnp - ok
19:11:51.0247 3076 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:11:51.0247 3076 iScsiPrt - ok
19:11:51.0294 3076 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:11:51.0294 3076 kbdclass - ok
19:11:51.0325 3076 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:11:51.0325 3076 kbdhid - ok
19:11:51.0357 3076 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:11:51.0357 3076 KSecDD - ok
19:11:51.0403 3076 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:11:51.0419 3076 KSecPkg - ok
19:11:51.0450 3076 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:11:51.0450 3076 ksthunk - ok
19:11:51.0528 3076 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:11:51.0528 3076 lltdio - ok
19:11:51.0575 3076 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:11:51.0575 3076 LSI_FC - ok
19:11:51.0606 3076 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:11:51.0606 3076 LSI_SAS - ok
19:11:51.0653 3076 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:11:51.0653 3076 LSI_SAS2 - ok
19:11:51.0700 3076 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:11:51.0700 3076 LSI_SCSI - ok
19:11:51.0747 3076 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:11:51.0762 3076 luafv - ok
19:11:51.0809 3076 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:11:51.0809 3076 megasas - ok
19:11:51.0856 3076 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:11:51.0856 3076 MegaSR - ok
19:11:51.0887 3076 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:11:51.0903 3076 Modem - ok
19:11:51.0918 3076 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:11:51.0934 3076 monitor - ok
19:11:51.0949 3076 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:11:51.0949 3076 mouclass - ok
19:11:51.0981 3076 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:11:51.0981 3076 mouhid - ok
19:11:52.0027 3076 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:11:52.0027 3076 mountmgr - ok
19:11:52.0059 3076 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:11:52.0059 3076 mpio - ok
19:11:52.0090 3076 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:11:52.0090 3076 mpsdrv - ok
19:11:52.0137 3076 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:11:52.0137 3076 MRxDAV - ok
19:11:52.0183 3076 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:11:52.0183 3076 mrxsmb - ok
19:11:52.0246 3076 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:11:52.0261 3076 mrxsmb10 - ok
19:11:52.0308 3076 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:11:52.0308 3076 mrxsmb20 - ok
19:11:52.0371 3076 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:11:52.0371 3076 msahci - ok
19:11:52.0402 3076 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:11:52.0417 3076 msdsm - ok
19:11:52.0464 3076 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:11:52.0464 3076 Msfs - ok
19:11:52.0495 3076 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:11:52.0495 3076 mshidkmdf - ok
19:11:52.0511 3076 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:11:52.0511 3076 msisadrv - ok
19:11:52.0558 3076 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:11:52.0558 3076 MSKSSRV - ok
19:11:52.0589 3076 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:11:52.0589 3076 MSPCLOCK - ok
19:11:52.0605 3076 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:11:52.0605 3076 MSPQM - ok
19:11:52.0667 3076 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:11:52.0683 3076 MsRPC - ok
19:11:52.0714 3076 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:11:52.0714 3076 mssmbios - ok
19:11:52.0745 3076 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:11:52.0745 3076 MSTEE - ok
19:11:52.0761 3076 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:11:52.0761 3076 MTConfig - ok
19:11:52.0792 3076 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:11:52.0792 3076 Mup - ok
19:11:52.0823 3076 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:11:52.0839 3076 NativeWifiP - ok
19:11:52.0901 3076 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:11:52.0948 3076 NDIS - ok
19:11:52.0979 3076 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:11:52.0979 3076 NdisCap - ok
19:11:53.0026 3076 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:11:53.0026 3076 NdisTapi - ok
19:11:53.0104 3076 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:11:53.0104 3076 Ndisuio - ok
19:11:53.0166 3076 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:11:53.0166 3076 NdisWan - ok
19:11:53.0229 3076 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:11:53.0229 3076 NDProxy - ok
19:11:53.0260 3076 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:11:53.0275 3076 NetBIOS - ok
19:11:53.0307 3076 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:11:53.0322 3076 NetBT - ok
19:11:53.0541 3076 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:11:53.0697 3076 netw5v64 - ok
19:11:53.0743 3076 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:11:53.0743 3076 nfrd960 - ok
19:11:53.0759 3076 NPF - ok
