Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting redirect to scour off google seacrhes


  • This topic is locked This topic is locked
31 replies to this topic

#1 ntcbadabing

ntcbadabing

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 26 December 2011 - 11:33 PM

I'm using windows vista 64 bit. I've tried ComboFix as in the past this has gotten rid of everything that came up. I used Malwarebytes and AVG trying to get rid of this. Both found trojans they got rid of, AVG found the Cryptor virus it claimed to have gotten rid of. When this thing first happened, I got a ton error messages saying my hard disk was damaged to use this fix tool, which I assumed was part of whatever I got because they wanted like 30 bucks to finish it. Below is the report from DDS, however, GMER would not let me check the boxes shown on your site, they were all greyed out so it only scanned services, registry, files, ads on the C drive. GMER created no report. Thank you for your help! DDS Report attached.

Thanks again and one last thing, if these files need to be zip'd, I don't know how to zip them.

Attached Files

  • Attached File  DDS.txt   18.74KB   1 downloads


BC AdBot (Login to Remove)

 


#2 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 26 December 2011 - 11:40 PM

I forgot to mention I downloaded and ran the Defogger.

#3 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 27 December 2011 - 11:32 PM

I've read in other threads to not attach files so here is the copied and pasted DDS Report:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19170
Run by Steve at 21:51:16 on 2011-12-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4404 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\dlcdcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4820
uInternet Settings,ProxyServer = http=127.0.0.1:58404
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
mRun: [LedKey] CNYHKey.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1CFCEB01-EF1F-4BDC-B30E-ABDED2DC9C00} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\75knh4zb.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58404
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 dlcd_device;dlcd_device;C:\Windows\system32\dlcdcoms.exe -service --> C:\Windows\system32\dlcdcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-22 366152]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-22 869216]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-7-16 6638080]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-26 89920]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-27 03:09:41 -------- d-----w- C:\ProgramData\PC Tools
2011-12-25 04:11:24 -------- d-----w- C:\Program Files\iPod
2011-12-25 04:11:23 -------- d-----w- C:\Program Files\iTunes
2011-12-23 03:57:13 -------- d-----w- C:\Users\Steve\AppData\Local\temp
2011-12-23 03:11:38 -------- d-s---w- C:\ComboFix
2011-12-23 01:33:06 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-23 01:32:52 -------- d-----w- C:\Users\Steve\AppData\Roaming\Malwarebytes
2011-12-23 01:32:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-23 01:32:37 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-23 01:32:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-23 01:16:24 -------- d--h--w- C:\$AVG
2011-12-23 00:26:41 -------- d-----w- C:\Users\Steve\AppData\Roaming\AVG2012
2011-12-23 00:22:37 -------- d-----w- C:\ProgramData\AVG Secure Search
2011-12-23 00:22:31 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2011-12-23 00:22:30 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2011-12-23 00:22:03 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-12-23 00:21:34 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-12-23 00:21:34 -------- d-----w- C:\ProgramData\AVG2012
2011-12-22 13:03:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-20 13:42:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18060388-AC65-4F72-970A-E77AA3209C95}\offreg.dll
2011-12-20 05:31:49 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{566FF561-65A5-48E2-9949-187F9116353D}\gapaengine.dll
2011-12-20 05:31:22 8822856 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18060388-AC65-4F72-970A-E77AA3209C95}\mpengine.dll
2011-12-20 05:25:30 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-20 05:25:24 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-20 05:25:14 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-12-20 04:59:25 388096 ----a-r- C:\Users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-20 04:59:15 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-20 04:12:36 -------- d--h--w- C:\ProgramData\Common Files
2011-12-20 04:07:29 -------- d-----w- C:\ProgramData\MFAData
2011-12-15 00:05:22 -------- d-----w- C:\Users\Steve\AppData\Local\userCommonLite
2011-12-13 22:29:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2011-12-20 05:11:25 3820 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-11-26 04:15:15 189744 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-26 04:15:15 189744 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-26 04:15:15 189744 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-03 06:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
2011-11-03 06:50:15 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-03 06:49:54 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-03 06:49:36 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-11-03 06:49:36 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-11-03 06:22:04 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-11-03 05:54:27 479232 ----a-w- C:\Windows\System32\html.iec
2011-11-03 05:22:43 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-03 05:11:55 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-11-03 05:10:39 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 04:45:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-14 17:30:05 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-14 16:02:19 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-10-07 12:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-04 00:50:04 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:59:39.93 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 01 January 2012 - 04:01 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 02 January 2012 - 06:03 PM

