Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CIPSearch (Google Hijacker) Can't Remove


  • This topic is locked This topic is locked
15 replies to this topic

#1 JxWilder

JxWilder

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 26 December 2011 - 06:01 PM

I have noticed that when I visit Google.com (using any browser... tried Safari, Internet Explorer, Firefox) and perform a search, some of the links do not take me where they should. When moused over they appear as "http://www.google.com/go?2415361". Once clicked, they open a link to cipsearch.net which redirects my search to some generic links page. I have tried to resolve this issue using AdAware - which appeared to detect and remove the item but, it still persists. McAfee antivirus did not even detect the issue. This has also appeared to interfere with my ability to login to Google Talk, it gives the error "Unable to authenticate to server."

I have attached the DDS Attached File  Attach.txt   12.5KB   0 downloads & GMER Attached File  GMER.log   139.01KB   0 downloads logs as well as pasted a copy of the DDS log below. Any assistance is greatly appreciated, I am brand new to posting in forums & hope I followed the procedure correctly. Thank you!

P.S. I just attempted to use Bing.com and received similar results.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Wilder at 16:13:28 on 2011-12-26
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2039.833 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Ad-Aware\AAWService.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\Dwm.exe
C:\Program Files\asus\SystemSetting\WallPaperAgent.exe
C:\windows\Explorer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Wilder\AppData\Local\dplaysvr.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Users\Wilder\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Ad-Aware\AAWTray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Safari\Safari.exe
C:\windows\system32\taskhost.exe
C:\Users\Wilder\Downloads\wh9lyujn.exe
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uWinlogon: Shell=c:\program files\asus\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111203104302.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: ASUS Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\asus\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [AdobeBridge]
uRun: [dplaysvr] c:\users\wilder\appdata\local\dplaysvr.exe
uRun: [googletalk] c:\users\wilder\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dplaysvr] c:\users\wilder\appdata\local\dplaysvr.exe
mRun: [HotKeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8DE8DBBE-C2F7-45D1-B214-06E647B3818D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8DE8DBBE-C2F7-45D1-B214-06E647B3818D}\2375942554930343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8DE8DBBE-C2F7-45D1-B214-06E647B3818D}\54C65667164756D253133433 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8DE8DBBE-C2F7-45D1-B214-06E647B3818D}\54C65667164756D253232334 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Hosts: 94.63.240.159 www.google.com
Hosts: 94.63.240.160 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wilder\appdata\roaming\mozilla\firefox\profiles\c19kra0x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-25 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-25 464176]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-25 165680]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-9-28 11448]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-11-30 65584]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-25 64880]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2009-10-26 219136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\ad-aware\AAWService.exe [2011-12-2 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-2 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-25 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-25 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-25 150856]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-25 57600]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-8-18 51712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-25 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-25 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-25 338176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-16 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\ad-aware\kernexplorer.sys [2011-12-2 15232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-25 87656]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-10-26 626688]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
.
=============== Created Last 30 ================
.
2011-12-26 20:01:52 -------- d-----w- c:\programdata\Citrix
2011-12-26 20:00:46 -------- d-----w- c:\users\wilder\appdata\roaming\ICAClient
2011-12-26 20:00:46 -------- d-----w- c:\users\wilder\appdata\local\Citrix
2011-12-26 19:58:52 -------- d-----w- c:\program files\Citrix
2011-12-26 06:31:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-26 04:23:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-26 04:12:15 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-26 04:11:47 -------- d-----w- c:\program files\Ad-Aware
2011-12-26 03:31:38 -------- d-----w- c:\windows\pss
2011-12-26 03:25:00 -------- d-----w- c:\program files\CCleaner
2011-12-26 01:30:35 -------- d-----w- c:\programdata\PC Tools
2011-12-21 20:04:02 32768 --sh--w- c:\users\wilder\appdata\local\dplayx.dll
2011-12-21 20:04:01 71168 --sh--w- c:\users\wilder\appdata\local\dplaysvr.exe
2011-12-21 17:05:31 -------- d-----w- c:\programdata\SmartSound Software Inc
2011-12-21 17:05:09 -------- d-----w- c:\programdata\eSellerate
2011-12-15 02:38:19 -------- d-----w- c:\users\wilder\appdata\roaming\AccurateRip
2011-12-15 02:38:16 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-12-15 02:37:53 -------- d-----w- c:\program files\Illustrate
.
==================== Find3M ====================
.
2011-11-17 00:20:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-18 20:29:38 28760 ----a-w- C:\ScriptFF.dll
2011-10-15 22:41:00 29784 ----a-w- c:\windows\system32\bass_fx.dll
2011-10-15 22:38:27 150520 ----a-w- c:\windows\system32\bass_aac.dll
2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:18:55.62 ===============

Edited by JxWilder, 26 December 2011 - 06:03 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 01 January 2012 - 03:03 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 04 January 2012 - 11:23 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 JxWilder

JxWilder
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 07 January 2012 - 01:10 AM

Hi, I will attempt your instructions this evening and let you know the results tomorrow. Thanks.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 07 January 2012 - 01:14 AM

Very well and I will see you later



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 JxWilder

JxWilder
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 07 January 2012 - 10:59 AM

Was ComboFix intended to resolve the problem? It appears that it might have. After running the program I did a search I've known returns hijacked links... and all the links actually took me to the real websites. In any event & in case there are additional steps to ensure removal, I have included the log & any errors/notifications I received (in the order received) below.


Thanks...

