Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected possibly tdss, google redirects, mcafee real time disabled


  • This topic is locked This topic is locked
16 replies to this topic

#1 bowser3132

bowser3132

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 04 January 2012 - 10:05 PM

I am having trouble with all web browsers, my mcafee real time will not turn on for more than a half a second, and cannot update. I have ran spybot and scanned with the non-updated version of mcafee and removed what was found. Still have a problem with removing it. I tried using the rkill + tdsskiller but tdss would not go past the "Do you want to run this file" window.

Thank you very much for your time.

William Bower

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Alison Howard at 21:33:45 on 2012-01-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2035 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Alison Howard\Downloads\HijackThis.exe
C:\Users\Alison Howard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B33ELXEP\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll__BHODemonDisabled
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll__BHODemonDisabled
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111218013837.dll__BHODemonDisabled
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll__BHODemonDisabled
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll__BHODemonDisabled
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll__BHODemonDisabled
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll__BHODemonDisabled
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll__BHODemonDisabled
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll__BHODemonDisabled
BHO: FB Layouts & Extras: {ff4e1d1d-705b-4379-ab33-22d98c1abf55} - C:\Program Files (x86)\FBLayouts\fblayouts.dll__BHODemonDisabled
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Mp3Tube Toolbar: {46897c77-e7a6-4c33-bffb-e9c2e2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {40F5F417-32BB-4296-9446-C1E0094E7D82} - No File
TB: {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRunOnce: [Wrapper] runonce
mRunOnce: [GrpConv] grpconv -o
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C5F1E6FA-7C36-48CD-80AB-1FDB276AF962} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C5F1E6FA-7C36-48CD-80AB-1FDB276AF962}\2456C6B696E6F5E4B2F5632383138383 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C5F1E6FA-7C36-48CD-80AB-1FDB276AF962}\36263623D27657563747 : DhcpNameServer = 192.168.0.200 192.168.33.1
TCP: Interfaces\{C5F1E6FA-7C36-48CD-80AB-1FDB276AF962}\B454C4355495D20534F5E4564777F627B6 : DhcpNameServer = 10.0.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll__BHODemonDisabled
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll__BHODemonDisabled
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111218013837.dll__BHODemonDisabled
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll__BHODemonDisabled
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll__BHODemonDisabled
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll__BHODemonDisabled
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll__BHODemonDisabled
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll__BHODemonDisabled
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll__BHODemonDisabled
BHO-X64: FB Layouts & Extras: {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files (x86)\FBLayouts\fblayouts.dll__BHODemonDisabled
BHO-X64: FB Layouts & Extras - No File
TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: Mp3Tube Toolbar: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - "C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {40F5F417-32BB-4296-9446-C1E0094E7D82} - No File
TB-X64: {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - No File
mRunOnce-x64: [Wrapper] runonce
mRunOnce-x64: [GrpConv] grpconv -o
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alison Howard\AppData\Roaming\Mozilla\Firefox\Profiles\f6hsiafr.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=B8BA3681-52C5-4238-B7D4-A5CBDAA506C0&ind=2011111700&ptnrS=CDxdm162YYus&si=1061411&n=77df2114&psa=&st=kwd&searchfor=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Alison Howard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-1 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-1 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-5 98208]