ComboFix 12-01-01.06 - Steve 01/01/2012 16:45:15.11.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3711 [GMT -6:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 23:20 . 2012-01-01 23:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-01 23:20 . 2012-01-01 23:20 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-01-01 23:20 . 2012-01-01 23:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-01 23:20 . 2012-01-01 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 05:07 . 2010-04-12 23:29 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-29 05:07 . 2010-04-12 23:29 411368 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-29 04:18 . 2011-12-29 02:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-29 02:49 . 2011-12-29 02:49 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-29 02:47 . 2011-12-23 13:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-29 02:47 . 2011-12-29 02:47 -------- d-----w- c:\programdata\Lavasoft
2011-12-29 02:47 . 2011-12-29 02:47 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-28 01:24 . 2011-12-28 01:24 -------- d-----w- c:\program files (x86)\Free M4a to MP3 Converter
2011-12-27 03:09 . 2011-12-27 03:19 -------- d-----w- c:\programdata\PC Tools
2011-12-25 04:11 . 2011-12-25 04:11 -------- d-----w- c:\program files\iPod
2011-12-25 04:11 . 2011-12-25 04:11 -------- d-----w- c:\program files\iTunes
2011-12-23 01:33 . 2011-12-23 01:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-23 01:32 . 2011-12-23 01:32 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2011-12-23 01:32 . 2011-12-23 01:32 -------- d-----w- c:\programdata\Malwarebytes
2011-12-23 01:32 . 2011-12-23 01:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-23 01:32 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-23 01:16 . 2011-12-23 01:16 -------- d-----w- C:\$AVG
2011-12-23 00:26 . 2011-12-23 00:26 -------- d-----w- c:\users\Steve\AppData\Roaming\AVG2012
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-12-23 00:21 . 2011-12-23 23:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-23 00:21 . 2011-12-23 00:39 -------- d-----w- c:\programdata\AVG2012
2011-12-20 13:42 . 2011-12-20 13:42 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18060388-AC65-4F72-970A-E77AA3209C95}\offreg.dll
2011-12-20 05:31 . 2011-10-04 23:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{566FF561-65A5-48E2-9949-187F9116353D}\gapaengine.dll
2011-12-20 05:31 . 2011-11-30 08:21 8822856 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18060388-AC65-4F72-970A-E77AA3209C95}\mpengine.dll
2011-12-20 05:25 . 2011-12-20 05:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-20 05:25 . 2011-12-20 05:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-20 05:25 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-20 04:59 . 2011-12-20 04:59 388096 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-20 04:59 . 2011-12-20 04:59 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-20 04:12 . 2011-12-20 04:12 -------- d--h--w- c:\programdata\Common Files
2011-12-20 04:07 . 2011-12-23 23:40 -------- d-----w- c:\programdata\MFAData
2011-12-15 00:05 . 2011-12-20 04:47 -------- d-----w- c:\users\Steve\AppData\Local\userCommonLite
2011-12-13 22:29 . 2011-12-13 22:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 02:38 . 2011-06-13 17:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-20 05:11 . 2010-02-14 13:34 3820 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-11-26 04:15 . 2009-08-19 02:17 189744 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-26 04:15 . 2009-08-19 02:17 189744 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-26 04:15 . 2009-08-19 02:17 189744 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 12:23 . 2011-10-07 12:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-16_19.03.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-12-29 05:02 69326 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-19 17:56 . 2011-12-29 05:02 15422 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1257435997-3131582885-486837300-1000_UserData.bin
+ 2011-12-29 02:47 . 2011-12-23 13:12 69376 c:\windows\system32\DRVSTORE\lbd_483F0BF7A3AD4ED71EB7FC6065CFD6B9C37DEB69\Lbd.sys
- 2010-02-10 07:34 . 2009-12-08 17:55 40448 c:\windows\system32\drivers\tcpipreg.sys
+ 2011-11-08 20:44 . 2011-09-20 14:04 40448 c:\windows\system32\drivers\tcpipreg.sys
+ 2011-04-27 21:25 . 2011-04-27 21:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 19:18 . 2011-04-18 19:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-09-13 12:30 . 2011-09-13 12:30 37456 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-08-08 12:08 . 2011-08-08 12:08 46672 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-07-11 07:13 . 2011-07-11 07:13 29776 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-11 07:13 . 2011-07-11 07:13 26704 c:\windows\system32\drivers\AVGIDSEH.sys
- 2009-07-19 17:56 . 2011-12-16 12:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-19 17:56 . 2011-12-29 09:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-19 17:56 . 2011-12-29 09:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-19 17:56 . 2011-12-16 12:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-19 17:56 . 2011-12-29 09:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-19 17:56 . 2011-12-16 12:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-21 22:53 . 2011-12-16 12:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-21 22:53 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-21 22:53 . 2011-12-29 05:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-21 22:53 . 2011-12-16 12:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-21 22:53 . 2011-12-16 12:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-21 22:53 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-08 05:21 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-08 05:21 . 2011-12-16 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-08 05:21 . 2011-12-16 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-08 05:21 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-20 04:09 . 2011-12-20 04:09 80384 c:\windows\Installer\50fbf.msi