Error 1:

Error Opening file for writing:

C:\32788R22FWJFW\pev.3XE

Click Abort to stop the installation,
Rertry to try again, or
Ignore to skip this file.

pev.3XE has stopped working
Problem Event Name: APPCRASH
Application Name: pev.3XE
Application Version: 0.0.0.0
Application Timestamp: 4e06cfe8
Fault Module Name: pev.3XE
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4e06cfe8
Exception Code: 40000015
Exception Offset: 0008d1c0
OS Version: 6.1.7601.2.1.0.768.11
Locale ID: 1033
Additional Information 1: 2c21
Additional Information 2: 2c21cfae0879cb34f543f9a992b969e2
Additional Information 3: 53f7
Additional Information 4: 53f7a181f3d42749a05b618d88e76d23


Notification 1:

You are infected with Rootkit.ZeroAccess! It has inserted itself into the
tcp/ip stack. This is a particularly difficult infection.

If for any reason that you're unable to connect to the internet after running
ComboFix, reboot once and see if that fixes it.

If it's not fixed, run ComboFix one more time.


Error 2:

pev.3XE has stopped working


Log File:

ComboFix 12-01-06.03 - Wilder 01/07/2012 1:22.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2039.1383 [GMT -6:00]
Running from: c:\users\Wilder\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\$NtUninstallKB55424$\1261206901
c:\windows\$NtUninstallKB55424$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 07:51 . 2012-01-07 08:01 -------- d-----w- c:\users\Wilder\AppData\Local\temp
2012-01-07 07:51 . 2012-01-07 07:51 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-01-07 07:51 . 2012-01-07 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-07 07:15 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-01 19:01 . 2012-01-01 19:01 -------- d-----w-ogramData c:\windows\system32\ROGRAM~1
2011-12-28 14:59 . 2011-12-28 14:59 -------- d-----w- c:\program files\iPod
2011-12-28 14:59 . 2011-12-28 15:03 -------- d-----w- c:\program files\iTunes
2011-12-28 02:18 . 2011-12-28 02:18 -------- d-----w- c:\users\Wilder\AppData\Roaming\K-Meleon
2011-12-28 02:17 . 2011-12-28 02:32 -------- d-----w- c:\program files\K-Meleon
2011-12-26 20:01 . 2011-12-26 20:01 -------- d-----w- c:\programdata\Citrix
2011-12-26 20:00 . 2011-12-26 20:00 -------- d-----w- c:\users\Wilder\AppData\Roaming\ICAClient
2011-12-26 20:00 . 2011-12-26 20:00 -------- d-----w- c:\users\Wilder\AppData\Local\Citrix
2011-12-26 19:58 . 2011-12-26 19:58 -------- d-----w- c:\program files\Citrix
2011-12-26 06:31 . 2011-12-26 04:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-26 04:23 . 2011-12-26 04:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-26 04:12 . 2011-12-02 13:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-26 04:11 . 2011-12-26 20:08 -------- d-----w- c:\program files\Ad-Aware
2011-12-26 04:11 . 2011-12-26 04:12 -------- d-----w- c:\programdata\Lavasoft
2011-12-26 03:25 . 2011-12-26 03:25 -------- d-----w- c:\program files\CCleaner
2011-12-26 01:30 . 2011-12-26 03:52 -------- d-----w- c:\programdata\PC Tools
2011-12-21 17:40 . 2011-12-21 17:40 -------- d-----w- c:\users\Public\CyberLink
2011-12-21 17:21 . 2011-12-21 17:37 -------- d-----w- c:\users\Wilder\AppData\Roaming\CyberLink
2011-12-21 17:21 . 2011-12-21 20:58 -------- d-----w- c:\programdata\CyberLink
2011-12-21 17:05 . 2011-12-25 17:09 -------- d-----w- c:\programdata\SmartSound Software Inc
2011-12-21 17:05 . 2011-12-21 17:05 -------- d-----w- c:\programdata\eSellerate
2011-12-15 02:38 . 2011-12-15 02:38 -------- d-----w- c:\users\Wilder\AppData\Roaming\AccurateRip
2011-12-15 02:38 . 2011-12-15 02:35 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-12-15 02:37 . 2011-12-15 02:37 -------- d-----w- c:\program files\Illustrate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 00:20 . 2011-06-01 23:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 20:32 . 2011-01-25 19:24 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-18 20:29 . 2011-09-23 03:08 28760 ----a-w- C:\ScriptFF.dll
2011-10-15 22:41 . 2011-10-15 22:40 29784 ----a-w- c:\windows\system32\bass_fx.dll
2011-10-15 22:38 . 2011-10-15 22:38 150520 ----a-w- c:\windows\system32\bass_aac.dll
2011-10-15 19:16 . 2011-01-25 19:25 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2011-01-25 19:24 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16 . 2011-01-25 19:24 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16 . 2011-01-25 19:24 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16 . 2011-01-25 19:24 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2011-01-25 19:24 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16 . 2011-01-25 19:24 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2011-01-25 19:24 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2011-01-25 19:24 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16 . 2011-01-25 19:24 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-12-01 19:56 . 2009-12-01 19:56 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-12-01 20:01 . 2009-12-01 20:01 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-12-01 19:59 . 2009-12-01 19:59 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-12-01 20:00 . 2009-12-01 20:00 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-12-01 20:00 . 2009-12-01 20:00 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-12-01 19:57 . 2009-12-01 19:57 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-12-01 20:00 . 2009-12-01 20:00 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-12-01 20:01 . 2009-12-01 20:01 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-11-30 21:30 . 2009-11-30 21:30 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-12-01 19:59 . 2009-12-01 19:59 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-12-21 07:24 . 2011-12-28 02:34 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-01-25 19:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Wilder\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-09-30 338096]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-29 2429]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-12-01 103768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-09-16 20:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 04:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-11-17 18:47 414384 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-09-11 626688]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-02 64512]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-11-30 65584]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Ad-Aware\AAWService.exe [2011-12-26 2152152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-18 150856]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Wilder\AppData\Roaming\Mozilla\Firefox\Profiles\7h71tx24.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\BitTorrentBar\tbBitT.dll
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\BitTorrentBar\tbBitT.dll
Toolbar-Locked - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\BitTorrentBar\tbBitT.dll
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - c:\program files\BitTorrentBar\tbBitT.dll
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3152)
c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Ad-Aware\AAWTray.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\McAfee\VirusScan\mcods.exe
.
**************************************************************************
.
Completion time: 2012-01-07 02:14:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 08:13
.
Pre-Run: 113,290,752,000 bytes free
Post-Run: 113,655,914,496 bytes free
.
- - End Of File - - BBF9EFAAF1B96C8ABD110CFCC175A9BC



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 07 January 2012 - 01:47 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JxWilder

JxWilder
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 07 January 2012 - 10:56 PM

Second Time....