19:11:53.0790 3076 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:11:53.0790 3076 Npfs - ok
19:11:53.0821 3076 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:11:53.0821 3076 nsiproxy - ok
19:11:53.0884 3076 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
19:11:53.0946 3076 Ntfs - ok
19:11:53.0977 3076 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:11:53.0977 3076 Null - ok
19:11:54.0024 3076 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
19:11:54.0024 3076 nvraid - ok
19:11:54.0055 3076 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
19:11:54.0071 3076 nvstor - ok
19:11:54.0118 3076 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:11:54.0118 3076 nv_agp - ok
19:11:54.0165 3076 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:11:54.0165 3076 ohci1394 - ok
19:11:54.0274 3076 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:11:54.0274 3076 Parport - ok
19:11:54.0305 3076 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:11:54.0305 3076 partmgr - ok
19:11:54.0383 3076 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:11:54.0399 3076 pci - ok
19:11:54.0445 3076 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:11:54.0461 3076 pciide - ok
19:11:54.0508 3076 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:11:54.0523 3076 pcmcia - ok
19:11:54.0586 3076 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
19:11:54.0586 3076 PCTCore - ok
19:11:54.0664 3076 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
19:11:54.0679 3076 pctDS - ok
19:11:54.0711 3076 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:11:54.0711 3076 pcw - ok
19:11:54.0757 3076 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:11:54.0773 3076 PEAUTH - ok
19:11:54.0867 3076 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:11:54.0882 3076 PptpMiniport - ok
19:11:54.0898 3076 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:11:54.0898 3076 Processor - ok
19:11:54.0960 3076 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:11:54.0976 3076 Psched - ok
19:11:55.0023 3076 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:11:55.0054 3076 ql2300 - ok
19:11:55.0085 3076 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:11:55.0085 3076 ql40xx - ok
19:11:55.0116 3076 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:11:55.0116 3076 QWAVEdrv - ok
19:11:55.0147 3076 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:11:55.0147 3076 RasAcd - ok
19:11:55.0179 3076 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:11:55.0179 3076 RasAgileVpn - ok
19:11:55.0241 3076 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:11:55.0241 3076 Rasl2tp - ok
19:11:55.0288 3076 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:11:55.0288 3076 RasPppoe - ok
19:11:55.0335 3076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:11:55.0335 3076 RasSstp - ok
19:11:55.0381 3076 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:11:55.0397 3076 rdbss - ok
19:11:55.0428 3076 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:11:55.0444 3076 rdpbus - ok
19:11:55.0475 3076 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:11:55.0475 3076 RDPCDD - ok
19:11:55.0522 3076 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:11:55.0522 3076 RDPENCDD - ok
19:11:55.0569 3076 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:11:55.0569 3076 RDPREFMP - ok
19:11:55.0631 3076 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:11:55.0631 3076 RDPWD - ok
19:11:55.0709 3076 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:11:55.0709 3076 rdyboost - ok
19:11:55.0787 3076 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:11:55.0787 3076 rspndr - ok
19:11:55.0834 3076 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
19:11:55.0834 3076 RSUSBSTOR - ok
19:11:55.0912 3076 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:11:55.0912 3076 RTL8167 - ok
19:11:55.0974 3076 rtl8192se (9d2a069a116289a5c0776488007f62be) C:\Windows\system32\DRIVERS\rtl8192se.sys
19:11:55.0990 3076 rtl8192se - ok
19:11:56.0099 3076 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:11:56.0099 3076 SASDIFSV - ok
19:11:56.0146 3076 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:11:56.0146 3076 SASKUTIL - ok
19:11:56.0193 3076 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:11:56.0193 3076 sbp2port - ok
19:11:56.0317 3076 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:11:56.0317 3076 scfilter - ok
19:11:56.0411 3076 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
19:11:56.0411 3076 sdbus - ok
19:11:56.0489 3076 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:11:56.0489 3076 Serenum - ok
19:11:56.0520 3076 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:11:56.0520 3076 Serial - ok
19:11:56.0551 3076 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:11:56.0551 3076 sermouse - ok
19:11:56.0614 3076 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:11:56.0614 3076 sffdisk - ok
19:11:56.0629 3076 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:11:56.0645 3076 sffp_mmc - ok