+ 2011-11-02 05:26 . 2011-11-02 05:26 53608 c:\windows\Installer\$PatchCache$\Managed\2E666343950ACA84DA7632B07FE4D22B\2.1.6\pthreadVC2.dll
+ 2011-11-02 05:25 . 2011-11-02 05:25 17256 c:\windows\Installer\$PatchCache$\Managed\2E666343950ACA84DA7632B07FE4D22B\2.1.6\AppleVersions.dll
- 2006-11-02 12:40 . 2011-11-04 22:19 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-12-27 03:24 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-12-27 03:24 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2011-11-26 06:06 51200 c:\windows\inf\infpub.dat
+ 2011-12-29 05:00 . 2011-12-29 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-16 12:52 . 2011-12-16 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-29 05:00 . 2011-12-29 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-16 12:52 . 2011-12-16 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-29 02:38 . 2011-12-29 02:38 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-29 02:38 . 2011-12-29 02:38 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-12-29 05:07 . 2010-04-12 23:29 153376 c:\windows\SysWOW64\javaws.exe
- 2010-01-27 22:59 . 2009-12-17 23:14 153376 c:\windows\SysWOW64\javaws.exe
+ 2011-12-29 05:07 . 2010-04-12 23:29 145184 c:\windows\SysWOW64\javaw.exe
- 2010-01-27 22:59 . 2009-12-17 23:14 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-12-29 05:07 . 2010-04-12 23:29 145184 c:\windows\SysWOW64\java.exe
- 2010-01-27 22:59 . 2009-12-17 23:14 145184 c:\windows\SysWOW64\java.exe
- 2008-01-21 03:20 . 2011-12-16 12:48 425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-01-01 02:48 425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 15:45 . 2011-12-29 05:02 110152 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2011-12-29 05:07 606364 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-12-29 05:07 104964 c:\windows\system32\perfc009.dat
+ 2009-10-02 22:31 . 2010-10-19 17:33 270720 c:\windows\system32\MpSigStub.exe
- 2009-10-02 22:31 . 2011-02-02 23:11 270720 c:\windows\system32\MpSigStub.exe
+ 2011-04-18 19:18 . 2011-04-18 19:18 189440 c:\windows\system32\drivers\MpFilter.sys
+ 2011-07-11 07:14 . 2011-07-11 07:14 375376 c:\windows\system32\drivers\avgtdia.sys
+ 2011-07-11 07:13 . 2011-07-11 07:13 120400 c:\windows\system32\drivers\AVGIDSDriver.sys
- 2010-08-11 08:25 . 2011-12-16 00:03 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-11 08:25 . 2011-12-16 19:19 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-28 09:15 . 2011-12-29 04:59 287256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-12-28 09:15 . 2011-12-16 12:51 287256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-27 03:10 . 2011-12-27 03:10 228352 c:\windows\Installer\dcbdd31.msi
+ 2011-12-29 05:07 . 2011-12-29 05:07 180224 c:\windows\Installer\611e2.msi
+ 2011-12-20 05:25 . 2011-12-20 05:25 907776 c:\windows\Installer\10e153.msi
+ 2011-12-20 05:25 . 2011-12-20 05:25 585216 c:\windows\Installer\10e14d.msi
+ 2011-12-25 04:09 . 2011-12-25 04:09 897024 c:\windows\Installer\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}\SafariIco.exe
+ 2011-12-25 04:12 . 2011-12-25 04:12 380928 c:\windows\Installer\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}\iTunesIco.exe
+ 2006-11-02 12:40 . 2011-12-27 03:24 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-11-26 06:06 143360 c:\windows\inf\infstrng.dat
- 2008-01-21 03:20 . 2011-12-16 12:48 5373952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-01 02:48 5373952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-16 12:48 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-01 02:48 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-08 20:44 . 2011-09-20 21:06 1423744 c:\windows\system32\drivers\tcpip.sys
+ 2011-12-23 00:23 . 2011-12-23 00:23 7600128 c:\windows\Installer\f6b95.msi
+ 2011-12-23 00:21 . 2011-12-23 00:21 2830336 c:\windows\Installer\f6b91.msi
+ 2011-12-29 02:47 . 2011-12-29 02:47 7270400 c:\windows\Installer\4cee36a.msi
+ 2011-12-25 04:12 . 2011-12-25 04:12 5659136 c:\windows\Installer\3b35fda.msi
+ 2011-12-25 04:09 . 2011-12-25 04:09 3470848 c:\windows\Installer\3b3543e.msi
+ 2011-12-25 04:08 . 2011-12-25 04:08 4016128 c:\windows\Installer\3b35385.msi
+ 2011-12-25 04:08 . 2011-12-25 04:08 1530368 c:\windows\Installer\3b352d9.msi
+ 2011-12-20 04:59 . 2011-12-20 04:59 1094656 c:\windows\Installer\37abbd.msi
- 2006-11-02 12:33 . 2011-12-15 00:08 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:33 . 2011-12-29 04:59 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-23 00:22 1574240 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2011-12-23 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-29 2152152]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe [2007-01-17 566768]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-23 869216]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-29 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\User_Feed_Synchronization-{CE0B8A2D-0D56-449F-BF11-7F33610410B2}.job
- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-17 16137760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-17 82464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4820
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:58404
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\75knh4zb.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58404
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1257435997-3131582885-486837300-1000\Software\SecuROM\License information*]
"datasecu"=hex:6d,0e,5f,ee,5a,f3,5e,21,98,79,98,cd,ec,a3,82,a4,04,dc,48,3e,49,
8f,06,2a,e0,99,5d,9c,57,b1,ec,98,9a,95,78,40,a2,da,15,ba,7a,76,00,42,45,d9,\
"rkeysecu"=hex:4b,b0,e6,bf,b6,7f,8a,ea,36,3c,d9,a6,43,90,ae,f4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-01-01 17:39:15
ComboFix-quarantined-files.txt 2012-01-01 23:39
ComboFix2.txt 2011-12-22 00:27
ComboFix3.txt 2011-12-20 03:53
ComboFix4.txt 2011-12-16 19:22
ComboFix5.txt 2011-12-22 23:47
.
Pre-Run: 660,657,123,328 bytes free
Post-Run: 660,710,150,144 bytes free
.
- - End Of File - - CFEEDA70EEFA97125CA65D2BBE8450BF

