Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Anti-virus 2012 (failed removal), rootkit, ping.exe, Redirects & popups


  • This topic is locked This topic is locked
28 replies to this topic

#1 jay.birch

jay.birch

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 14 December 2011 - 02:28 PM

About a week ago, I came home to find XP antivirus 2012 had taken over the computer. Used the removal guide and completed all steps, believing it to be gone once done. A few days later, it came back as well as my notice of "ping.exe" appearing in task manager & taking up mass amounts of memory. On top of that, at times there are popup/redirects which make the computer unusable.

My son claims to have no idea how this happened which is obviously not true. He is more apt with computers then I am & said he could remove the infection. Against my better judgement, I let him try. After reading through the rules for submission, I'm sure he messed up. I saw at the beginning that "combofix" should NOT be used but I see it on the desktop so I imagine it was. He will not be using the PC again until such time as the infection is cleaned and/or I decide to let him back on.

Something in the infection keeps disabling the Windows Firewall as well. After running full Malwarebytes scans, Spybot S&D & AdAware scans ... I can get the computer back to a fairly operable state (and turn the firewall back on)but something inevitably starts the cycle again. I see alot of information in the requested scans coming back to Firefox. I've also noticed that it seems plugin-container.exe opening is a pre-cursor to the infection starting all over again. I know that program is akin to a bundled addon center running. I will do nothing with it at all but hoping that running only internet explorer might help during the time waiting.

I will do nothing on my end, as requested & apologize ahead of time if my son's actions have caused additional complications in this removal process. Thank you for your time in this.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Jason at 13:26:11 on 2011-12-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2459 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k xmlpros
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /S=7
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\documents and settings\jason\start menu\programs\startup\CurseClientStartup.ccip
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2A0B10C3-D863-430B-9A83-214A47C8E318} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A146BBEB-263C-4DFE-87E1-844986D62519} : DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
Notify: xmlproservice - xmlrpw32.dll
Notify: xmlrpw32 - xmlrpw32.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason\application data\mozilla\firefox\profiles\neyto10q.default\
FF - prefs.js: browser.search.selectedEngine - Plus! Network
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jason\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\jason\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-12 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-7-5 28552]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-10-15 223464]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\jason\local settings\application data\crossloop\CrossLoopService.exe [2011-4-7 560848]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
R2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2006-2-28 14336]
S0 ykyhr;ykyhr;c:\windows\system32\drivers\rkhvnit.sys --> c:\windows\system32\drivers\rkhvnit.sys [?]
S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-4-23 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-2 2152152]
S2 USmsServ;Desktop Window Manager Sessions Manager;c:\windows\desktop manager\dwm.exe --> c:\windows\desktop manager\dwm.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-13 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\atihdxp3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2010-11-14 9216]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-2 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-13 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-12 41272]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [2007-1-29 449408]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2011-7-12 152576]
S3 tvnserver;TightVNC Server;c:\documents and settings\jason\local settings\application data\crossloop\tvnserver.exe [2011-4-7 814080]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-8-2 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-8-2 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-13 366152]
.
=============== Created Last 30 ================
.
2011-12-14 17:50:53 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-14 17:02:04 37888 ----a-w- c:\windows\system32\xmlrpw32.dll
2011-12-14 17:02:04 156672 ----a-w- c:\windows\system32\xmlprw32.dll
2011-12-13 18:45:34 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-12 20:21:26 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-12 19:04:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 19:02:41 -------- d-----w- c:\documents and settings\jason\local settings\application data\adaware
2011-12-12 19:02:39 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-12-12 19:02:36 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-12 19:02:31 -------- d-----w- c:\documents and settings\jason\application data\adawaretb
2011-12-12 19:02:30 -------- d-----w- c:\program files\adawaretb
2011-12-12 19:02:23 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-12 19:02:18 -------- d-----w- c:\program files\Lavasoft
2011-12-12 18:22:37 -------- d-sh--w- c:\documents and settings\jason\IECompatCache
2011-12-12 17:22:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-12 16:30:01 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-12 12:57:28 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 05:48:09 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 05:46:55 -------- d-sha-r- C:\cmdcons
2011-12-11 05:45:08 98816 ----a-w- c:\windows\sed.exe
2011-12-11 05:45:08 518144 ----a-w- c:\windows\SWREG.exe
2011-12-11 05:45:08 256000 ----a-w- c:\windows\PEV.exe
2011-12-11 05:45:08 208896 ----a-w- c:\windows\MBR.exe
2011-12-11 03:46:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-11 03:46:22 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-09 23:47:25 -------- d-----w- c:\documents and settings\jason\local settings\application data\Messenger_Plus_Live
2011-12-09 23:37:24 -------- d-----w- c:\documents and settings\jason\AppData
2011-12-09 23:37:23 -------- d-----w- c:\program files\BrowserCompanion
2011-12-09 23:37:05 -------- d-----w- c:\documents and settings\jason\local settings\application data\Linkury
2011-12-02 06:12:13 -------- d-----w- c:\documents and settings\jason\local settings\application data\Skyrim
2011-12-02 05:53:59 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-28 20:29:38 -------- d-----w- c:\documents and settings\jason\application data\Ulzak
2011-11-28 20:29:38 -------- d-----w- c:\documents and settings\jason\application data\Asew
2011-11-25 15:39:26 -------- d-----w- c:\program files\AMD APP
2011-11-25 15:30:18 -------- d-----w- c:\documents and settings\jason\application data\Unity
2011-11-25 15:27:53 -------- d-----w- c:\documents and settings\jason\local settings\application data\Unity
.
==================== Find3M ====================
.
2011-12-14 02:09:20 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-14 02:09:15 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-14 02:09:15 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-10 03:46:31 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-20 22:22:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 03:01:40 7412736 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:59:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-10-26 02:30:50 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 02:30:40 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 02:27:26 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 02:21:48 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-26 02:21:34 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-26 02:20:42 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-26 02:16:30 18968576 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 02:06:02 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:04:50 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-10-26 02:04:46 4004864 ----a-w- c:\windows\system32\ati3duag.dll
2011-10-26 01:58:22 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-10-26 01:44:50 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-10-26 01:44:08 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:43:54 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:43:46 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:43:26 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-10-26 01:42:08 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-26 01:40:46 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 01:35:00 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-10-26 01:34:14 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-10-26 01:30:52 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:30:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-26 01:24:58 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24:52 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 13:26:29.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 18 December 2011 - 03:14 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 04:24 PM

Hello there. Wow are you a reason for excitement & thank you for the help. Below, are the requested logs.