Notification 1:

You are infected with Rootkit.ZeroAccess! It has inserted itself into the
tcp/ip stack. This is a particularly difficult infection.

If for any reason that you're unable to connect to the internet after running
ComboFix, reboot once and see if that fixes it.

If it's not fixed, run ComboFix one more time.


Log File:

ComboFix 12-01-06.03 - Wilder 01/07/2012 21:03:56.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2039.1365 [GMT -6:00]
Running from: c:\users\Wilder\Downloads\ComboFix.exe
Command switches used :: c:\users\Wilder\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB55424$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-08 03:37 . 2012-01-08 03:40 -------- d-----w- c:\users\Wilder\AppData\Local\temp
2012-01-08 03:37 . 2012-01-08 03:37 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-01-08 03:37 . 2012-01-08 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-08 02:57 . 2009-07-13 23:11 53760 ----a-w- c:\windows\system32\drivers\intelppm.sys
2012-01-07 07:15 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-01 19:01 . 2012-01-01 19:01 -------- d-----w-ogramData c:\windows\system32\ROGRAM~1
2011-12-28 14:59 . 2011-12-28 14:59 -------- d-----w- c:\program files\iPod
2011-12-28 14:59 . 2011-12-28 15:03 -------- d-----w- c:\program files\iTunes
2011-12-28 02:18 . 2011-12-28 02:18 -------- d-----w- c:\users\Wilder\AppData\Roaming\K-Meleon
2011-12-28 02:17 . 2011-12-28 02:32 -------- d-----w- c:\program files\K-Meleon
2011-12-26 20:01 . 2011-12-26 20:01 -------- d-----w- c:\programdata\Citrix
2011-12-26 20:00 . 2011-12-26 20:00 -------- d-----w- c:\users\Wilder\AppData\Roaming\ICAClient
2011-12-26 20:00 . 2011-12-26 20:00 -------- d-----w- c:\users\Wilder\AppData\Local\Citrix
2011-12-26 19:58 . 2011-12-26 19:58 -------- d-----w- c:\program files\Citrix
2011-12-26 06:31 . 2011-12-26 04:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-26 04:23 . 2011-12-26 04:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-26 04:12 . 2011-12-02 13:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-26 04:11 . 2011-12-26 20:08 -------- d-----w- c:\program files\Ad-Aware
2011-12-26 04:11 . 2011-12-26 04:12 -------- d-----w- c:\programdata\Lavasoft
2011-12-26 03:25 . 2011-12-26 03:25 -------- d-----w- c:\program files\CCleaner
2011-12-26 01:30 . 2011-12-26 03:52 -------- d-----w- c:\programdata\PC Tools
2011-12-21 17:40 . 2011-12-21 17:40 -------- d-----w- c:\users\Public\CyberLink
2011-12-21 17:21 . 2011-12-21 17:37 -------- d-----w- c:\users\Wilder\AppData\Roaming\CyberLink
2011-12-21 17:21 . 2011-12-21 20:58 -------- d-----w- c:\programdata\CyberLink
2011-12-21 17:05 . 2011-12-25 17:09 -------- d-----w- c:\programdata\SmartSound Software Inc
2011-12-21 17:05 . 2011-12-21 17:05 -------- d-----w- c:\programdata\eSellerate
2011-12-15 02:38 . 2011-12-15 02:38 -------- d-----w- c:\users\Wilder\AppData\Roaming\AccurateRip
2011-12-15 02:38 . 2011-12-15 02:35 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-12-15 02:37 . 2011-12-15 02:37 -------- d-----w- c:\program files\Illustrate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 00:20 . 2011-06-01 23:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 20:32 . 2011-01-25 19:24 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-18 20:29 . 2011-09-23 03:08 28760 ----a-w- C:\ScriptFF.dll
2011-10-15 22:41 . 2011-10-15 22:40 29784 ----a-w- c:\windows\system32\bass_fx.dll
2011-10-15 22:38 . 2011-10-15 22:38 150520 ----a-w- c:\windows\system32\bass_aac.dll
2011-10-15 19:16 . 2011-01-25 19:25 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2011-01-25 19:24 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 19:16 . 2011-01-25 19:24 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16 . 2011-01-25 19:24 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16 . 2011-01-25 19:24 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2011-01-25 19:24 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 19:16 . 2011-01-25 19:24 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2011-01-25 19:24 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2011-01-25 19:24 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16 . 2011-01-25 19:24 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-12-01 19:56 . 2009-12-01 19:56 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-12-01 20:01 . 2009-12-01 20:01 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-12-01 19:59 . 2009-12-01 19:59 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-12-01 20:00 . 2009-12-01 20:00 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-12-01 20:00 . 2009-12-01 20:00 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-12-01 19:57 . 2009-12-01 19:57 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-12-01 20:00 . 2009-12-01 20:00 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-12-01 20:01 . 2009-12-01 20:01 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-11-30 21:30 . 2009-11-30 21:30 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-12-01 19:59 . 2009-12-01 19:59 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-12-21 07:24 . 2011-12-28 02:34 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-01-25 19:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Wilder\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-09-30 338096]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-29 2429]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-12-01 103768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-09-16 20:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 04:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-11-17 18:47 414384 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-09-11 626688]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-02 64512]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-11-30 65584]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Ad-Aware\AAWService.exe [2011-12-26 2152152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-18 150856]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Wilder\AppData\Roaming\Mozilla\Firefox\Profiles\7h71tx24.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2568268273-2021400240-2522697960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2568268273-2021400240-2522697960-1000)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(960)
c:\users\Wilder\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Ad-Aware\AAWTray.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-07 21:51:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 03:51
ComboFix2.txt 2012-01-07 08:14
.
Pre-Run: 115,103,707,136 bytes free
Post-Run: 115,072,208,896 bytes free
.
- - End Of File - - 96B2410009CA4D8310D8E78D54CE2EBB