#6 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 02 January 2012 - 06:09 PM

Thanks for helping me Gringo, just wanted you to know I've read quite a few of the forums where you're helping people, it's amazing someone takes their time to help others as you do!

You may notice the log is dated 1/1.. I ran it yesterday when leaving my house and when I got back today, the report was still up. I opened IE explorer and re-set the settings back to default and rebooted the computer and then checked if I am still being re-directed and I am still being re-directed. Then I checked here to see if there had been a response and got your message.

Thanks again for helping! Also, BEFORE I posted here, I've run malware bytes, AVG, and Ad-aware.. all find malicious files and viruses they claim to delete.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 03 January 2012 - 08:30 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 03 January 2012 - 01:18 PM

I downloaded tdsskiller.exe and saved it to my desktop. I double click it and nothing happens.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 03 January 2012 - 01:32 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 03 January 2012 - 07:43 PM

Hey Gringo, I did as you posted. Tdsskiller ran after I ran TDSS Fix Tool, below is both. The tdsskiller report wouldn't allow me to save it or copy it to notepad so I opened works and drag and dropped the tdsskiller report to it then copied and pasted into notepad then I'll copy and paste it here. I'm mentioning that in case it doesn't look like normal, but it is the full report.

TDSS Fix Tool 2.1.3
***Infected MBR Detected
Repair Succeeded

And now the tdsskiller report:

18:35:52.0007 5116 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:35:52.0350 5116 ============================================================
18:35:52.0350 5116 Current date / time: 2012/01/03 18:35:52.0350
18:35:52.0350 5116 SystemInfo:
18:35:52.0350 5116
18:35:52.0350 5116 OS Version: 6.0.6002 ServicePack: 2.0
18:35:52.0350 5116 Product type: Workstation
18:35:52.0350 5116 ComputerName: STEVE-PC
18:35:52.0350 5116 UserName: Steve
18:35:52.0350 5116 Windows directory: C:\Windows
18:35:52.0350 5116 System windows directory: C:\Windows
18:35:52.0350 5116 Running under WOW64
18:35:52.0350 5116 Processor architecture: Intel x64
18:35:52.0350 5116 Number of processors: 4
18:35:52.0350 5116 Page size: 0x1000
18:35:52.0350 5116 Boot type: Normal boot
18:35:52.0350 5116 ============================================================
18:35:52.0772 5116 Initialize success
18:36:20.0430 4360 ============================================================
18:36:20.0430 4360 Scan started
18:36:20.0430 4360 Mode: Manual;
18:36:20.0430 4360 ============================================================
18:36:21.0803 4360 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:36:21.0803 4360 ACPI - ok
18:36:22.0037 4360 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:36:22.0037 4360 adp94xx - ok
18:36:22.0115 4360 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:36:22.0115 4360 adpahci - ok
18:36:22.0443 4360 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:36:22.0443 4360 adpu160m - ok
18:36:22.0536 4360 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:36:22.0552 4360 adpu320 - ok
18:36:22.0833 4360 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
18:36:22.0833 4360 AFD - ok
18:36:23.0160 4360 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys
18:36:23.0176 4360 AgereSoftModem - ok
18:36:23.0254 4360 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:36:23.0254 4360 agp440 - ok
18:36:23.0348 4360 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:36:23.0348 4360 aic78xx - ok
18:36:23.0394 4360 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
18:36:23.0394 4360 aliide - ok
18:36:23.0457 4360 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:36:23.0457 4360 amdide - ok
18:36:23.0504 4360 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:36:23.0504 4360 AmdK8 - ok
18:36:23.0660 4360 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:36:23.0660 4360 arc - ok
18:36:23.0706 4360 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:36:23.0706 4360 arcsas - ok
18:36:23.0816 4360 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:36:23.0816 4360 AsyncMac - ok
18:36:23.0894 4360 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
18:36:23.0894 4360 atapi - ok
18:36:23.0940 4360 ATMFBUS - ok
18:36:23.0987 4360 ATMFCVsp - ok
18:36:24.0034 4360 ATMFFLT - ok
18:36:24.0065 4360 ATMFMdm - ok
18:36:24.0128 4360 ATMFNET - ok
18:36:24.0174 4360 ATMFNVsp - ok
18:36:24.0237 4360 ATMFVsp - ok
18:36:24.0502 4360 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:36:24.0502 4360 AVGIDSDriver - ok
18:36:24.0596 4360 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:36:24.0596 4360 AVGIDSEH - ok
18:36:24.0658 4360 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:36:24.0658 4360 AVGIDSFilter - ok
18:36:24.0798 4360 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
18:36:24.0798 4360 Avgldx64 - ok
18:36:24.0845 4360 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:36:24.0845 4360 Avgmfx64 - ok
18:36:24.0876 4360 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:36:24.0876 4360 Avgrkx64 - ok
18:36:25.0017 4360 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
18:36:25.0017 4360 Avgtdia - ok
18:36:25.0079 4360 Beep - ok
18:36:25.0282 4360 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:36:25.0282 4360 blbdrive - ok
18:36:25.0438 4360 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:36:25.0438 4360 bowser - ok
18:36:25.0563 4360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:36:25.0563 4360 BrFiltLo - ok
18:36:25.0641 4360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:36:25.0641 4360 BrFiltUp - ok
18:36:25.0688 4360 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:36:25.0688 4360 Brserid - ok
18:36:25.0781 4360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:36:25.0781 4360 BrSerWdm - ok
18:36:25.0890 4360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:36:25.0890 4360 BrUsbMdm - ok
18:36:25.0937 4360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:36:25.0937 4360 BrUsbSer - ok
18:36:25.0953 4360 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:36:25.0953 4360 BTHMODEM - ok
18:36:26.0187 4360 catchme - ok
18:36:26.0265 4360 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:36:26.0280 4360 cdfs - ok
18:36:26.0390 4360 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:36:26.0390 4360 cdrom - ok
18:36:26.0530 4360 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
18:36:26.0530 4360 circlass - ok
18:36:26.0639 4360 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:36:26.0639 4360 CLFS - ok
18:36:26.0764 4360 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:36:26.0764 4360 cmdide - ok
18:36:26.0811 4360 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
18:36:26.0811 4360 Compbatt - ok
18:36:26.0889 4360 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:36:26.0889 4360 crcdisk - ok
18:36:26.0982 4360 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:36:26.0982 4360 DfsC - ok
18:36:27.0107 4360 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:36:27.0107 4360 disk - ok
18:36:27.0232 4360 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:36:27.0232 4360 drmkaud - ok
18:36:27.0404 4360 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:36:27.0404 4360 DXGKrnl - ok
18:36:27.0435 4360 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:36:27.0435 4360 E1G60 - ok
18:36:27.0560 4360 e1yexpress (50f95e488c99ae2b0d9def392acc61fc) C:\Windows\system32\DRIVERS\e1y60x64.sys
18:36:27.0575 4360 e1yexpress - ok
18:36:27.0606 4360 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:36:27.0606 4360 Ecache - ok
18:36:27.0700 4360 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:36:27.0700 4360 elxstor - ok
18:36:27.0762 4360 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:36:27.0762 4360 ErrDev - ok
18:36:27.0887 4360 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:36:27.0887 4360 exfat - ok
18:36:28.0012 4360 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:36:28.0012 4360 fastfat - ok
18:36:28.0106 4360 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:36:28.0106 4360 fdc - ok
18:36:28.0199 4360 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:36:28.0199 4360 FileInfo - ok
18:36:28.0293 4360 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:36:28.0293 4360 Filetrace - ok
18:36:28.0386 4360 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:36:28.0386 4360 flpydisk - ok
18:36:28.0574 4360 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:36:28.0574 4360 FltMgr - ok
18:36:28.0714 4360 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:36:28.0730 4360 Fs_Rec - ok
18:36:28.0792 4360 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:36:28.0808 4360 gagp30kx - ok
18:36:28.0870 4360 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:36:28.0870 4360 GEARAspiWDM - ok
18:36:28.0979 4360 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:36:28.0979 4360 HdAudAddService - ok
18:36:29.0166 4360 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:36:29.0166 4360 HDAudBus - ok
18:36:29.0198 4360 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:36:29.0198 4360 HidBth - ok
18:36:29.0244 4360 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
18:36:29.0244 4360 HidIr - ok
18:36:29.0338 4360 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:36:29.0338 4360 HidUsb - ok
18:36:29.0416 4360 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:36:29.0416 4360 HpCISSs - ok
18:36:29.0603 4360 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:36:29.0603 4360 HTTP - ok
18:36:29.0666 4360 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:36:29.0666 4360 i2omp - ok
18:36:29.0697 4360 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:36:29.0697 4360 i8042prt - ok
18:36:29.0853 4360 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\DRIVERS\iaStor.sys
18:36:29.0853 4360 iaStor - ok
18:36:30.0024 4360 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:36:30.0024 4360 iaStorV - ok
18:36:31.0662 4360 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:36:31.0740 4360 igfx - ok