As for general issues. Since I originally posted the problem, I have run a scan (Spybot & Malwarebytes) once to give myself the ability to complete work. While trying to do so in safe-mode, the computer just turned itself off. Also below, is a list of the 'quarantine' items as described. I do have a router & with the ping.exe issue, thought I should volunteer that. Pertaining to general system performance ... very slow, multiple dll's running & a few errors regarding the 'dynamic link library'

Quarantine (per Malwarebytes):

Trojan.Wimpixo x2
Rootkit.0access x3
Trojan.Agent x4
Trojan.Dropper
Trojan.Wimpixo

See Qoobox in location (for most) as well as system volume information & system32/xmlprw32.dll


Logs as requested:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.7
AIM 7
aiofw
aioprnt
aioscnnr
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD OverDrive
AMD Processor Driver
AOL Uninstaller (Choose which Products to Remove)
ATI Catalyst Registration
ATITool Overclocking Utility
AutoBoot
Battlefield: Bad Company™ 2
Bonjour
Browser Configuration Utility
BrowserCompanion
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
CamStudio
CamStudio OSS Desktop Recorder
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CCleaner
center
Cheetah DVD Burner
Compatibility Pack for the 2007 Office system
ControlCenter
ConvertXtoDVD 4.1.16.360
Coupon Printer for Windows
CrossLoop 2.74
Curse Client
DeskScapes 3
Download Updater (AOL LLC)
EA Installer
EA Shared Game Component: Activation
eSobi v2
EVEREST Home Edition v2.20
Fallout New Vegas
Firebird SQL Server - MAGIX Edition
Fraps (remove only)
FrostWire 5.0.8
Geeks3D.com FurMark 1.9.0
GOM Player
Google Chrome
Grand Theft Auto: Episodes from Liberty City
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
i-Charger
ImgBurn
Impulse
Java Auto Updater
Java™ 6 Update 24
JoD
K-Lite Mega Codec Pack 7.7.0
Keylogger Detector
KODAK AiO Home Center
ksDIP
Labtec WebCam
Liveupdate4
Logitech Gaming Software 5.10
Logitech QuickCam Driver Package
MAGIX Screenshare
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NVIDIA Drivers
NVIDIA PhysX
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Origin
Panda ActiveScan 2.0
PowerISO
PreReq
PunkBuster Services
RealPlayer 7 Basic
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RIFT
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Click to Call
Skype™ 5.5
Speccy
Spybot - Search & Destroy
Star Mission Game
Steam
Stronghold 3
TeamSpeak 3 Client
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Viewpoint Media Player
Vimicro USB2.0 UVC PC Camera
VLC media player 1.1.4
WebFldrs XP
WindowBlinds 7
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Xfire (remove only)
Xtranormal State
Xtranormal State - Showpak-FM-Preview
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-British-Graham22k
Xtranormal State - Voicepack-British-Lucy22k
Xtranormal State - Voicepack-USEnglish-Heather22k
Xtranormal State - Voicepack-USEnglish-Ryan22k
.
==== End Of File ===========================


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Jason at 16:07:45 on 2011-12-18
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /S=7
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\documents and settings\jason\start menu\programs\startup\CurseClientStartup.ccip
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2A0B10C3-D863-430B-9A83-214A47C8E318} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A146BBEB-263C-4DFE-87E1-844986D62519} : DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason\application data\mozilla\firefox\profiles\neyto10q.default\
FF - prefs.js: browser.search.selectedEngine - Plus! Network
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jason\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\jason\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-12-18 07:47:26 -------- d-s---w- C:\ComboFix
2011-12-17 18:06:50 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-14 17:50:53 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-13 18:45:34 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-12 20:21:26 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-12 19:04:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 19:02:41 -------- d-----w- c:\documents and settings\jason\local settings\application data\adaware
2011-12-12 19:02:39 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-12-12 19:02:36 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-12 19:02:31 -------- d-----w- c:\documents and settings\jason\application data\adawaretb
2011-12-12 19:02:30 -------- d-----w- c:\program files\adawaretb
2011-12-12 19:02:23 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-12 19:02:18 -------- d-----w- c:\program files\Lavasoft
2011-12-12 18:22:37 -------- d-sh--w- c:\documents and settings\jason\IECompatCache
2011-12-12 16:30:01 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-12 12:57:28 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 05:48:09 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 05:46:55 -------- d-sha-r- C:\cmdcons
2011-12-11 05:45:08 98816 ----a-w- c:\windows\sed.exe
2011-12-11 05:45:08 518144 ----a-w- c:\windows\SWREG.exe
2011-12-11 05:45:08 256000 ----a-w- c:\windows\PEV.exe
2011-12-11 05:45:08 208896 ----a-w- c:\windows\MBR.exe
2011-12-11 03:46:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-11 03:46:22 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-09 23:47:25 -------- d-----w- c:\documents and settings\jason\local settings\application data\Messenger_Plus_Live
2011-12-09 23:37:24 -------- d-----w- c:\documents and settings\jason\AppData
2011-12-09 23:37:23 -------- d-----w- c:\program files\BrowserCompanion
2011-12-09 23:37:05 -------- d-----w- c:\documents and settings\jason\local settings\application data\Linkury
2011-12-02 06:12:13 -------- d-----w- c:\documents and settings\jason\local settings\application data\Skyrim
2011-12-02 05:53:59 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-28 20:29:38 -------- d-----w- c:\documents and settings\jason\application data\Ulzak
2011-11-28 20:29:38 -------- d-----w- c:\documents and settings\jason\application data\Asew
2011-11-25 15:39:26 -------- d-----w- c:\program files\AMD APP
2011-11-25 15:30:18 -------- d-----w- c:\documents and settings\jason\application data\Unity
2011-11-25 15:27:53 -------- d-----w- c:\documents and settings\jason\local settings\application data\Unity
.
==================== Find3M ====================
.
2011-12-16 01:03:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 02:09:20 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-14 02:09:15 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-14 02:09:15 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-10 03:46:31 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 03:01:40 7412736 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:59:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-10-26 02:30:50 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 02:30:40 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 02:27:26 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 02:21:48 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-26 02:21:34 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-26 02:20:42 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-26 02:16:30 18968576 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 02:06:02 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:04:50 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-10-26 02:04:46 4004864 ----a-w- c:\windows\system32\ati3duag.dll
2011-10-26 01:58:22 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-10-26 01:44:50 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-10-26 01:44:08 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:43:54 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:43:46 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:43:26 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-10-26 01:42:08 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-26 01:40:46 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 01:35:00 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-10-26 01:34:14 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-10-26 01:30:52 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:30:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-26 01:24:58 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24:52 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AAJS-22WAA0 rev.58.01D58 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x894FE49F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89505738]; MOV EAX, [0x895058ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AE08AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000073[0x8AE129E8]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AD93D98]
\Driver\atapi[0x8976A030] -> IRP_MJ_CREATE -> 0x894FE49F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x894FE2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:09:20.95 ===============



Thank you for you time in this.

#4 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 04:31 PM

Just saw the header of "DDS." Apologize if I shouldn't have posted it in the reply & instead, put as attachment. Will change anything if needed.

#5 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 04:46 PM

When attempting to post the following, IE wouldn't open. Upon looking at task manager, every time I open it ... there is a duplicate entry for the browser. I restarted & for the first time was prompted with a message stating that since registering windows, significant changes had been made. Aside from the video card that my son put in, nothing else has been changed. I selected 'no' on the option to re-register and back now.

Thank you again.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 18 December 2011 - 05:02 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 07:36 PM

Below, is the requested 'ComboFix' log. I had to watch my son run it just b/c I probably wouldn't know what to do if a problem arose. He said it ran perfectly fine & was the first time he had seen the program run without restarting the computer or stating that rootkit activity was present.

The key activation icon has vanished as I look at it now (which was a new symptom). This is a legitimate copy of windows so those notices all of the sudden, concern me.

Computer is operating better but there is still some type of sluggishness that is hard to describe. Just not normal. I still notice 2 instances of iexplore running even with just one window open. Closing the browser & restarting results in the same thing.