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 07 January 2012 - 11:37 PM

Hello

It is finding a folder but I don't think it is active

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JxWilder

JxWilder
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 08 January 2012 - 12:14 PM

11:05:06.0163 3720 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:05:08.0172 3720 ============================================================
11:05:08.0172 3720 Current date / time: 2012/01/08 11:05:08.0172
11:05:08.0172 3720 SystemInfo:
11:05:08.0172 3720
11:05:08.0172 3720 OS Version: 6.1.7601 ServicePack: 1.0
11:05:08.0173 3720 Product type: Workstation
11:05:08.0173 3720 ComputerName: JWILDER
11:05:08.0174 3720 UserName: Wilder
11:05:08.0174 3720 Windows directory: C:\windows
11:05:08.0174 3720 System windows directory: C:\windows
11:05:08.0174 3720 Processor architecture: Intel x86
11:05:08.0174 3720 Number of processors: 2
11:05:08.0174 3720 Page size: 0x1000
11:05:08.0174 3720 Boot type: Normal boot
11:05:08.0174 3720 ============================================================
11:05:09.0568 3720 Initialize success
11:05:20.0572 2732 ============================================================
11:05:20.0572 2732 Scan started
11:05:20.0572 2732 Mode: Manual;
11:05:20.0573 2732 ============================================================
11:05:21.0333 2732 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
11:05:21.0346 2732 1394ohci - ok
11:05:21.0417 2732 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
11:05:21.0425 2732 ACPI - ok
11:05:21.0552 2732 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
11:05:21.0557 2732 AcpiPmi - ok
11:05:21.0716 2732 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
11:05:21.0733 2732 adp94xx - ok
11:05:21.0870 2732 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
11:05:21.0884 2732 adpahci - ok
11:05:22.0021 2732 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
11:05:22.0029 2732 adpu320 - ok
11:05:22.0148 2732 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
11:05:22.0165 2732 AFD - ok
11:05:22.0240 2732 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
11:05:22.0248 2732 agp440 - ok
11:05:22.0378 2732 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
11:05:22.0385 2732 aic78xx - ok
11:05:22.0556 2732 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
11:05:22.0561 2732 aliide - ok
11:05:22.0612 2732 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
11:05:22.0619 2732 amdagp - ok
11:05:22.0770 2732 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
11:05:22.0775 2732 amdide - ok
11:05:22.0866 2732 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
11:05:22.0873 2732 AmdK8 - ok
11:05:22.0941 2732 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
11:05:22.0947 2732 AmdPPM - ok
11:05:23.0038 2732 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
11:05:23.0047 2732 amdsata - ok
11:05:23.0133 2732 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
11:05:23.0152 2732 amdsbs - ok
11:05:23.0224 2732 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
11:05:23.0231 2732 amdxata - ok
11:05:23.0350 2732 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
11:05:23.0357 2732 AppID - ok
11:05:23.0540 2732 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
11:05:23.0547 2732 arc - ok
11:05:23.0591 2732 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
11:05:23.0601 2732 arcsas - ok
11:05:23.0763 2732 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\windows\System32\DRIVERS\ASPI32.sys
11:05:23.0770 2732 ASPI - ok
11:05:23.0917 2732 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
11:05:23.0922 2732 AsUpIO - ok
11:05:24.0064 2732 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
11:05:24.0069 2732 AsyncMac - ok
11:05:24.0206 2732 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
11:05:24.0214 2732 atapi - ok
11:05:24.0328 2732 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
11:05:24.0375 2732 athr - ok
11:05:24.0557 2732 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
11:05:24.0576 2732 b06bdrv - ok
11:05:24.0701 2732 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
11:05:24.0712 2732 b57nd60x - ok
11:05:24.0792 2732 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
11:05:24.0797 2732 Beep - ok
11:05:24.0935 2732 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
11:05:24.0943 2732 blbdrive - ok
11:05:25.0095 2732 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
11:05:25.0105 2732 bowser - ok
11:05:25.0175 2732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
11:05:25.0179 2732 BrFiltLo - ok
11:05:25.0291 2732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
11:05:25.0300 2732 BrFiltUp - ok
11:05:25.0455 2732 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
11:05:25.0462 2732 BridgeMP - ok
11:05:25.0621 2732 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
11:05:25.0638 2732 Brserid - ok
11:05:25.0690 2732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
11:05:25.0697 2732 BrSerWdm - ok
11:05:25.0800 2732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
11:05:25.0807 2732 BrUsbMdm - ok
11:05:25.0850 2732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
11:05:25.0856 2732 BrUsbSer - ok
11:05:25.0989 2732 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
11:05:25.0996 2732 BthEnum - ok
11:05:26.0052 2732 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
11:05:26.0059 2732 BTHMODEM - ok
11:05:26.0191 2732 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
11:05:26.0199 2732 BthPan - ok
11:05:26.0303 2732 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
11:05:26.0320 2732 BTHPORT - ok
11:05:26.0420 2732 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
11:05:26.0427 2732 BTHUSB - ok
11:05:26.0525 2732 btwaudio - ok
11:05:26.0649 2732 btwavdt - ok
11:05:26.0703 2732 btwl2cap - ok
11:05:26.0803 2732 btwrchid - ok
11:05:26.0905 2732 catchme - ok
11:05:27.0037 2732 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
11:05:27.0046 2732 cdfs - ok
11:05:27.0176 2732 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
11:05:27.0185 2732 cdrom - ok
11:05:27.0324 2732 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\windows\system32\drivers\cfwids.sys
11:05:27.0331 2732 cfwids - ok
11:05:27.0401 2732 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
11:05:27.0409 2732 circlass - ok
11:05:27.0521 2732 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
11:05:27.0533 2732 CLFS - ok
11:05:27.0653 2732 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
11:05:27.0659 2732 CmBatt - ok