18:36:32.0021 4360 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:36:32.0021 4360 iirsp - ok
18:36:32.0318 4360 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
18:36:32.0333 4360 IntcAzAudAddService - ok
18:36:32.0552 4360 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
18:36:32.0552 4360 IntcHdmiAddService - ok
18:36:32.0645 4360 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:36:32.0645 4360 intelide - ok
18:36:32.0708 4360 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:36:32.0708 4360 intelppm - ok
18:36:32.0848 4360 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:36:32.0848 4360 IpFilterDriver - ok
18:36:32.0879 4360 IpInIp - ok
18:36:32.0957 4360 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:36:32.0957 4360 IPMIDRV - ok
18:36:33.0004 4360 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:36:33.0004 4360 IPNAT - ok
18:36:33.0098 4360 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:36:33.0098 4360 IRENUM - ok
18:36:33.0176 4360 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:36:33.0176 4360 isapnp - ok
18:36:33.0269 4360 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:36:33.0269 4360 iScsiPrt - ok
18:36:33.0347 4360 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:36:33.0347 4360 iteatapi - ok
18:36:33.0410 4360 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:36:33.0410 4360 iteraid - ok
18:36:33.0488 4360 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:36:33.0488 4360 kbdclass - ok
18:36:33.0550 4360 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:36:33.0550 4360 kbdhid - ok
18:36:33.0706 4360 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
18:36:33.0706 4360 KSecDD - ok
18:36:33.0753 4360 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:36:33.0753 4360 ksthunk - ok
18:36:33.0940 4360 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
18:36:33.0940 4360 Lavasoft Kernexplorer - ok
18:36:33.0971 4360 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
18:36:33.0971 4360 Lbd - ok
18:36:34.0002 4360 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:36:34.0018 4360 lltdio - ok
18:36:34.0096 4360 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:36:34.0096 4360 LSI_FC - ok
18:36:34.0158 4360 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:36:34.0158 4360 LSI_SAS - ok
18:36:34.0236 4360 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:36:34.0236 4360 LSI_SCSI - ok
18:36:34.0299 4360 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:36:34.0314 4360 luafv - ok
18:36:34.0408 4360 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
18:36:34.0408 4360 MBAMProtector - ok
18:36:34.0486 4360 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:36:34.0486 4360 megasas - ok
18:36:34.0626 4360 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:36:34.0626 4360 MegaSR - ok
18:36:34.0658 4360 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:36:34.0658 4360 Modem - ok
18:36:34.0704 4360 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:36:34.0704 4360 monitor - ok
18:36:34.0751 4360 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:36:34.0751 4360 mouclass - ok
18:36:34.0782 4360 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:36:34.0782 4360 mouhid - ok
18:36:34.0938 4360 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:36:34.0938 4360 MountMgr - ok
18:36:35.0110 4360 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:36:35.0110 4360 MpFilter - ok
18:36:35.0204 4360 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:36:35.0204 4360 mpio - ok
18:36:35.0266 4360 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:36:35.0266 4360 MpNWMon - ok
18:36:35.0344 4360 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:36:35.0344 4360 mpsdrv - ok
18:36:35.0391 4360 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:36:35.0406 4360 Mraid35x - ok
18:36:35.0500 4360 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:36:35.0500 4360 MRxDAV - ok
18:36:35.0609 4360 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:36:35.0609 4360 mrxsmb - ok
18:36:35.0781 4360 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:36:35.0781 4360 mrxsmb10 - ok
18:36:35.0828 4360 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:36:35.0828 4360 mrxsmb20 - ok
18:36:35.0906 4360 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
18:36:35.0906 4360 msahci - ok
18:36:35.0984 4360 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:36:35.0984 4360 msdsm - ok
18:36:36.0030 4360 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:36:36.0030 4360 Msfs - ok
18:36:36.0077 4360 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:36:36.0077 4360 msisadrv - ok
18:36:36.0171 4360 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:36:36.0171 4360 MSKSSRV - ok
18:36:36.0249 4360 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:36:36.0264 4360 MSPCLOCK - ok
18:36:36.0342 4360 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:36:36.0342 4360 MSPQM - ok
18:36:36.0639 4360 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:36:36.0639 4360 MsRPC - ok
18:36:36.0686 4360 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:36:36.0686 4360 mssmbios - ok
18:36:36.0748 4360 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:36:36.0748 4360 MSTEE - ok
18:36:36.0888 4360 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:36:36.0888 4360 Mup - ok
18:36:37.0029 4360 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:36:37.0029 4360 NativeWifiP - ok
18:36:37.0138 4360 NAVENG - ok
18:36:37.0138 4360 NAVEX15 - ok
18:36:37.0341 4360 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:36:37.0341 4360 NDIS - ok
18:36:37.0450 4360 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:36:37.0450 4360 NdisTapi - ok
18:36:37.0512 4360 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:36:37.0512 4360 Ndisuio - ok
18:36:37.0606 4360 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:36:37.0606 4360 NdisWan - ok
18:36:37.0684 4360 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:36:37.0684 4360 NDProxy - ok
18:36:37.0762 4360 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:36:37.0762 4360 NetBIOS - ok
18:36:37.0887 4360 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:36:37.0887 4360 netbt - ok
18:36:37.0949 4360 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:36:37.0949 4360 nfrd960 - ok
18:36:38.0043 4360 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:36:38.0043 4360 NisDrv - ok
18:36:38.0121 4360 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:36:38.0121 4360 Npfs - ok
18:36:38.0136 4360 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:36:38.0136 4360 nsiproxy - ok
18:36:38.0417 4360 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:36:38.0417 4360 Ntfs - ok
18:36:38.0464 4360 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:36:38.0464 4360 Null - ok
18:36:40.0211 4360 nvlddmkm (fb3a62737d6cfa44ebc5ca846bd40cc1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:36:40.0258 4360 nvlddmkm - ok
18:36:40.0570 4360 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:36:40.0570 4360 nvraid - ok
18:36:40.0648 4360 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:36:40.0648 4360 nvstor - ok
18:36:40.0726 4360 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:36:40.0726 4360 nv_agp - ok
18:36:40.0757 4360 NwlnkFlt - ok
18:36:40.0788 4360 NwlnkFwd - ok
18:36:40.0976 4360 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:36:40.0976 4360 ohci1394 - ok
18:36:41.0054 4360 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:36:41.0054 4360 Parport - ok
18:36:41.0147 4360 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:36:41.0147 4360 partmgr - ok
18:36:41.0194 4360 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:36:41.0194 4360 pci - ok
18:36:41.0256 4360 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
18:36:41.0256 4360 pciide - ok
18:36:41.0334 4360 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:36:41.0350 4360 pcmcia - ok
18:36:41.0537 4360 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:36:41.0537 4360 PEAUTH - ok
18:36:41.0693 4360 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:36:41.0693 4360 PptpMiniport - ok
18:36:41.0834 4360 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:36:41.0834 4360 Processor - ok
18:36:41.0974 4360 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:36:41.0974 4360 PSched - ok
18:36:42.0177 4360 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:36:42.0192 4360 ql2300 - ok