19:11:56.0661 3076 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:11:56.0661 3076 sffp_sd - ok
19:11:56.0676 3076 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:11:56.0692 3076 sfloppy - ok
19:11:56.0754 3076 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:11:56.0770 3076 Sftfs - ok
19:11:56.0832 3076 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:11:56.0848 3076 Sftplay - ok
19:11:56.0863 3076 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:11:56.0879 3076 Sftredir - ok
19:11:56.0910 3076 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:11:56.0910 3076 Sftvol - ok
19:11:56.0957 3076 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:11:56.0957 3076 SiSRaid2 - ok
19:11:57.0004 3076 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:11:57.0004 3076 SiSRaid4 - ok
19:11:57.0051 3076 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:11:57.0051 3076 Smb - ok
19:11:57.0144 3076 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:11:57.0144 3076 spldr - ok
19:11:57.0222 3076 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:11:57.0238 3076 srv - ok
19:11:57.0269 3076 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:11:57.0269 3076 srv2 - ok
19:11:57.0316 3076 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:11:57.0316 3076 SrvHsfHDA - ok
19:11:57.0378 3076 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:11:57.0409 3076 SrvHsfV92 - ok
19:11:57.0441 3076 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:11:57.0472 3076 SrvHsfWinac - ok
19:11:57.0503 3076 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:11:57.0503 3076 srvnet - ok
19:11:57.0565 3076 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
19:11:57.0565 3076 SSPORT - ok
19:11:57.0643 3076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:11:57.0643 3076 stexstor - ok
19:11:57.0706 3076 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:11:57.0706 3076 swenum - ok
19:11:57.0815 3076 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
19:11:57.0831 3076 SynTP - ok
19:11:57.0940 3076 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:11:57.0987 3076 Tcpip - ok
19:11:58.0065 3076 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:11:58.0080 3076 TCPIP6 - ok
19:11:58.0127 3076 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:11:58.0127 3076 tcpipreg - ok
19:11:58.0158 3076 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:11:58.0158 3076 TDPIPE - ok
19:11:58.0174 3076 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:11:58.0174 3076 TDTCP - ok
19:11:58.0221 3076 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:11:58.0221 3076 tdx - ok
19:11:58.0267 3076 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:11:58.0267 3076 TermDD - ok
19:11:58.0361 3076 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:11:58.0361 3076 tssecsrv - ok
19:11:58.0408 3076 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:11:58.0408 3076 TsUsbFlt - ok
19:11:58.0501 3076 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:11:58.0501 3076 tunnel - ok
19:11:58.0533 3076 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:11:58.0548 3076 uagp35 - ok
19:11:58.0611 3076 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:11:58.0611 3076 udfs - ok
19:11:58.0673 3076 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:11:58.0689 3076 uliagpkx - ok
19:11:58.0751 3076 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:11:58.0751 3076 umbus - ok
19:11:58.0798 3076 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:11:58.0798 3076 UmPass - ok
19:11:58.0860 3076 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
19:11:58.0860 3076 usbccgp - ok
19:11:58.0923 3076 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:11:58.0923 3076 usbcir - ok
19:11:58.0969 3076 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
19:11:58.0969 3076 usbehci - ok
19:11:59.0016 3076 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
19:11:59.0016 3076 usbfilter - ok
19:11:59.0047 3076 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
19:11:59.0047 3076 usbhub - ok
19:11:59.0079 3076 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
19:11:59.0079 3076 usbohci - ok
19:11:59.0110 3076 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:11:59.0125 3076 usbprint - ok
19:11:59.0157 3076 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:11:59.0157 3076 USBSTOR - ok
19:11:59.0203 3076 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
19:11:59.0203 3076 usbuhci - ok
19:11:59.0266 3076 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:11:59.0266 3076 usbvideo - ok
19:11:59.0328 3076 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:11:59.0328 3076 vdrvroot - ok
19:11:59.0359 3076 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:11:59.0359 3076 vga - ok
19:11:59.0391 3076 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:11:59.0391 3076 VgaSave - ok
19:11:59.0422 3076 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:11:59.0422 3076 vhdmp - ok