ComboFix log:

ComboFix 11-12-18.01 - Jason 12/18/2011 19:13:41.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1840 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-17 18:06 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-17 16:30 . 2011-12-17 16:30 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\Skyrim
2011-12-17 16:28 . 2011-12-17 16:28 -------- d-----w- c:\documents and settings\JR\Application Data\adawaretb
2011-12-17 16:28 . 2011-12-17 16:28 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\adaware
2011-12-14 17:50 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-13 18:45 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-12 20:21 . 2011-12-12 19:04 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-12 19:05 . 2011-12-12 19:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-12 19:04 . 2011-12-12 19:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\adaware
2011-12-12 19:02 . 2011-12-19 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-12 19:02 . 2011-12-15 08:51 -------- d-----w- c:\documents and settings\Jason\Application Data\adawaretb
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\adawaretb
2011-12-12 19:02 . 2011-12-02 12:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\Lavasoft
2011-12-12 18:22 . 2011-12-12 18:22 -------- d-sh--w- c:\documents and settings\Jason\IECompatCache
2011-12-12 16:30 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-12 12:57 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 05:48 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 03:46 . 2011-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-11 03:46 . 2011-12-11 03:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-10 23:10 . 2011-12-10 23:10 -------- d-----w- c:\documents and settings\JR\Application Data\Malwarebytes
2011-12-10 23:09 . 2011-12-10 23:09 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\AOL
2011-12-09 23:47 . 2011-12-09 23:47 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Messenger_Plus_Live
2011-12-09 23:37 . 2011-12-09 23:37 -------- d-----w- c:\documents and settings\Jason\AppData
2011-12-09 23:37 . 2011-12-09 23:53 -------- d-----w- c:\program files\BrowserCompanion
2011-12-09 23:37 . 2011-12-10 04:31 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Linkury
2011-12-02 06:12 . 2011-12-02 06:12 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Skyrim
2011-12-02 05:53 . 2011-12-18 15:54 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-28 20:29 . 2011-12-10 17:21 -------- d-----w- c:\documents and settings\Jason\Application Data\Ulzak
2011-11-28 20:29 . 2011-12-10 03:21 -------- d-----w- c:\documents and settings\Jason\Application Data\Asew
2011-11-25 15:42 . 2011-11-25 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-11-25 15:39 . 2011-11-25 15:39 -------- d-----w- c:\program files\AMD APP
2011-11-25 15:30 . 2011-11-25 15:30 -------- d-----w- c:\documents and settings\Jason\Application Data\Unity
2011-11-25 15:27 . 2011-11-25 15:27 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 01:03 . 2011-07-10 18:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 02:09 . 2010-09-01 13:51 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-14 02:09 . 2010-09-01 16:55 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-14 02:09 . 2010-09-01 13:50 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-10 03:46 . 2010-09-01 13:50 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 03:01 . 2010-06-28 19:13 7412736 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:59 . 2010-06-28 23:24 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-10-26 02:30 . 2010-06-28 23:24 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 02:30 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 02:27 . 2010-06-28 23:24 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-26 02:20 . 2011-10-26 02:20 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-26 02:16 . 2010-06-28 23:24 18968576 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 02:06 . 2010-06-28 23:24 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:04 . 2008-04-14 00:11 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-10-26 02:04 . 2008-04-14 00:11 4004864 ----a-w- c:\windows\system32\ati3duag.dll
2011-10-26 01:58 . 2011-03-05 05:43 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-10-26 01:44 . 2008-04-14 00:11 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-10-26 01:44 . 2010-06-28 23:24 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:43 . 2010-06-28 23:24 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:43 . 2010-06-28 23:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43 . 2010-06-28 23:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:43 . 2010-06-28 23:24 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-10-26 01:42 . 2010-06-28 23:24 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-26 01:40 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39 . 2010-06-28 23:24 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 01:35 . 2010-06-28 23:24 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-10-26 01:34 . 2010-06-28 23:24 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-10-26 01:30 . 2010-06-28 23:24 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:30 . 2010-06-28 23:24 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-10-26 01:25 . 2010-06-28 23:24 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:25 . 2010-06-28 23:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-26 01:24 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24 . 2008-04-14 00:11 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-06-28 21:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 14:16 . 2011-03-24 14:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-17_18.31.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 00:00 . 2011-12-19 00:00 16384 c:\windows\Temp\Perflib_Perfdata_63c.dat
+ 2006-02-28 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-10-27 09:27 141104 ----a-w- c:\program files\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 98304]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [2011-10-27 192816]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\documents and settings\Jason\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-5-4 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-04-01 21:40 172336 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\documents and settings\Jason\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]
2009-10-15 19:11 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-31 17:50 136176 ----atw- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1311907128\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-10-24 21:51 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-07-12 07:45 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 21:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-04 18:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1311907128\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\MapEditor.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Apps\\2.0\\56CG50ML.630\\HC6AJK9W.748\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
"5910:TCP"= 5910:TCP:*:Disabled:vnc5910
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2011 2:02 PM 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/5/2011 7:59 AM 28552]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/15/2009 2:11 PM 223464]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [5/17/2010 1:24 PM 308592]
S0 ykyhr;ykyhr;c:\windows\system32\drivers\rkhvnit.sys --> c:\windows\system32\drivers\rkhvnit.sys [?]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/23/2010 5:39 AM 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Jason\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [4/7/2011 4:37 PM 560848]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152]
S2 USmsServ;Desktop Window Manager Sessions Manager;c:\windows\Desktop Manager\dwm.exe --> c:\windows\Desktop Manager\dwm.exe [?]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [2/28/2006 7:00 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/13/2010 11:07 PM 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/14/2010 12:19 AM 9216]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/2/2011 7:49 AM 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/13/2010 3:18 PM 22216]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 10:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 10:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 10:44 AM 16696]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [1/29/2007 7:40 AM 449408]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [7/12/2011 2:45 AM 152576]
S3 tvnserver;TightVNC Server;c:\documents and settings\Jason\Local Settings\Application Data\CrossLoop\tvnserver.exe [4/7/2011 4:37 PM 814080]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8/2/2011 7:35 PM 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8/2/2011 7:35 PM 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/13/2010 3:18 PM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 19:04]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1935655697-725345543-1003Core.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 17:50]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1935655697-725345543-1003UA.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\neyto10q.default\
FF - prefs.js: browser.search.selectedEngine - Plus! Network
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 19:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AAJS-22WAA0 rev.58.01D58 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8ACF02C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-1935655697-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,95,39,05,9b,a3,c7,38,1e,5b,ee,05,d3,56,87,54,4d,af,86,44,2e,3c,8a,
e9,37,d3,d3,0d,44,9d,7a,73,ba,85,6a,ec,2f,9a,df,88,92,1f,ac,fa,fb,45,cf,62,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
.
[HKEY_USERS\S-1-5-21-790525478-1935655697-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,1f,a8,f4,f7,4e,a8,68,56,4b,0d,10,fb,e0,c9,e0,4f,b0,08,bb,e0,
e5,e2,85,91,eb,27,bb,f5,5b,0f,78,60,06,12,5a,29,95,56,dc,ee,a5,2f,38,83,6e,\
"rkeysecu"=hex:ca,2b,4c,cd,91,9d,df,97,e5,c5,3b,4c,ab,05,04,90
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5824)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
.
Completion time: 2011-12-18 19:28:50
ComboFix-quarantined-files.txt 2011-12-19 00:28
ComboFix2.txt 2011-12-17 18:35
ComboFix3.txt 2011-12-14 18:17
ComboFix4.txt 2011-12-13 19:09
ComboFix5.txt 2011-12-19 00:10
.
Pre-Run: 50,707,656,704 bytes free
Post-Run: 51,492,855,808 bytes free
.
- - End Of File - - 0D58EA34618750F0144D21CC7EDA1A8F

#8 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 07:54 PM

Per your instructions, just updating with anything:

Noticed the task manager graph running a bit high. While Idle there is an occurrence of svchost.exe/System running at about 1,500,000 Mem usage.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 18 December 2011 - 09:02 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 09:09 PM

Your instructions are clear to not do anything without being asked to & if so, let you know:

I opened IE to check this thread and the process was ended without me doing it. Security services were disabled & I immediately did a hard reset. Since you had already asked me to, I ran combofix again & that log is below. There was a deletion & hoping this doesn't cause a problem. I have no other computer or way of accessing this forum aside from work. Had to get functional again.