18:36:42.0208 4360 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:36:42.0208 4360 ql40xx - ok
18:36:42.0286 4360 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:36:42.0286 4360 QWAVEdrv - ok
18:36:42.0348 4360 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:36:42.0348 4360 RasAcd - ok
18:36:42.0442 4360 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:36:42.0442 4360 Rasl2tp - ok
18:36:42.0598 4360 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:36:42.0598 4360 RasPppoe - ok
18:36:42.0660 4360 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:36:42.0660 4360 RasSstp - ok
18:36:42.0785 4360 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:36:42.0785 4360 rdbss - ok
18:36:42.0848 4360 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:36:42.0848 4360 RDPCDD - ok
18:36:42.0957 4360 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:36:42.0957 4360 rdpdr - ok
18:36:43.0019 4360 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:36:43.0019 4360 RDPENCDD - ok
18:36:43.0097 4360 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
18:36:43.0113 4360 RDPWD - ok
18:36:43.0222 4360 RimUsb - ok
18:36:43.0347 4360 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:36:43.0347 4360 RimVSerPort - ok
18:36:43.0362 4360 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
18:36:43.0362 4360 ROOTMODEM - ok
18:36:43.0394 4360 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:36:43.0394 4360 rspndr - ok
18:36:43.0487 4360 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:36:43.0487 4360 sbp2port - ok
18:36:43.0518 4360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:36:43.0518 4360 secdrv - ok
18:36:43.0612 4360 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:36:43.0612 4360 Serenum - ok
18:36:43.0674 4360 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:36:43.0674 4360 Serial - ok
18:36:43.0737 4360 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:36:43.0737 4360 sermouse - ok
18:36:43.0784 4360 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:36:43.0784 4360 sffdisk - ok
18:36:43.0846 4360 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:36:43.0846 4360 sffp_mmc - ok
18:36:43.0877 4360 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:36:43.0893 4360 sffp_sd - ok
18:36:43.0940 4360 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:36:43.0940 4360 sfloppy - ok
18:36:43.0986 4360 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:36:44.0002 4360 SiSRaid2 - ok
18:36:44.0064 4360 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:36:44.0064 4360 SiSRaid4 - ok
18:36:44.0127 4360 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:36:44.0127 4360 Smb - ok
18:36:44.0236 4360 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:36:44.0236 4360 spldr - ok
18:36:44.0314 4360 SRTSP - ok
18:36:44.0361 4360 SRTSPX - ok
18:36:44.0501 4360 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:36:44.0501 4360 srv - ok
18:36:44.0626 4360 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:36:44.0626 4360 srv2 - ok
18:36:44.0704 4360 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:36:44.0704 4360 srvnet - ok
18:36:44.0782 4360 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:36:44.0782 4360 swenum - ok
18:36:44.0860 4360 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:36:44.0860 4360 Symc8xx - ok
18:36:44.0938 4360 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:36:44.0938 4360 Sym_hi - ok
18:36:45.0000 4360 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:36:45.0000 4360 Sym_u3 - ok
18:36:45.0250 4360 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
18:36:45.0266 4360 Tcpip - ok
18:36:45.0515 4360 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
18:36:45.0531 4360 Tcpip6 - ok
18:36:45.0609 4360 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
18:36:45.0609 4360 tcpipreg - ok
18:36:45.0671 4360 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:36:45.0671 4360 TDPIPE - ok
18:36:45.0718 4360 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:36:45.0718 4360 TDTCP - ok
18:36:45.0812 4360 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:36:45.0812 4360 tdx - ok
18:36:45.0905 4360 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:36:45.0905 4360 TermDD - ok
18:36:45.0968 4360 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:36:45.0968 4360 tssecsrv - ok
18:36:46.0046 4360 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:36:46.0046 4360 tunmp - ok
18:36:46.0155 4360 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:36:46.0155 4360 tunnel - ok
18:36:46.0420 4360 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:36:46.0420 4360 uagp35 - ok
18:36:46.0576 4360 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:36:46.0576 4360 udfs - ok
18:36:46.0638 4360 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:36:46.0638 4360 uliagpkx - ok
18:36:46.0748 4360 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:36:46.0748 4360 uliahci - ok
18:36:46.0794 4360 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:36:46.0794 4360 UlSata - ok
18:36:46.0888 4360 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:36:46.0888 4360 ulsata2 - ok
18:36:46.0966 4360 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:36:46.0982 4360 umbus - ok
18:36:47.0153 4360 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:36:47.0153 4360 USBAAPL64 - ok
18:36:47.0356 4360 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
18:36:47.0356 4360 usbaudio - ok
18:36:47.0450 4360 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:36:47.0450 4360 usbccgp - ok
18:36:47.0512 4360 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:36:47.0512 4360 usbcir - ok
18:36:47.0574 4360 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:36:47.0574 4360 usbehci - ok
18:36:47.0668 4360 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:36:47.0668 4360 usbhub - ok
18:36:47.0730 4360 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:36:47.0730 4360 usbohci - ok
18:36:47.0840 4360 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:36:47.0840 4360 usbprint - ok
18:36:47.0964 4360 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:36:47.0964 4360 usbscan - ok
18:36:48.0089 4360 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:36:48.0089 4360 USBSTOR - ok
18:36:48.0152 4360 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:36:48.0152 4360 usbuhci - ok
18:36:48.0198 4360 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:36:48.0198 4360 vga - ok
18:36:48.0261 4360 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:36:48.0261 4360 VgaSave - ok
18:36:48.0292 4360 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:36:48.0292 4360 viaide - ok
18:36:48.0370 4360 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:36:48.0370 4360 volmgr - ok
18:36:48.0495 4360 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:36:48.0495 4360 volmgrx - ok
18:36:48.0573 4360 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:36:48.0573 4360 volsnap - ok
18:36:48.0744 4360 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:36:48.0744 4360 vsmraid - ok
18:36:48.0854 4360 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:36:48.0854 4360 WacomPen - ok
18:36:48.0963 4360 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:36:48.0963 4360 Wanarp - ok
18:36:48.0963 4360 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:36:48.0963 4360 Wanarpv6 - ok
18:36:49.0025 4360 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:36:49.0025 4360 Wd - ok
18:36:49.0228 4360 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:36:49.0228 4360 Wdf01000 - ok
18:36:49.0337 4360 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:36:49.0337 4360 WmiAcpi - ok
18:36:49.0509 4360 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:36:49.0509 4360 WpdUsb - ok
18:36:49.0556 4360 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:36:49.0556 4360 ws2ifsl - ok
18:36:49.0696 4360 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:36:49.0696 4360 WUDFRd - ok
18:36:49.0743 4360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:36:49.0821 4360 \Device\Harddisk0\DR0 - ok
18:36:49.0836 4360 Boot (0x1200) (ca3e0fcbbfb95e8cb8cb1c736b416103) \Device\Harddisk0\DR0\Partition0
18:36:49.0836 4360 \Device\Harddisk0\DR0\Partition0 - ok
18:36:49.0836 4360 ============================================================
18:36:49.0836 4360 Scan finished
18:36:49.0836 4360 ============================================================
18:36:49.0852 4132 Detected object count: 0
18:36:49.0852 4132 Actual detected object count: 0