11:05:27.0736 2732 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
11:05:27.0744 2732 cmdide - ok
11:05:27.0838 2732 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
11:05:27.0854 2732 CNG - ok
11:05:27.0953 2732 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
11:05:27.0958 2732 Compbatt - ok
11:05:28.0090 2732 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
11:05:28.0097 2732 CompositeBus - ok
11:05:28.0182 2732 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
11:05:28.0188 2732 crcdisk - ok
11:05:28.0365 2732 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
11:05:28.0375 2732 ctxusbm - ok
11:05:28.0497 2732 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
11:05:28.0504 2732 DfsC - ok
11:05:28.0632 2732 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
11:05:28.0638 2732 discache - ok
11:05:28.0778 2732 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
11:05:28.0788 2732 Disk - ok
11:05:28.0939 2732 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
11:05:28.0947 2732 Dot4 - ok
11:05:29.0068 2732 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys
11:05:29.0078 2732 Dot4Print - ok
11:05:29.0137 2732 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
11:05:29.0144 2732 dot4usb - ok
11:05:29.0282 2732 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
11:05:29.0288 2732 drmkaud - ok
11:05:29.0383 2732 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
11:05:29.0408 2732 DXGKrnl - ok
11:05:29.0699 2732 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
11:05:29.0869 2732 ebdrv - ok
11:05:30.0020 2732 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
11:05:30.0036 2732 elxstor - ok
11:05:30.0168 2732 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
11:05:30.0172 2732 ErrDev - ok
11:05:30.0360 2732 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
11:05:30.0367 2732 exfat - ok
11:05:30.0413 2732 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
11:05:30.0421 2732 fastfat - ok
11:05:30.0561 2732 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
11:05:30.0565 2732 fdc - ok
11:05:30.0635 2732 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
11:05:30.0640 2732 FileInfo - ok
11:05:30.0674 2732 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
11:05:30.0679 2732 Filetrace - ok
11:05:30.0797 2732 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
11:05:30.0802 2732 flpydisk - ok
11:05:30.0887 2732 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
11:05:30.0895 2732 FltMgr - ok
11:05:31.0004 2732 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
11:05:31.0009 2732 FsDepends - ok
11:05:31.0069 2732 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
11:05:31.0075 2732 Fs_Rec - ok
11:05:31.0188 2732 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
11:05:31.0196 2732 fvevol - ok
11:05:31.0275 2732 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
11:05:31.0280 2732 gagp30kx - ok
11:05:31.0376 2732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:05:31.0380 2732 GEARAspiWDM - ok
11:05:31.0463 2732 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
11:05:31.0467 2732 hcw85cir - ok
11:05:31.0584 2732 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
11:05:31.0594 2732 HdAudAddService - ok
11:05:31.0723 2732 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
11:05:31.0728 2732 HDAudBus - ok
11:05:31.0774 2732 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
11:05:31.0778 2732 HidBatt - ok
11:05:31.0901 2732 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
11:05:31.0907 2732 HidBth - ok
11:05:32.0030 2732 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
11:05:32.0034 2732 HidIr - ok
11:05:32.0210 2732 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
11:05:32.0214 2732 HidUsb - ok
11:05:32.0430 2732 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
11:05:32.0435 2732 HpSAMD - ok
11:05:32.0628 2732 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
11:05:32.0644 2732 HTTP - ok
11:05:32.0759 2732 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
11:05:32.0764 2732 hwpolicy - ok
11:05:32.0877 2732 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
11:05:32.0882 2732 i8042prt - ok
11:05:32.0991 2732 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
11:05:32.0998 2732 iaStor - ok
11:05:33.0135 2732 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
11:05:33.0146 2732 iaStorV - ok
11:05:33.0438 2732 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
11:05:33.0616 2732 igfx - ok
11:05:33.0761 2732 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
11:05:33.0765 2732 iirsp - ok
11:05:33.0950 2732 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
11:05:34.0055 2732 IntcAzAudAddService - ok
11:05:34.0172 2732 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
11:05:34.0176 2732 intelide - ok
11:05:34.0357 2732 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
11:05:34.0361 2732 intelppm - ok
11:05:34.0518 2732 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:05:34.0523 2732 IpFilterDriver - ok
11:05:34.0596 2732 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
11:05:34.0601 2732 IPMIDRV - ok
11:05:34.0721 2732 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
11:05:34.0727 2732 IPNAT - ok
11:05:34.0925 2732 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
11:05:34.0929 2732 IRENUM - ok
11:05:34.0997 2732 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
11:05:35.0001 2732 isapnp - ok
11:05:35.0127 2732 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
11:05:35.0136 2732 iScsiPrt - ok
11:05:35.0269 2732 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
11:05:35.0275 2732 kbdclass - ok
11:05:35.0341 2732 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
11:05:35.0345 2732 kbdhid - ok
11:05:35.0489 2732 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
11:05:35.0493 2732 kbfiltr - ok
11:05:35.0591 2732 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
11:05:35.0596 2732 KSecDD - ok
11:05:35.0709 2732 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
11:05:35.0716 2732 KSecPkg - ok
11:05:35.0769 2732 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
11:05:35.0774 2732 L1C - ok
11:05:35.0988 2732 Lbd (336abe8721cbc3110f1c6426da633417) C:\windows\system32\DRIVERS\Lbd.sys
11:05:35.0994 2732 Lbd - ok
11:05:36.0145 2732 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
11:05:36.0151 2732 lltdio - ok
11:05:36.0327 2732 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
11:05:36.0333 2732 LSI_FC - ok
11:05:36.0379 2732 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