Do you still want me to follow your last step? Just don't want to do so if the last log makes a difference.


ComboFix Log:

ComboFix 11-12-18.02 - Jason 12/18/2011 20:51:03.8.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2696 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\mGiJpKILEPL.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-17 18:06 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-17 16:30 . 2011-12-17 16:30 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\Skyrim
2011-12-17 16:28 . 2011-12-17 16:28 -------- d-----w- c:\documents and settings\JR\Application Data\adawaretb
2011-12-17 16:28 . 2011-12-17 16:28 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\adaware
2011-12-14 17:50 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-13 18:45 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-12 20:21 . 2011-12-12 19:04 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-12 19:05 . 2011-12-12 19:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-12 19:04 . 2011-12-12 19:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\adaware
2011-12-12 19:02 . 2011-12-19 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-12 19:02 . 2011-12-15 08:51 -------- d-----w- c:\documents and settings\Jason\Application Data\adawaretb
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\adawaretb
2011-12-12 19:02 . 2011-12-02 12:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\Lavasoft
2011-12-12 18:22 . 2011-12-12 18:22 -------- d-sh--w- c:\documents and settings\Jason\IECompatCache
2011-12-12 16:30 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-12 12:57 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 05:48 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 03:46 . 2011-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-11 03:46 . 2011-12-11 03:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-10 23:10 . 2011-12-10 23:10 -------- d-----w- c:\documents and settings\JR\Application Data\Malwarebytes
2011-12-10 23:09 . 2011-12-10 23:09 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\AOL
2011-12-09 23:47 . 2011-12-09 23:47 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Messenger_Plus_Live
2011-12-09 23:37 . 2011-12-09 23:37 -------- d-----w- c:\documents and settings\Jason\AppData
2011-12-09 23:37 . 2011-12-09 23:53 -------- d-----w- c:\program files\BrowserCompanion
2011-12-09 23:37 . 2011-12-10 04:31 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Linkury
2011-12-02 06:12 . 2011-12-02 06:12 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Skyrim
2011-12-02 05:53 . 2011-12-18 15:54 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-28 20:29 . 2011-12-10 17:21 -------- d-----w- c:\documents and settings\Jason\Application Data\Ulzak
2011-11-28 20:29 . 2011-12-10 03:21 -------- d-----w- c:\documents and settings\Jason\Application Data\Asew
2011-11-25 15:42 . 2011-11-25 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-11-25 15:39 . 2011-11-25 15:39 -------- d-----w- c:\program files\AMD APP
2011-11-25 15:30 . 2011-11-25 15:30 -------- d-----w- c:\documents and settings\Jason\Application Data\Unity
2011-11-25 15:27 . 2011-11-25 15:27 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 01:03 . 2011-07-10 18:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 02:09 . 2010-09-01 13:51 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-14 02:09 . 2010-09-01 16:55 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-14 02:09 . 2010-09-01 13:50 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-10 03:46 . 2010-09-01 13:50 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 03:01 . 2010-06-28 19:13 7412736 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:59 . 2010-06-28 23:24 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-10-26 02:30 . 2010-06-28 23:24 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 02:30 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 02:27 . 2010-06-28 23:24 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-26 02:20 . 2011-10-26 02:20 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-26 02:16 . 2010-06-28 23:24 18968576 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 02:06 . 2010-06-28 23:24 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:04 . 2008-04-14 00:11 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-10-26 02:04 . 2008-04-14 00:11 4004864 ----a-w- c:\windows\system32\ati3duag.dll
2011-10-26 01:58 . 2011-03-05 05:43 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-10-26 01:44 . 2008-04-14 00:11 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-10-26 01:44 . 2010-06-28 23:24 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:43 . 2010-06-28 23:24 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:43 . 2010-06-28 23:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43 . 2010-06-28 23:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:43 . 2010-06-28 23:24 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-10-26 01:42 . 2010-06-28 23:24 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-26 01:40 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39 . 2010-06-28 23:24 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 01:35 . 2010-06-28 23:24 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-10-26 01:34 . 2010-06-28 23:24 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-10-26 01:30 . 2010-06-28 23:24 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:30 . 2010-06-28 23:24 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-10-26 01:25 . 2010-06-28 23:24 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:25 . 2010-06-28 23:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-26 01:24 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24 . 2008-04-14 00:11 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-06-28 21:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 14:16 . 2011-03-24 14:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-17_18.31.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 01:46 . 2011-12-19 01:46 16384 c:\windows\Temp\Perflib_Perfdata_e2c.dat
+ 2011-12-19 01:45 . 2011-12-19 01:45 16384 c:\windows\Temp\Perflib_Perfdata_9cc.dat
+ 2006-02-28 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2011-12-19 00:57 . 2010-10-03 17:12 170740 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-10-27 09:27 141104 ----a-w- c:\program files\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 98304]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [2011-10-27 192816]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\documents and settings\Jason\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-5-4 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-04-01 21:40 172336 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\documents and settings\Jason\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]
2009-10-15 19:11 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-31 17:50 136176 ----atw- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1311907128\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-10-24 21:51 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-07-12 07:45 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 21:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-04 18:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1311907128\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\MapEditor.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Apps\\2.0\\56CG50ML.630\\HC6AJK9W.748\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
"5910:TCP"= 5910:TCP:*:Disabled:vnc5910
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2011 2:02 PM 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/5/2011 7:59 AM 28552]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/15/2009 2:11 PM 223464]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [5/17/2010 1:24 PM 308592]
S0 ykyhr;ykyhr;c:\windows\system32\drivers\rkhvnit.sys --> c:\windows\system32\drivers\rkhvnit.sys [?]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/23/2010 5:39 AM 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Jason\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [4/7/2011 4:37 PM 560848]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152]
S2 USmsServ;Desktop Window Manager Sessions Manager;c:\windows\Desktop Manager\dwm.exe --> c:\windows\Desktop Manager\dwm.exe [?]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [2/28/2006 7:00 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/13/2010 11:07 PM 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/14/2010 12:19 AM 9216]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/2/2011 7:49 AM 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/13/2010 3:18 PM 22216]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 10:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 10:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 10:44 AM 16696]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [1/29/2007 7:40 AM 449408]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [7/12/2011 2:45 AM 152576]
S3 tvnserver;TightVNC Server;c:\documents and settings\Jason\Local Settings\Application Data\CrossLoop\tvnserver.exe [4/7/2011 4:37 PM 814080]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8/2/2011 7:35 PM 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8/2/2011 7:35 PM 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/13/2010 3:18 PM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 19:04]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1935655697-725345543-1003Core.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 17:50]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1935655697-725345543-1003UA.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\neyto10q.default\
FF - prefs.js: browser.search.selectedEngine - Plus! Network
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-mGiJpKILEPL.exe - c:\documents and settings\All Users\Application Data\mGiJpKILEPL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AAJS-22WAA0 rev.58.01D58 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AD9F2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-1935655697-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,95,39,05,9b,a3,c7,38,1e,5b,ee,05,d3,56,87,54,4d,af,86,44,2e,3c,8a,
e9,37,d3,d3,0d,44,9d,7a,73,ba,85,6a,ec,2f,9a,df,88,92,1f,ac,fa,fb,45,cf,62,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
.
[HKEY_USERS\S-1-5-21-790525478-1935655697-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,1f,a8,f4,f7,4e,a8,68,56,4b,0d,10,fb,e0,c9,e0,4f,b0,08,bb,e0,
e5,e2,85,91,eb,27,bb,f5,5b,0f,78,60,06,12,5a,29,95,56,dc,ee,a5,2f,38,83,6e,\
"rkeysecu"=hex:ca,2b,4c,cd,91,9d,df,97,e5,c5,3b,4c,ab,05,04,90
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\WININET.dll
.
Completion time: 2011-12-18 21:04:19
ComboFix-quarantined-files.txt 2011-12-19 02:04
ComboFix2.txt 2011-12-19 00:28
ComboFix3.txt 2011-12-17 18:35
ComboFix4.txt 2011-12-14 18:17
ComboFix5.txt 2011-12-19 01:48
.
Pre-Run: 51,220,140,032 bytes free
Post-Run: 51,496,775,680 bytes free
.
- - End Of File - - 6BCE30E97146D6388FB3F278F0E7C3F7