S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-29 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-5 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-10-1 101048]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-1 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-1 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-1 199272]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-3 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-5 2320920]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-29 136176]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-1 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-04 06:16:57 -------- d-----w- C:\Users\Alison Howard\AppData\Roaming\McAfee
2012-01-04 02:18:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-04 02:18:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-01-04 01:52:38 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{12AF69B2-1940-4F7E-BB60-D87AC9A94A1E}
2012-01-04 01:52:29 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{BFFD75BE-5B77-44A9-A79E-4E6E37D9F312}
2012-01-03 00:22:19 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{6470FE8C-1F9D-4F01-84BD-9795928B91F0}
2012-01-03 00:22:08 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{E8B5B6D3-476A-4FED-A9DA-42617B9A6024}
2012-01-03 00:03:24 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{7FC11900-83CA-421E-9E31-67B4A50A5524}
2012-01-02 23:59:49 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{DA7EB28F-9380-4A06-A524-75A5979EF4DD}
2011-12-30 16:59:00 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{B967C78A-8D4F-4616-88D0-166EE48A4D47}
2011-12-30 16:58:50 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{5012BC76-6F94-4E4D-BA3E-1448149CFFC4}
2011-12-30 16:58:41 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{C588D6DC-E35A-4579-8A36-11A7ABA5F330}
2011-12-30 16:58:30 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{F73D3586-5587-4043-B2E9-15CFF3344B8E}
2011-12-29 16:40:09 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{4137EB6F-D0BE-4CD1-9D6D-EB3085894922}
2011-12-29 16:39:59 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{7920EE2D-7F87-439A-B06E-957AC1E7FA47}
2011-12-29 16:39:49 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{767C6730-26B7-41E7-8C29-2C6C3E4D4540}
2011-12-29 16:39:38 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{CDCAD982-18ED-4B70-995A-4BE16E677856}
2011-12-28 23:55:22 367616 ----a-w- C:\Users\Alison Howard\AppData\Local\rnd.exe
2011-12-28 17:34:47 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{85422ACF-EB7E-4B5C-AB36-85FEDE8FEB3C}
2011-12-28 03:45:43 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{09F87880-08B1-447A-BBDA-6B993C7974A2}
2011-12-28 03:45:34 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{CD8549EF-E6A2-4565-BDB1-B2532D0F337B}
2011-12-27 15:45:04 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{C564EC0F-E53A-480A-A879-69CCC0692FAD}
2011-12-27 15:44:52 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{7CCEAF64-D6EA-4214-A86A-1872E6D1D0C0}
2011-12-27 15:44:40 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{0BAC7E5F-8BEC-49B8-A9BF-8D1B55386A98}
2011-12-27 01:54:20 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{7A1881FA-A673-496F-AA6D-EC6BFF440D2A}
2011-12-27 01:54:10 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{CC3BC93D-AAA8-463B-A48A-468042F560A5}
2011-12-27 01:54:00 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{338FCEB8-E26F-4F7F-98DB-03B453E8CFF6}
2011-12-27 01:53:48 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{3851CB5C-972D-452B-932D-5B20B82AD585}
2011-12-26 13:53:16 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{186EAE5B-1F49-4625-83C8-4362E11ACE4B}
2011-12-26 13:53:00 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{74C848CA-6921-42FB-825A-3F00E3CCF3FF}
2011-12-25 17:42:24 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{4FE5DEAA-7DAB-4CB7-98D3-01E2310ADFDC}
2011-12-25 17:42:15 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{0AF1C9BE-62F9-473F-9124-BAFBCD58FDC9}
2011-12-25 17:42:04 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{84C9FB03-FF92-40A5-BCC8-C96EE35DC121}
2011-12-25 17:41:34 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{B5743666-DE5D-498C-8529-855B19DA0A4E}
2011-12-25 04:08:04 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{758FB718-5074-4AF4-B664-814E7076E1D2}
2011-12-24 23:49:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-12-24 13:58:33 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{9C76F1BD-4510-4116-82E6-DBDCD0C83D71}
2011-12-24 13:58:23 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{8DCE1906-CA42-4791-B423-9AA1CC00216F}
2011-12-23 20:10:22 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{4FD4B2FB-19C5-4E2A-B320-8252155026F3}
2011-12-23 20:10:12 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{564CA452-6086-4ADD-9F02-8EAFB01F1FD5}
2011-12-23 17:40:01 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{4AB720CD-4134-421F-8248-1587409825D1}
2011-12-23 17:36:07 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{1FED223A-9A56-44AD-A0AD-C8A490C3F867}