11:05:36.0385 2732 LSI_SAS - ok
11:05:36.0499 2732 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
11:05:36.0504 2732 LSI_SAS2 - ok
11:05:36.0549 2732 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
11:05:36.0555 2732 LSI_SCSI - ok
11:05:36.0677 2732 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
11:05:36.0683 2732 luafv - ok
11:05:36.0978 2732 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
11:05:36.0984 2732 megasas - ok
11:05:37.0048 2732 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
11:05:37.0057 2732 MegaSR - ok
11:05:37.0239 2732 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\windows\system32\drivers\mfeapfk.sys
11:05:37.0245 2732 mfeapfk - ok
11:05:37.0319 2732 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\windows\system32\drivers\mfeavfk.sys
11:05:37.0327 2732 mfeavfk - ok
11:05:37.0448 2732 mfeavfk01 - ok
11:05:37.0519 2732 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\windows\system32\drivers\mfebopk.sys
11:05:37.0523 2732 mfebopk - ok
11:05:37.0674 2732 mfefirek (215666a8a85023ef019b510cbb67f678) C:\windows\system32\drivers\mfefirek.sys
11:05:37.0685 2732 mfefirek - ok
11:05:37.0836 2732 mfehidk (56d330981866a72f061dd16cc5004513) C:\windows\system32\drivers\mfehidk.sys
11:05:37.0850 2732 mfehidk - ok
11:05:37.0988 2732 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\windows\system32\DRIVERS\mfenlfk.sys
11:05:37.0993 2732 mfenlfk - ok
11:05:38.0094 2732 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\windows\system32\drivers\mferkdet.sys
11:05:38.0100 2732 mferkdet - ok
11:05:38.0213 2732 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\windows\system32\drivers\mfewfpk.sys
11:05:38.0221 2732 mfewfpk - ok
11:05:38.0307 2732 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
11:05:38.0312 2732 Modem - ok
11:05:38.0453 2732 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
11:05:38.0457 2732 monitor - ok
11:05:38.0554 2732 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
11:05:38.0558 2732 mouclass - ok
11:05:38.0669 2732 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
11:05:38.0674 2732 mouhid - ok
11:05:38.0776 2732 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
11:05:38.0781 2732 mountmgr - ok
11:05:38.0881 2732 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
11:05:38.0888 2732 mpio - ok
11:05:38.0949 2732 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
11:05:38.0955 2732 mpsdrv - ok
11:05:39.0059 2732 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
11:05:39.0065 2732 MRxDAV - ok
11:05:39.0147 2732 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
11:05:39.0154 2732 mrxsmb - ok
11:05:39.0228 2732 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:05:39.0237 2732 mrxsmb10 - ok
11:05:39.0313 2732 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:05:39.0320 2732 mrxsmb20 - ok
11:05:39.0399 2732 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
11:05:39.0404 2732 msahci - ok
11:05:39.0498 2732 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
11:05:39.0504 2732 msdsm - ok
11:05:39.0598 2732 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
11:05:39.0603 2732 Msfs - ok
11:05:39.0674 2732 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
11:05:39.0677 2732 mshidkmdf - ok
11:05:39.0753 2732 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
11:05:39.0758 2732 msisadrv - ok
11:05:39.0870 2732 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
11:05:39.0875 2732 MSKSSRV - ok
11:05:39.0949 2732 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
11:05:39.0953 2732 MSPCLOCK - ok
11:05:39.0985 2732 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
11:05:39.0989 2732 MSPQM - ok
11:05:40.0035 2732 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
11:05:40.0044 2732 MsRPC - ok
11:05:40.0138 2732 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
11:05:40.0143 2732 mssmbios - ok
11:05:40.0228 2732 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
11:05:40.0234 2732 MSTEE - ok
11:05:40.0293 2732 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
11:05:40.0297 2732 MTConfig - ok
11:05:40.0408 2732 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
11:05:40.0413 2732 Mup - ok
11:05:40.0514 2732 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
11:05:40.0523 2732 NativeWifiP - ok
11:05:40.0652 2732 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
11:05:40.0671 2732 NDIS - ok
11:05:40.0768 2732 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
11:05:40.0773 2732 NdisCap - ok
11:05:40.0851 2732 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
11:05:40.0856 2732 NdisTapi - ok
11:05:41.0005 2732 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
11:05:41.0010 2732 Ndisuio - ok
11:05:41.0121 2732 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
11:05:41.0129 2732 NdisWan - ok
11:05:41.0236 2732 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
11:05:41.0240 2732 NDProxy - ok
11:05:41.0386 2732 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
11:05:41.0391 2732 NetBIOS - ok
11:05:41.0471 2732 NetBT (f80a7e64f97e0ae4dd579d7306ed36a4) C:\windows\system32\DRIVERS\netbt.sys
11:05:41.0480 2732 NetBT ( Rootkit.Win32.ZAccess.g ) - infected
11:05:41.0480 2732 NetBT - detected Rootkit.Win32.ZAccess.g (0)
11:05:41.0668 2732 netr28 (596e25b4631df2be98fd2bade8bcc625) C:\windows\system32\DRIVERS\netr28.sys
11:05:41.0692 2732 netr28 - ok
11:05:41.0849 2732 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
11:05:41.0855 2732 nfrd960 - ok
11:05:42.0015 2732 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
11:05:42.0021 2732 Npfs - ok
11:05:42.0088 2732 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
11:05:42.0096 2732 nsiproxy - ok
11:05:42.0295 2732 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
11:05:42.0345 2732 Ntfs - ok
11:05:42.0476 2732 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
11:05:42.0482 2732 Null - ok
11:05:42.0609 2732 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
11:05:42.0618 2732 nvraid - ok
11:05:42.0674 2732 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
11:05:42.0684 2732 nvstor - ok
11:05:42.0811 2732 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
11:05:42.0819 2732 nv_agp - ok
11:05:42.0867 2732 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
11:05:42.0876 2732 ohci1394 - ok
11:05:43.0037 2732 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
11:05:43.0045 2732 Parport - ok
11:05:43.0126 2732 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
11:05:43.0133 2732 partmgr - ok