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 03 January 2012 - 08:27 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 03 January 2012 - 10:18 PM

Gringo, computer is running MUCH better, combofix ran in about 10 mins rather than the hour it was taking before your help!

Combfix log:

ComboFix 12-01-03.04 - Steve 01/03/2012 21:05:15.13.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4485 [GMT -6:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
Command switches used :: c:\users\Steve\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 03:14 . 2012-01-04 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-04 03:14 . 2012-01-04 03:14 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-01-04 03:14 . 2012-01-04 03:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-04 03:14 . 2012-01-04 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 05:07 . 2010-04-12 23:29 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-29 05:07 . 2010-04-12 23:29 411368 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-29 04:18 . 2011-12-29 02:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-29 02:49 . 2011-12-29 02:49 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-29 02:47 . 2011-12-23 13:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-29 02:47 . 2011-12-29 02:47 -------- d-----w- c:\programdata\Lavasoft
2011-12-29 02:47 . 2011-12-29 02:47 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-28 01:24 . 2011-12-28 01:24 -------- d-----w- c:\program files (x86)\Free M4a to MP3 Converter
2011-12-27 03:09 . 2011-12-27 03:19 -------- d-----w- c:\programdata\PC Tools
2011-12-25 04:11 . 2011-12-25 04:11 -------- d-----w- c:\program files\iPod
2011-12-25 04:11 . 2011-12-25 04:11 -------- d-----w- c:\program files\iTunes
2011-12-23 01:33 . 2011-12-23 01:33 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-12-23 01:32 . 2011-12-23 01:32 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2011-12-23 01:32 . 2011-12-23 01:32 -------- d-----w- c:\programdata\Malwarebytes
2011-12-23 01:32 . 2011-12-23 01:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-23 01:32 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-23 01:16 . 2011-12-23 01:16 -------- d-----w- C:\$AVG
2011-12-23 00:26 . 2011-12-23 00:26 -------- d-----w- c:\users\Steve\AppData\Roaming\AVG2012
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\programdata\AVG Secure Search
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-12-23 00:22 . 2011-12-23 00:22 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-12-23 00:21 . 2011-12-23 23:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-23 00:21 . 2011-12-23 00:39 -------- d-----w- c:\programdata\AVG2012
2011-12-20 13:42 . 2011-12-20 13:42 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18060388-AC65-4F72-970A-E77AA3209C95}\offreg.dll
2011-12-20 05:31 . 2011-10-04 23:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{566FF561-65A5-48E2-9949-187F9116353D}\gapaengine.dll
2011-12-20 05:31 . 2011-11-30 08:21 8822856 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18060388-AC65-4F72-970A-E77AA3209C95}\mpengine.dll
2011-12-20 05:25 . 2011-12-20 05:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-20 05:25 . 2011-12-20 05:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-20 05:25 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-20 04:59 . 2011-12-20 04:59 388096 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-20 04:59 . 2011-12-20 04:59 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-20 04:12 . 2011-12-20 04:12 -------- d--h--w- c:\programdata\Common Files
2011-12-20 04:07 . 2011-12-23 23:40 -------- d-----w- c:\programdata\MFAData
2011-12-15 00:05 . 2011-12-20 04:47 -------- d-----w- c:\users\Steve\AppData\Local\userCommonLite
2011-12-13 22:29 . 2011-12-13 22:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 02:38 . 2011-06-13 17:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-20 05:11 . 2010-02-14 13:34 3820 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-11-26 04:15 . 2009-08-19 02:17 189744 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-26 04:15 . 2009-08-19 02:17 189744 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-26 04:15 . 2009-08-19 02:17 189744 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 12:23 . 2011-10-07 12:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-01_23.22.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-01-04 00:34 69570 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-19 17:56 . 2012-01-04 00:34 15646 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1257435997-3131582885-486837300-1000_UserData.bin
- 2009-07-19 17:56 . 2011-12-29 09:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-19 17:56 . 2012-01-03 13:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-19 17:56 . 2011-12-29 09:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-19 17:56 . 2012-01-03 13:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-19 17:56 . 2011-12-29 09:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-19 17:56 . 2012-01-03 13:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-21 22:53 . 2012-01-02 22:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-21 22:53 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-21 22:53 . 2011-12-29 05:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-21 22:53 . 2012-01-02 22:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-21 22:53 . 2012-01-02 22:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-21 22:53 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-08 05:21 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-08 05:21 . 2012-01-04 00:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-08 05:21 . 2011-12-29 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-08 05:21 . 2012-01-04 00:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-29 05:00 . 2011-12-29 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 00:32 . 2012-01-04 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 00:32 . 2012-01-04 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-29 05:00 . 2011-12-29 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-01-21 03:20 . 2012-01-01 02:48 425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-01-04 01:03 425984 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 15:45 . 2012-01-04 00:34 110316 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2011-12-29 05:07 606364 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-04 01:07 606364 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-12-29 05:07 104964 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-01-04 01:07 104964 c:\windows\system32\perfc009.dat
- 2010-12-28 09:15 . 2011-12-29 04:59 287256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-28 09:15 . 2012-01-04 00:31 287256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2008-01-21 03:20 . 2012-01-01 02:48 5373952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 01:03 5373952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-01 02:48 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 01:03 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:33 . 2011-12-29 04:59 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:33 . 2012-01-04 00:31 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-23 00:22 1574240 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2011-12-23 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1257435997-3131582885-486837300-1000Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 22:56]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1257435997-3131582885-486837300-1000UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 22:56]
.
2012-01-04 c:\windows\Tasks\User_Feed_Synchronization-{CE0B8A2D-0D56-449F-BF11-7F33610410B2}.job
- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-17 16137760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-17 82464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:58404
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\75knh4zb.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58404
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1257435997-3131582885-486837300-1000\Software\SecuROM\License information*]
"datasecu"=hex:6d,0e,5f,ee,5a,f3,5e,21,98,79,98,cd,ec,a3,82,a4,04,dc,48,3e,49,
8f,06,2a,e0,99,5d,9c,57,b1,ec,98,9a,95,78,40,a2,da,15,ba,7a,76,00,42,45,d9,\
"rkeysecu"=hex:4b,b0,e6,bf,b6,7f,8a,ea,36,3c,d9,a6,43,90,ae,f4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-01-03 21:16:00
ComboFix-quarantined-files.txt 2012-01-04 03:16
ComboFix2.txt 2012-01-03 14:32
ComboFix3.txt 2012-01-01 23:39
ComboFix4.txt 2011-12-22 00:27
ComboFix5.txt 2012-01-04 03:04
.
Pre-Run: 660,657,803,264 bytes free
Post-Run: 660,792,188,928 bytes free
.
- - End Of File - - F1EE3C54A7C383BAD906B3561E55DB69

#13 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 03 January 2012 - 10:27 PM

Gringo, status update of computer, running much smoother, not getting redirected.. just tried and got 10 of 10 google search links directly to target.

If you have anymore tips or tricks or suggestions after seeing those reports, please advise!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:52 PM

Posted 03 January 2012 - 11:06 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ntcbadabing

ntcbadabing
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 04 January 2012 - 08:00 AM

ComboFix Report:

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.4.1
Apple Application Support
Apple Software Update
Bing Rewards Client Installer
Choice Guard
Dead Space™
EA Download Manager
EA Download Manager UI
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print
EpsonNet Setup
Feedback Tool
Free Easy Burner V 4.0
Free M4a to MP3 Converter 7.0
Gateway Photo Frame 4.2.3.4
Gateway Recovery Management
Gateway ScreenSaver
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 5
Junk Mail filter update
KB0817 Keyboard Driver
Keyboard Application
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Default Manager
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.21)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Safari
SAMSUNG PC Share Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
TuneUp Companion 2.2.7
Ultima Online Stygian Abyss
Ultima Online: Mondain's Legacy
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Wolfenstein
Wolfenstein - Enemy Territory
Wolfenstein™ 1.2 Patch
Wolfenstein™ 1.2 Patch
Yahoo! BrowserPlus 2.7.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zoom Player (remove only)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users