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 18 December 2011 - 09:11 PM

Yes I do want you to run TDSSKiller
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 09:17 PM

As requested:


21:11:39.0507 1792 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:11:39.0820 1792 ============================================================
21:11:39.0820 1792 Current date / time: 2011/12/18 21:11:39.0820
21:11:39.0820 1792 SystemInfo:
21:11:39.0820 1792
21:11:39.0820 1792 OS Version: 5.1.2600 ServicePack: 3.0
21:11:39.0820 1792 Product type: Workstation
21:11:39.0820 1792 ComputerName: JHOME
21:11:39.0820 1792 UserName: Jason
21:11:39.0820 1792 Windows directory: C:\WINDOWS
21:11:39.0820 1792 System windows directory: C:\WINDOWS
21:11:39.0820 1792 Processor architecture: Intel x86
21:11:39.0820 1792 Number of processors: 4
21:11:39.0820 1792 Page size: 0x1000
21:11:39.0820 1792 Boot type: Normal boot
21:11:39.0820 1792 ============================================================
21:11:43.0632 1792 Initialize success
21:12:02.0458 3572 ============================================================
21:12:02.0458 3572 Scan started
21:12:02.0458 3572 Mode: Manual;
21:12:02.0458 3572 ============================================================
21:12:03.0817 3572 Abiosdsk - ok
21:12:03.0849 3572 abp480n5 - ok
21:12:03.0911 3572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:12:03.0911 3572 ACPI - ok
21:12:03.0989 3572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:12:03.0989 3572 ACPIEC - ok
21:12:04.0020 3572 adpu160m - ok
21:12:04.0083 3572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:12:04.0083 3572 aec - ok
21:12:04.0161 3572 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:12:04.0161 3572 AFD - ok
21:12:04.0192 3572 Aha154x - ok
21:12:04.0255 3572 aic78u2 - ok
21:12:04.0286 3572 aic78xx - ok
21:12:05.0192 3572 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:12:05.0208 3572 ALCXWDM - ok
21:12:05.0442 3572 AliIde - ok
21:12:05.0770 3572 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:12:05.0786 3572 Ambfilt - ok
21:12:05.0848 3572 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
21:12:05.0848 3572 AmdPPM - ok
21:12:05.0864 3572 amsint - ok
21:12:05.0926 3572 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:12:05.0926 3572 Arp1394 - ok
21:12:05.0942 3572 asc - ok
21:12:05.0973 3572 asc3350p - ok
21:12:06.0005 3572 asc3550 - ok
21:12:06.0083 3572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:12:06.0083 3572 AsyncMac - ok
21:12:06.0098 3572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:12:06.0098 3572 atapi - ok
21:12:06.0114 3572 Atdisk - ok
21:12:06.0301 3572 ati2mtag (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:12:06.0333 3572 ati2mtag - ok
21:12:06.0348 3572 AtiHDAudioService - ok
21:12:06.0395 3572 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:12:06.0395 3572 AtiHdmiService - ok
21:12:06.0442 3572 ATITool (d4ed96ac2fafee2c697436b9a2871cd3) C:\WINDOWS\system32\DRIVERS\ATITool.sys
21:12:06.0442 3572 ATITool - ok
21:12:06.0473 3572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:12:06.0473 3572 Atmarpc - ok
21:12:06.0505 3572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:12:06.0505 3572 audstub - ok
21:12:06.0551 3572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:12:06.0551 3572 Beep - ok
21:12:06.0723 3572 catchme - ok
21:12:06.0755 3572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:12:06.0755 3572 cbidf2k - ok
21:12:06.0770 3572 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:12:06.0770 3572 CCDECODE - ok
21:12:06.0786 3572 cd20xrnt - ok
21:12:06.0817 3572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:12:06.0817 3572 Cdaudio - ok
21:12:06.0864 3572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:12:06.0864 3572 Cdfs - ok
21:12:06.0911 3572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:12:06.0911 3572 Cdrom - ok
21:12:06.0926 3572 Changer - ok
21:12:06.0942 3572 CmdIde - ok
21:12:06.0958 3572 Cpqarray - ok
21:12:06.0973 3572 dac2w2k - ok
21:12:06.0973 3572 dac960nt - ok
21:12:07.0020 3572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:12:07.0020 3572 Disk - ok
21:12:07.0083 3572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:12:07.0083 3572 dmboot - ok
21:12:07.0114 3572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:12:07.0114 3572 dmio - ok
21:12:07.0145 3572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:12:07.0145 3572 dmload - ok
21:12:07.0176 3572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:12:07.0176 3572 DMusic - ok
21:12:07.0192 3572 dpti2o - ok
21:12:07.0208 3572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:12:07.0208 3572 drmkaud - ok
21:12:07.0239 3572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:12:07.0239 3572 Fastfat - ok
21:12:07.0254 3572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:12:07.0254 3572 Fdc - ok
21:12:07.0301 3572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:12:07.0301 3572 Fips - ok
21:12:07.0379 3572 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
21:12:07.0379 3572 FLASHSYS - ok
21:12:07.0411 3572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:12:07.0411 3572 Flpydisk - ok
21:12:07.0458 3572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:12:07.0458 3572 FltMgr - ok
21:12:07.0504 3572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:12:07.0504 3572 Fs_Rec - ok
21:12:07.0520 3572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:12:07.0520 3572 Ftdisk - ok
21:12:07.0567 3572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:12:07.0567 3572 Gpc - ok
21:12:07.0614 3572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:12:07.0614 3572 HDAudBus - ok
21:12:07.0661 3572 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:12:07.0661 3572 hidusb - ok
21:12:07.0661 3572 hpn - ok
21:12:07.0754 3572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:12:07.0754 3572 HTTP - ok
21:12:07.0754 3572 i2omgmt - ok
21:12:07.0770 3572 i2omp - ok
21:12:07.0786 3572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:12:07.0786 3572 i8042prt - ok
21:12:07.0801 3572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:12:07.0801 3572 Imapi - ok
21:12:07.0801 3572 ini910u - ok
21:12:07.0989 3572 IntcAzAudAddService (988a112c4061f309ce9c1abfc971d001) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:12:08.0004 3572 IntcAzAudAddService - ok
21:12:08.0020 3572 IntelIde - ok
21:12:08.0051 3572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:12:08.0051 3572 Ip6Fw - ok
21:12:08.0082 3572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:12:08.0082 3572 IpFilterDriver - ok
21:12:08.0114 3572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:12:08.0114 3572 IpInIp - ok
21:12:08.0129 3572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:12:08.0129 3572 IpNat - ok
21:12:08.0145 3572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:12:08.0145 3572 IPSec - ok
21:12:08.0161 3572 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:12:08.0161 3572 irda - ok
21:12:08.0192 3572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:12:08.0192 3572 IRENUM - ok