11:05:43.0256 2732 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
11:05:43.0263 2732 Parvdm - ok
11:05:43.0351 2732 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
11:05:43.0361 2732 pci - ok
11:05:43.0487 2732 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
11:05:43.0493 2732 pciide - ok
11:05:43.0566 2732 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
11:05:43.0577 2732 pcmcia - ok
11:05:43.0691 2732 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
11:05:43.0700 2732 pcw - ok
11:05:43.0773 2732 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
11:05:43.0795 2732 PEAUTH - ok
11:05:44.0119 2732 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
11:05:44.0131 2732 PptpMiniport - ok
11:05:44.0178 2732 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
11:05:44.0188 2732 Processor - ok
11:05:44.0377 2732 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
11:05:44.0385 2732 Psched - ok
11:05:44.0493 2732 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
11:05:44.0539 2732 ql2300 - ok
11:05:44.0659 2732 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
11:05:44.0667 2732 ql40xx - ok
11:05:44.0740 2732 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
11:05:44.0748 2732 QWAVEdrv - ok
11:05:44.0797 2732 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
11:05:44.0805 2732 RasAcd - ok
11:05:44.0930 2732 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
11:05:44.0936 2732 RasAgileVpn - ok
11:05:45.0088 2732 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
11:05:45.0098 2732 Rasl2tp - ok
11:05:45.0269 2732 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
11:05:45.0276 2732 RasPppoe - ok
11:05:45.0401 2732 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
11:05:45.0409 2732 RasSstp - ok
11:05:45.0495 2732 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
11:05:45.0509 2732 rdbss - ok
11:05:45.0624 2732 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
11:05:45.0630 2732 rdpbus - ok
11:05:45.0703 2732 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
11:05:45.0708 2732 RDPCDD - ok
11:05:45.0857 2732 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
11:05:45.0863 2732 RDPENCDD - ok
11:05:45.0923 2732 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
11:05:45.0931 2732 RDPREFMP - ok
11:05:46.0029 2732 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
11:05:46.0041 2732 RDPWD - ok
11:05:46.0219 2732 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
11:05:46.0229 2732 rdyboost - ok
11:05:46.0351 2732 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
11:05:46.0360 2732 RFCOMM - ok
11:05:46.0555 2732 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
11:05:46.0565 2732 rspndr - ok
11:05:46.0663 2732 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
11:05:46.0672 2732 sbp2port - ok
11:05:46.0829 2732 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
11:05:46.0835 2732 scfilter - ok
11:05:46.0967 2732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
11:05:46.0975 2732 secdrv - ok
11:05:47.0147 2732 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
11:05:47.0153 2732 Serenum - ok
11:05:47.0224 2732 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
11:05:47.0231 2732 Serial - ok
11:05:47.0351 2732 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
11:05:47.0359 2732 sermouse - ok
11:05:47.0498 2732 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
11:05:47.0505 2732 sffdisk - ok
11:05:47.0623 2732 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
11:05:47.0633 2732 sffp_mmc - ok
11:05:47.0685 2732 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
11:05:47.0693 2732 sffp_sd - ok
11:05:47.0759 2732 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
11:05:47.0765 2732 sfloppy - ok
11:05:47.0942 2732 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
11:05:47.0950 2732 sisagp - ok
11:05:48.0076 2732 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
11:05:48.0085 2732 SiSRaid2 - ok
11:05:48.0141 2732 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
11:05:48.0150 2732 SiSRaid4 - ok
11:05:48.0274 2732 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
11:05:48.0282 2732 Smb - ok
11:05:48.0396 2732 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
11:05:48.0403 2732 spldr - ok
11:05:48.0600 2732 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
11:05:48.0616 2732 srv - ok
11:05:48.0679 2732 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
11:05:48.0693 2732 srv2 - ok
11:05:48.0812 2732 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
11:05:48.0826 2732 srvnet - ok
11:05:48.0931 2732 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
11:05:48.0939 2732 stexstor - ok
11:05:49.0066 2732 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
11:05:49.0076 2732 StillCam - ok
11:05:49.0184 2732 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
11:05:49.0191 2732 swenum - ok
11:05:49.0396 2732 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
11:05:49.0408 2732 SynTP - ok
11:05:49.0614 2732 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\windows\system32\drivers\tcpip.sys
11:05:49.0660 2732 Tcpip - ok
11:05:49.0880 2732 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\windows\system32\DRIVERS\tcpip.sys
11:05:49.0910 2732 TCPIP6 - ok
11:05:50.0095 2732 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
11:05:50.0103 2732 tcpipreg - ok
11:05:50.0233 2732 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
11:05:50.0239 2732 TDPIPE - ok
11:05:50.0320 2732 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
11:05:50.0326 2732 TDTCP - ok
11:05:50.0444 2732 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
11:05:50.0452 2732 tdx - ok
11:05:50.0549 2732 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
11:05:50.0558 2732 TermDD - ok
11:05:50.0714 2732 TfFsMon - ok
11:05:50.0807 2732 TfNetMon - ok
11:05:50.0893 2732 TfSysMon - ok
11:05:51.0158 2732 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
11:05:51.0166 2732 tssecsrv - ok
11:05:51.0314 2732 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
11:05:51.0321 2732 TsUsbFlt - ok
11:05:51.0436 2732 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
11:05:51.0444 2732 tunnel - ok
11:05:51.0540 2732 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
11:05:51.0547 2732 uagp35 - ok
11:05:51.0667 2732 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
11:05:51.0680 2732 udfs - ok
11:05:51.0844 2732 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
11:05:51.0851 2732 uliagpkx - ok
11:05:51.0942 2732 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