19:11:59.0453 3076 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:11:59.0453 3076 viaide - ok
19:11:59.0500 3076 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:11:59.0500 3076 volmgr - ok
19:11:59.0547 3076 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:11:59.0562 3076 volmgrx - ok
19:11:59.0625 3076 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:11:59.0640 3076 volsnap - ok
19:11:59.0718 3076 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:11:59.0734 3076 vsmraid - ok
19:11:59.0781 3076 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:11:59.0781 3076 vwifibus - ok
19:11:59.0827 3076 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:11:59.0827 3076 vwififlt - ok
19:11:59.0874 3076 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:11:59.0874 3076 WacomPen - ok
19:11:59.0921 3076 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:59.0921 3076 WANARP - ok
19:11:59.0937 3076 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:11:59.0937 3076 Wanarpv6 - ok
19:11:59.0999 3076 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:11:59.0999 3076 Wd - ok
19:12:00.0030 3076 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:12:00.0046 3076 Wdf01000 - ok
19:12:00.0093 3076 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:12:00.0093 3076 WfpLwf - ok
19:12:00.0124 3076 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:12:00.0124 3076 WIMMount - ok
19:12:00.0217 3076 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:12:00.0217 3076 WmiAcpi - ok
19:12:00.0264 3076 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:12:00.0264 3076 ws2ifsl - ok
19:12:00.0342 3076 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:12:00.0342 3076 WudfPf - ok
19:12:00.0389 3076 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:12:00.0405 3076 WUDFRd - ok
19:12:00.0483 3076 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
19:12:00.0483 3076 yukonw7 - ok
19:12:00.0529 3076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:12:00.0779 3076 \Device\Harddisk0\DR0 - ok
19:12:00.0795 3076 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
19:12:00.0810 3076 \Device\Harddisk1\DR2 - ok
19:12:00.0826 3076 Boot (0x1200) (ff5a9752a7047ac60325eaecdc20dd11) \Device\Harddisk0\DR0\Partition0
19:12:00.0826 3076 \Device\Harddisk0\DR0\Partition0 - ok
19:12:00.0841 3076 Boot (0x1200) (05f0cb4c437c0beb64b95ee6ec2ff75d) \Device\Harddisk0\DR0\Partition1
19:12:00.0841 3076 \Device\Harddisk0\DR0\Partition1 - ok
19:12:00.0873 3076 Boot (0x1200) (f852c63c8a5a911bf45b5deb3ab880ea) \Device\Harddisk0\DR0\Partition2
19:12:00.0888 3076 \Device\Harddisk0\DR0\Partition2 - ok
19:12:00.0904 3076 Boot (0x1200) (086b25932fe94a6d4c9b61ae14717b71) \Device\Harddisk0\DR0\Partition3
19:12:00.0904 3076 \Device\Harddisk0\DR0\Partition3 - ok
19:12:00.0919 3076 Boot (0x1200) (3f5c9222a26aae417580c1be5fa4c9b0) \Device\Harddisk1\DR2\Partition0
19:12:00.0919 3076 \Device\Harddisk1\DR2\Partition0 - ok
19:12:00.0935 3076 ============================================================
19:12:00.0935 3076 Scan finished
19:12:00.0935 3076 ============================================================
19:12:00.0951 3716 Detected object count: 0
19:12:00.0951 3716 Actual detected object count: 0
19:13:35.0502 0100 Deinitialize success

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 16 December 2011 - 03:05 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 16 December 2011 - 05:28 PM

After running combofix, I noticed that the desktop and all of my files are now accessible, but also that it removed Arc Explorer (c:\program files (x86)\explorer), a legitimate GIS mapping program created by ESRI. I can download it again for free, I'd just hate for anyone to have to investigate the entire folder full of stuff for no reason lol.

Attached Files



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 17 December 2011 - 04:27 AM

That is looking good! I suspect the program was deleted because of its name, but indeed it is legit.

Do you have any problem left at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 17 December 2011 - 04:06 PM

It looks like everything is there on the hard drive and desktop, but in the start menu the only programs that show up are those that were installed after the infection; the folders for everything else are empty. I can recreate the shortcuts if need be, and otherwise there aren't any issues that I'm aware of.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,917 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:57 PM

Posted 17 December 2011 - 04:46 PM

Unfortunately you'll have to recreate the shortcuts. This is not very difficult, but can be time consuming.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  • Look for "JDK 7u2 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 thehabitatdoctor

thehabitatdoctor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 19 December 2011 - 05:07 AM

Sorry for the delay. I'll have the MBAM log up within 24 hours.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users