21:12:08.0223 3572 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
21:12:08.0223 3572 irsir - ok
21:12:08.0239 3572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:12:08.0239 3572 isapnp - ok
21:12:08.0254 3572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:12:08.0254 3572 Kbdclass - ok
21:12:08.0301 3572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:12:08.0301 3572 kbdhid - ok
21:12:08.0317 3572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:12:08.0317 3572 kmixer - ok
21:12:08.0348 3572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:12:08.0348 3572 KSecDD - ok
21:12:08.0457 3572 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
21:12:08.0457 3572 Lavasoft Kernexplorer - ok
21:12:08.0489 3572 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:12:08.0504 3572 Lbd - ok
21:12:08.0504 3572 lbrtfdc - ok
21:12:08.0520 3572 LVRS - ok
21:12:08.0551 3572 LVUSBSta (a07e5d2c7a6f3f0665c479a98e8034d4) C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:12:08.0551 3572 LVUSBSta - ok
21:12:08.0567 3572 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:12:08.0567 3572 MBAMProtector - ok
21:12:08.0614 3572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:12:08.0614 3572 mnmdd - ok
21:12:08.0661 3572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:12:08.0661 3572 Modem - ok
21:12:08.0754 3572 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
21:12:08.0754 3572 Monfilt - ok
21:12:08.0770 3572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:12:08.0770 3572 Mouclass - ok
21:12:08.0801 3572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:12:08.0801 3572 mouhid - ok
21:12:08.0832 3572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:12:08.0848 3572 MountMgr - ok
21:12:08.0848 3572 mraid35x - ok
21:12:08.0895 3572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:12:08.0895 3572 MRxDAV - ok
21:12:08.0957 3572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:12:08.0957 3572 MRxSmb - ok
21:12:08.0989 3572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:12:08.0989 3572 Msfs - ok
21:12:09.0067 3572 MSILiveVirtualCamera (2f51c135ac2b81f5242c20a47c307cbe) C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys
21:12:09.0067 3572 MSILiveVirtualCamera - ok
21:12:09.0239 3572 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
21:12:09.0239 3572 MSI_DVD_010507 - ok
21:12:09.0301 3572 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
21:12:09.0301 3572 MSI_MSIBIOS_010507 - ok
21:12:09.0348 3572 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
21:12:09.0348 3572 MSI_VGASYS_010507 - ok
21:12:09.0379 3572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:12:09.0379 3572 MSKSSRV - ok
21:12:09.0457 3572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:12:09.0457 3572 MSPCLOCK - ok
21:12:09.0504 3572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:12:09.0504 3572 MSPQM - ok
21:12:09.0567 3572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:12:09.0567 3572 mssmbios - ok
21:12:09.0614 3572 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:12:09.0614 3572 MSTEE - ok
21:12:09.0676 3572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:12:09.0676 3572 Mup - ok
21:12:09.0754 3572 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:12:09.0754 3572 NABTSFEC - ok
21:12:09.0848 3572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:12:09.0864 3572 NDIS - ok
21:12:09.0895 3572 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:12:09.0895 3572 NdisIP - ok
21:12:09.0973 3572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:12:09.0973 3572 NdisTapi - ok
21:12:10.0051 3572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:12:10.0051 3572 Ndisuio - ok
21:12:10.0098 3572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:12:10.0098 3572 NdisWan - ok
21:12:10.0160 3572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:12:10.0160 3572 NDProxy - ok
21:12:10.0239 3572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:12:10.0239 3572 NetBIOS - ok
21:12:10.0332 3572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:12:10.0332 3572 NetBT - ok
21:12:10.0379 3572 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:12:10.0379 3572 NIC1394 - ok
21:12:10.0442 3572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:12:10.0442 3572 Npfs - ok
21:12:10.0645 3572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:12:10.0645 3572 Ntfs - ok
21:12:10.0707 3572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:12:10.0707 3572 Null - ok
21:12:10.0817 3572 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:12:10.0817 3572 nvata - ok
21:12:10.0879 3572 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:12:10.0879 3572 NVENETFD - ok
21:12:10.0942 3572 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:12:10.0942 3572 nvnetbus - ok
21:12:10.0988 3572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:12:11.0004 3572 NwlnkFlt - ok
21:12:11.0035 3572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:12:11.0035 3572 NwlnkFwd - ok
21:12:11.0082 3572 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:12:11.0082 3572 ohci1394 - ok
21:12:11.0160 3572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:12:11.0160 3572 Parport - ok
21:12:11.0207 3572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:12:11.0207 3572 PartMgr - ok
21:12:11.0285 3572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:12:11.0285 3572 ParVdm - ok
21:12:11.0348 3572 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
21:12:11.0348 3572 pavboot - ok
21:12:11.0410 3572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:12:11.0410 3572 PCI - ok
21:12:11.0442 3572 PCIDump - ok
21:12:11.0488 3572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:12:11.0488 3572 PCIIde - ok
21:12:11.0551 3572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:12:11.0551 3572 Pcmcia - ok
21:12:11.0567 3572 PDCOMP - ok
21:12:11.0582 3572 PDFRAME - ok
21:12:11.0660 3572 PDRELI - ok
21:12:11.0660 3572 PDRFRAME - ok
21:12:11.0801 3572 pepifilter (0896002d1efcd08859a41c9db34ad84c) C:\WINDOWS\system32\DRIVERS\lv302af.sys
21:12:11.0801 3572 pepifilter - ok
21:12:11.0879 3572 perc2 - ok
21:12:11.0895 3572 perc2hib - ok
21:12:11.0957 3572 PID_0920 (2f81e367875c5d7d6f05454ba84d27a9) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
21:12:11.0973 3572 PID_0920 - ok
21:12:12.0301 3572 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
21:12:12.0301 3572 PID_PEPI - ok
21:12:12.0410 3572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:12:12.0410 3572 PptpMiniport - ok
21:12:12.0426 3572 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:12:12.0426 3572 Processor - ok
21:12:12.0426 3572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:12:12.0426 3572 PSched - ok
21:12:12.0504 3572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:12:12.0504 3572 Ptilink - ok
21:12:12.0566 3572 ql1080 - ok
21:12:12.0613 3572 Ql10wnt - ok
21:12:12.0629 3572 ql12160 - ok
21:12:12.0629 3572 ql1240 - ok
21:12:12.0645 3572 ql1280 - ok
21:12:12.0660 3572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:12:12.0660 3572 RasAcd - ok