11:05:51.0951 2732 umbus - ok
11:05:52.0038 2732 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
11:05:52.0044 2732 UmPass - ok
11:05:52.0167 2732 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
11:05:52.0176 2732 USBAAPL - ok
11:05:52.0299 2732 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
11:05:52.0308 2732 usbaudio - ok
11:05:52.0409 2732 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\DRIVERS\usbccgp.sys
11:05:52.0417 2732 usbccgp - ok
11:05:52.0524 2732 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
11:05:52.0536 2732 usbcir - ok
11:05:52.0620 2732 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
11:05:52.0628 2732 usbehci - ok
11:05:52.0744 2732 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\DRIVERS\usbhub.sys
11:05:52.0757 2732 usbhub - ok
11:05:52.0843 2732 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
11:05:52.0850 2732 usbohci - ok
11:05:52.0962 2732 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
11:05:52.0968 2732 usbprint - ok
11:05:53.0057 2732 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
11:05:53.0065 2732 usbscan - ok
11:05:53.0166 2732 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:05:53.0171 2732 USBSTOR - ok
11:05:53.0260 2732 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
11:05:53.0266 2732 usbuhci - ok
11:05:53.0375 2732 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
11:05:53.0385 2732 usbvideo - ok
11:05:53.0538 2732 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
11:05:53.0545 2732 vdrvroot - ok
11:05:53.0662 2732 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
11:05:53.0670 2732 vga - ok
11:05:53.0760 2732 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
11:05:53.0769 2732 VgaSave - ok
11:05:53.0851 2732 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
11:05:53.0861 2732 vhdmp - ok
11:05:53.0946 2732 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
11:05:53.0953 2732 viaagp - ok
11:05:54.0050 2732 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
11:05:54.0057 2732 ViaC7 - ok
11:05:54.0157 2732 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
11:05:54.0164 2732 viaide - ok
11:05:54.0241 2732 VMnetAdapter - ok
11:05:54.0305 2732 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
11:05:54.0319 2732 volmgr - ok
11:05:54.0444 2732 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
11:05:54.0459 2732 volmgrx - ok
11:05:54.0593 2732 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
11:05:54.0605 2732 volsnap - ok
11:05:54.0749 2732 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
11:05:54.0759 2732 vsmraid - ok
11:05:54.0842 2732 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
11:05:54.0848 2732 vwifibus - ok
11:05:54.0992 2732 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
11:05:55.0001 2732 vwififlt - ok
11:05:55.0135 2732 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
11:05:55.0143 2732 vwifimp - ok
11:05:55.0364 2732 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
11:05:55.0370 2732 WacomPen - ok
11:05:55.0527 2732 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
11:05:55.0534 2732 WANARP - ok
11:05:55.0562 2732 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
11:05:55.0570 2732 Wanarpv6 - ok
11:05:55.0725 2732 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
11:05:55.0733 2732 Wd - ok
11:05:55.0882 2732 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
11:05:55.0903 2732 Wdf01000 - ok
11:05:56.0244 2732 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
11:05:56.0252 2732 WfpLwf - ok
11:05:56.0319 2732 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
11:05:56.0326 2732 WIMMount - ok
11:05:56.0630 2732 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
11:05:56.0638 2732 WinUsb - ok
11:05:56.0725 2732 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
11:05:56.0732 2732 WmiAcpi - ok
11:05:56.0969 2732 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
11:05:56.0980 2732 ws2ifsl - ok
11:05:57.0169 2732 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
11:05:57.0177 2732 WudfPf - ok
11:05:57.0331 2732 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
11:05:57.0340 2732 WUDFRd - ok
11:05:57.0498 2732 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:05:57.0571 2732 \Device\Harddisk0\DR0 - ok
11:05:57.0594 2732 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:05:58.0758 2732 \Device\Harddisk1\DR1 - ok
11:05:58.0771 2732 Boot (0x1200) (ddc7dac6645ba0f136e2867a62ca5f90) \Device\Harddisk0\DR0\Partition0
11:05:58.0774 2732 \Device\Harddisk0\DR0\Partition0 - ok
11:05:58.0793 2732 Boot (0x1200) (65f643d9bc5664f125e7feaccc7a44c6) \Device\Harddisk1\DR1\Partition0
11:05:58.0795 2732 \Device\Harddisk1\DR1\Partition0 - ok
11:05:58.0802 2732 ============================================================
11:05:58.0802 2732 Scan finished
11:05:58.0802 2732 ============================================================
11:05:58.0844 5804 Detected object count: 1
11:05:58.0844 5804 Actual detected object count: 1
11:06:04.0109 5804 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\windows\system32\drivers\netbt.sys) error 1813
11:06:08.0763 5804 Backup copy found, using it..
11:06:08.0794 5804 C:\windows\system32\DRIVERS\netbt.sys - will be cured on reboot
11:06:14.0808 5804 NetBT ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
11:06:20.0805 0976 Deinitialize success

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 08 January 2012 - 01:03 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JxWilder

JxWilder
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 08 January 2012 - 03:21 PM

It was a blank text document.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 08 January 2012 - 05:21 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • Log From ESET Online Scanner
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JxWilder

JxWilder
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 09 January 2012 - 08:35 AM

MBAM:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Wilder :: JWILDER [administrator]

Protection: Enabled

1/8/2012 7:11:05 PM
mbam-log-2012-01-08 (19-11-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190724
Time elapsed: 20 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET:

C:\Program Files\Adobe\Adobe Photoshop CS5\Plug-ins\Alien Skin\Alien_Skin_Eye_Candy_Impact_v5.1\new.exe a variant of Win32/Injector.KX trojan

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 PM

Posted 09 January 2012 - 11:57 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users