21:12:12.0707 3572 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:12:12.0707 3572 Rasirda - ok
21:12:12.0738 3572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:12:12.0738 3572 Rasl2tp - ok
21:12:12.0754 3572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:12:12.0754 3572 RasPppoe - ok
21:12:12.0770 3572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:12:12.0770 3572 Raspti - ok
21:12:12.0832 3572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:12:12.0832 3572 Rdbss - ok
21:12:12.0910 3572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:12:12.0910 3572 RDPCDD - ok
21:12:12.0941 3572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:12:12.0957 3572 rdpdr - ok
21:12:12.0988 3572 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:12:12.0988 3572 RDPWD - ok
21:12:13.0051 3572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:12:13.0051 3572 redbook - ok
21:12:13.0176 3572 RTLE8023xp (bc34024636b0b47f6bbf96da525e307a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:12:13.0176 3572 RTLE8023xp - ok
21:12:13.0238 3572 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
21:12:13.0238 3572 SCDEmu - ok
21:12:13.0301 3572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:12:13.0301 3572 Secdrv - ok
21:12:13.0348 3572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:12:13.0348 3572 serenum - ok
21:12:13.0410 3572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:12:13.0410 3572 Serial - ok
21:12:13.0457 3572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:12:13.0457 3572 Sfloppy - ok
21:12:13.0488 3572 Simbad - ok
21:12:13.0598 3572 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:12:13.0598 3572 SLIP - ok
21:12:13.0644 3572 Sparrow - ok
21:12:13.0707 3572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:12:13.0723 3572 splitter - ok
21:12:13.0801 3572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:12:13.0801 3572 sr - ok
21:12:13.0894 3572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:12:13.0894 3572 Srv - ok
21:12:13.0926 3572 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:12:13.0926 3572 streamip - ok
21:12:13.0988 3572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:12:13.0988 3572 swenum - ok
21:12:14.0019 3572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:12:14.0019 3572 swmidi - ok
21:12:14.0051 3572 symc810 - ok
21:12:14.0051 3572 symc8xx - ok
21:12:14.0066 3572 sym_hi - ok
21:12:14.0082 3572 sym_u3 - ok
21:12:14.0113 3572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:12:14.0113 3572 sysaudio - ok
21:12:14.0160 3572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:12:14.0160 3572 Tcpip - ok
21:12:14.0207 3572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:12:14.0207 3572 TDPIPE - ok
21:12:14.0238 3572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:12:14.0238 3572 TDTCP - ok
21:12:14.0269 3572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:12:14.0269 3572 TermDD - ok
21:12:14.0269 3572 TosIde - ok
21:12:14.0316 3572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:12:14.0316 3572 Udfs - ok
21:12:14.0316 3572 ultra - ok
21:12:14.0379 3572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:12:14.0379 3572 Update - ok
21:12:14.0410 3572 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:12:14.0410 3572 usbaudio - ok
21:12:14.0457 3572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:12:14.0457 3572 usbccgp - ok
21:12:14.0473 3572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:12:14.0473 3572 usbehci - ok
21:12:14.0488 3572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:12:14.0488 3572 usbhub - ok
21:12:14.0519 3572 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:12:14.0519 3572 usbohci - ok
21:12:14.0551 3572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:12:14.0551 3572 usbprint - ok
21:12:14.0582 3572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:12:14.0582 3572 usbscan - ok
21:12:14.0597 3572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:12:14.0597 3572 USBSTOR - ok
21:12:14.0629 3572 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:12:14.0629 3572 usbvideo - ok
21:12:14.0644 3572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:12:14.0644 3572 VgaSave - ok
21:12:14.0660 3572 ViaIde - ok
21:12:14.0722 3572 VMUVC (0f0cfdb1ebff88ab998003c65cd79b4b) C:\WINDOWS\system32\Drivers\VMUVC.sys
21:12:14.0722 3572 VMUVC - ok
21:12:14.0738 3572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:12:14.0738 3572 VolSnap - ok
21:12:14.0785 3572 vvftUVC (d3ee7cc6b0c29083a874db9d890bceb5) C:\WINDOWS\system32\drivers\vvftUVC.sys
21:12:14.0785 3572 vvftUVC - ok
21:12:14.0801 3572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:12:14.0801 3572 Wanarp - ok
21:12:14.0816 3572 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:12:14.0816 3572 wanatw - ok
21:12:14.0832 3572 WDICA - ok
21:12:14.0847 3572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:12:14.0847 3572 wdmaud - ok
21:12:14.0894 3572 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
21:12:14.0894 3572 WmBEnum - ok
21:12:14.0910 3572 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
21:12:14.0910 3572 WmFilter - ok
21:12:14.0957 3572 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:12:14.0957 3572 WmiAcpi - ok
21:12:14.0972 3572 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
21:12:14.0972 3572 WmVirHid - ok
21:12:15.0004 3572 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
21:12:15.0004 3572 WmXlCore - ok
21:12:15.0035 3572 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:12:15.0035 3572 WpdUsb - ok
21:12:15.0066 3572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:12:15.0066 3572 WS2IFSL - ok
21:12:15.0097 3572 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:12:15.0097 3572 WSTCODEC - ok
21:12:15.0144 3572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:12:15.0160 3572 WudfPf - ok
21:12:15.0176 3572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:12:15.0176 3572 WudfRd - ok
21:12:15.0191 3572 ykyhr - ok
21:12:15.0222 3572 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
21:12:15.0222 3572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:12:15.0222 3572 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:12:15.0410 3572 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
21:12:16.0550 3572 \Device\Harddisk1\DR2 - ok
21:12:16.0566 3572 Boot (0x1200) (4d9495f893a4bb8f562937679d3888c6) \Device\Harddisk0\DR0\Partition0
21:12:16.0566 3572 \Device\Harddisk0\DR0\Partition0 - ok
21:12:17.0660 3572 Boot (0x1200) (e5c5d8b136cf9894abc9e1f7a5b0510e) \Device\Harddisk1\DR2\Partition0
21:12:17.0707 3572 \Device\Harddisk1\DR2\Partition0 - ok
21:12:17.0707 3572 ============================================================
21:12:17.0707 3572 Scan finished
21:12:17.0707 3572 ============================================================
21:12:17.0707 3952 Detected object count: 1
21:12:17.0707 3952 Actual detected object count: 1
21:12:23.0612 3952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:12:23.0612 3952 \Device\Harddisk0\DR0 - ok
21:12:23.0612 3952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:12:37.0877 1784 Deinitialize success

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 18 December 2011 - 09:35 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jay.birch

jay.birch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 18 December 2011 - 09:59 PM

Had no prompt to restart. Log below, as requested. As for how the computer is running, unsure. Still duplicate iexplore processes running but generally seems more stable. I cannot say for 100% certainty that I left the forum window open but think I did. Upon coming back to the PC, IE was gone.

Log:

ComboFix 11-12-18.02 - Jason 12/18/2011 21:47:20.9.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2820 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-17 18:06 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-17 16:30 . 2011-12-17 16:30 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\Skyrim
2011-12-17 16:28 . 2011-12-17 16:28 -------- d-----w- c:\documents and settings\JR\Application Data\adawaretb
2011-12-17 16:28 . 2011-12-17 16:28 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\adaware
2011-12-14 17:50 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-13 18:45 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-12 20:21 . 2011-12-12 19:04 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-12 19:05 . 2011-12-12 19:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-12 19:04 . 2011-12-12 19:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\adaware
2011-12-12 19:02 . 2011-12-19 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-12 19:02 . 2011-12-15 08:51 -------- d-----w- c:\documents and settings\Jason\Application Data\adawaretb
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\adawaretb
2011-12-12 19:02 . 2011-12-02 12:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-12-12 19:02 . 2011-12-12 19:02 -------- d-----w- c:\program files\Lavasoft
2011-12-12 18:22 . 2011-12-12 18:22 -------- d-sh--w- c:\documents and settings\Jason\IECompatCache
2011-12-12 16:30 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-12 12:57 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-11 05:48 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-11 03:46 . 2011-12-12 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-11 03:46 . 2011-12-11 03:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-10 23:10 . 2011-12-10 23:10 -------- d-----w- c:\documents and settings\JR\Application Data\Malwarebytes
2011-12-10 23:09 . 2011-12-10 23:09 -------- d-----w- c:\documents and settings\JR\Local Settings\Application Data\AOL
2011-12-09 23:47 . 2011-12-09 23:47 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Messenger_Plus_Live
2011-12-09 23:37 . 2011-12-09 23:37 -------- d-----w- c:\documents and settings\Jason\AppData
2011-12-09 23:37 . 2011-12-09 23:53 -------- d-----w- c:\program files\BrowserCompanion
2011-12-09 23:37 . 2011-12-10 04:31 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Linkury
2011-12-02 06:12 . 2011-12-02 06:12 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Skyrim
2011-12-02 05:53 . 2011-12-18 15:54 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2011-11-28 20:29 . 2011-12-10 17:21 -------- d-----w- c:\documents and settings\Jason\Application Data\Ulzak
2011-11-28 20:29 . 2011-12-10 03:21 -------- d-----w- c:\documents and settings\Jason\Application Data\Asew
2011-11-25 15:42 . 2011-11-25 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-11-25 15:39 . 2011-11-25 15:39 -------- d-----w- c:\program files\AMD APP
2011-11-25 15:30 . 2011-11-25 15:30 -------- d-----w- c:\documents and settings\Jason\Application Data\Unity
2011-11-25 15:27 . 2011-11-25 15:27 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 01:03 . 2011-07-10 18:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 02:09 . 2010-09-01 13:51 140496 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-14 02:09 . 2010-09-01 16:55 280736 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-14 02:09 . 2010-09-01 13:50 280736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-10 03:46 . 2010-09-01 13:50 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 03:01 . 2010-06-28 19:13 7412736 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:59 . 2010-06-28 23:24 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-10-26 02:30 . 2010-06-28 23:24 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-10-26 02:30 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-10-26 02:27 . 2010-06-28 23:24 5890048 ----a-w- c:\windows\system32\aticaldd.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-26 02:21 . 2011-10-26 02:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-26 02:20 . 2011-10-26 02:20 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-26 02:16 . 2010-06-28 23:24 18968576 ----a-w- c:\windows\system32\atioglxx.dll
2011-10-26 02:06 . 2010-06-28 23:24 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:04 . 2008-04-14 00:11 304128 ----a-w- c:\windows\system32\ati2dvag.dll
2011-10-26 02:04 . 2008-04-14 00:11 4004864 ----a-w- c:\windows\system32\ati3duag.dll
2011-10-26 01:58 . 2011-03-05 05:43 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-10-26 01:44 . 2008-04-14 00:11 3286400 ----a-w- c:\windows\system32\ativvaxx.dll
2011-10-26 01:44 . 2010-06-28 23:24 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-10-26 01:43 . 2010-06-28 23:24 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-10-26 01:43 . 2010-06-28 23:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43 . 2010-06-28 23:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-10-26 01:43 . 2010-06-28 23:24 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-10-26 01:42 . 2010-06-28 23:24 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-10-26 01:40 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39 . 2010-06-28 23:24 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 01:35 . 2010-06-28 23:24 806912 ----a-w- c:\windows\system32\atikvmag.dll
2011-10-26 01:34 . 2010-06-28 23:24 499712 ----a-w- c:\windows\system32\atiok3x2.dll
2011-10-26 01:30 . 2010-06-28 23:24 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:30 . 2010-06-28 23:24 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-10-26 01:25 . 2010-06-28 23:24 65024 ----a-w- c:\windows\system32\atimpc32.dll
2011-10-26 01:25 . 2010-06-28 23:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2011-10-26 01:24 . 2010-06-28 23:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24 . 2008-04-14 00:11 884736 ----a-w- c:\windows\system32\ati2cqag.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-06-28 21:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 14:16 . 2011-03-24 14:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-17_18.31.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 02:14 . 2011-12-19 02:14 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2006-02-28 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2011-12-19 00:57 . 2010-10-03 17:12 170740 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-10-27 09:27 141104 ----a-w- c:\program files\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 98304]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [2011-10-27 192816]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\documents and settings\Jason\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-5-4 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-04-01 21:40 172336 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\documents and settings\Jason\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]
2009-10-15 19:11 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-31 17:50 136176 ----atw- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1311907128\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-10-24 21:51 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-07-12 07:45 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 21:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-04 18:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1311907128\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\Stronghold3.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 3\\bin\\win32_release\\MapEditor.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Apps\\2.0\\56CG50ML.630\\HC6AJK9W.748\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
"5910:TCP"= 5910:TCP:*:Disabled:vnc5910
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2011 2:02 PM 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/5/2011 7:59 AM 28552]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/15/2009 2:11 PM 223464]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [5/17/2010 1:24 PM 308592]
S0 ykyhr;ykyhr;c:\windows\system32\drivers\rkhvnit.sys --> c:\windows\system32\drivers\rkhvnit.sys [?]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/23/2010 5:39 AM 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Jason\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [4/7/2011 4:37 PM 560848]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152]
S2 USmsServ;Desktop Window Manager Sessions Manager;c:\windows\Desktop Manager\dwm.exe --> c:\windows\Desktop Manager\dwm.exe [?]
S2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe -k xmlpros [2/28/2006 7:00 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/13/2010 11:07 PM 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/14/2010 12:19 AM 9216]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/2/2011 7:49 AM 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/13/2010 3:18 PM 22216]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 10:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 10:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 10:44 AM 16696]
S3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [1/29/2007 7:40 AM 449408]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [7/12/2011 2:45 AM 152576]
S3 tvnserver;TightVNC Server;c:\documents and settings\Jason\Local Settings\Application Data\CrossLoop\tvnserver.exe [4/7/2011 4:37 PM 814080]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [8/2/2011 7:35 PM 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [8/2/2011 7:35 PM 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/13/2010 3:18 PM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 19:04]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1935655697-725345543-1003Core.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 17:50]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1935655697-725345543-1003UA.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-31 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 192.168.2.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\neyto10q.default\
FF - prefs.js: browser.search.selectedEngine - Plus! Network
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 21:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-1935655697-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,95,39,05,9b,a3,c7,38,1e,5b,ee,05,d3,56,87,54,4d,af,86,44,2e,3c,8a,
e9,37,d3,d3,0d,44,9d,7a,73,ba,85,6a,ec,2f,9a,df,88,92,1f,ac,fa,fb,45,cf,62,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
.
[HKEY_USERS\S-1-5-21-790525478-1935655697-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1b,1f,a8,f4,f7,4e,a8,68,56,4b,0d,10,fb,e0,c9,e0,4f,b0,08,bb,e0,
e5,e2,85,91,eb,27,bb,f5,5b,0f,78,60,06,12,5a,29,95,56,dc,ee,a5,2f,38,83,6e,\
"rkeysecu"=hex:ca,2b,4c,cd,91,9d,df,97,e5,c5,3b,4c,ab,05,04,90
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes3\deskscape.dll
.
Completion time: 2011-12-18 21:54:41
ComboFix-quarantined-files.txt 2011-12-19 02:54
ComboFix2.txt 2011-12-19 02:04
ComboFix3.txt 2011-12-19 00:28
ComboFix4.txt 2011-12-17 18:35
ComboFix5.txt 2011-12-19 02:46
.
Pre-Run: 51,482,365,952 bytes free
Post-Run: 51,503,607,808 bytes free
.
- - End Of File - - 27DB8378D2B48185E6A518E985BEC78D

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 18 December 2011 - 10:05 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users