2011-12-23 05:03:44 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{D18F61CE-3403-4467-B3C8-61811B16472F}
2011-12-23 05:03:34 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{83CF9B8A-8D1C-4A53-8D47-727E263F12C2}
2011-12-22 17:03:06 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{2D016F0D-82A7-4A79-BDE0-BF91DA8C8EBF}
2011-12-22 17:02:56 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{87079BA7-6BE4-4BFA-B4C9-9E84F294C40C}
2011-12-22 16:13:14 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{B2D227D0-3356-42C8-B8A7-66795DB0A415}
2011-12-22 03:27:36 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{B98CA945-00CB-4BE7-994C-735ABF9B9FDD}
2011-12-22 03:27:26 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{24ABCEE4-C023-4009-90E5-E638A8BF6793}
2011-12-21 14:17:35 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{E3045A33-87CB-4017-A12F-09307919DD71}
2011-12-21 14:17:24 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{4AD41556-5B9C-4D4A-99A0-B29DE72C55DF}
2011-12-21 01:57:21 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{25482279-747F-4C75-AEAC-1CC02052BE65}
2011-12-21 01:57:07 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{15ECD4A5-8972-4A5A-B685-A50CE45AFB24}
2011-12-20 23:35:22 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{A8E277C6-A856-4875-AAA3-EDCE00931878}
2011-12-19 18:43:37 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{EC7FD91B-1493-4162-B5F0-774D3C5E890B}
2011-12-19 18:43:26 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{1B8D9660-21EF-48EB-9EC9-EAEBBC1E4274}
2011-12-19 15:55:45 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{C485E590-DE89-4817-8B3E-9C9ED8BA0CDC}
2011-12-19 15:55:35 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{1B3A3FF2-1578-4DF8-90D7-F5887E1E2105}
2011-12-19 00:58:57 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{68D35E1A-C534-4CB7-BB3A-127C47A5FB53}
2011-12-19 00:58:47 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{3FF84B93-C628-41EE-B10A-841FF3FE880E}
2011-12-18 02:18:06 -------- d-----w- C:\ProgramData\STOPzilla!
2011-12-18 02:18:06 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-12-18 02:07:52 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{15869416-31EE-481C-B9BE-F9829F876592}
2011-12-18 02:07:43 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{7A040CB7-89BB-4F95-98EE-4C449B6051C0}
2011-12-18 02:07:33 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{3C5EA4B7-B04E-4E2D-A13A-4AE07970E57A}
2011-12-18 02:07:23 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{C2253689-A1AD-4017-9589-ED5067971055}
2011-12-18 01:54:40 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-12-18 01:54:30 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2011-12-18 01:54:21 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-12-17 02:20:27 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{9C5C6B14-D5A0-4B5E-AAC6-3599C4C780DC}
2011-12-17 02:20:16 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{22CE205C-4ED0-4398-A582-790E46C706C4}
2011-12-16 14:11:57 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{F6095136-CB0B-46C6-B0D6-618A6E6CE1FE}
2011-12-16 14:11:46 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{50DE44D1-3BA2-4C2E-A033-083DA8764F0A}
2011-12-15 15:33:13 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{A0471C93-25F0-4472-8D29-38132FF8A982}
2011-12-15 15:33:03 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{7E03B8B5-52D7-40F7-B450-BA90EFECD2ED}
2011-12-15 05:28:08 -------- d-----w- C:\Program Files\iPod
2011-12-15 05:28:07 -------- d-----w- C:\Program Files\iTunes
2011-12-15 05:28:07 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-15 03:43:59 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-15 03:43:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-15 03:43:59 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-15 03:43:59 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-15 03:43:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-12-15 03:43:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-12-15 03:39:38 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 03:39:34 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 03:39:30 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 03:39:30 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 03:39:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 03:39:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-15 03:32:31 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{0CA12768-552A-461B-B1AF-219176472D5D}
2011-12-15 03:32:20 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{FC8F87AD-2729-4FC4-99D6-E302D7629DB3}
2011-12-15 03:20:25 -------- d-----w- C:\Users\Alison Howard\AppData\Local\{AE796E86-6C21-4B94-8632-D51D7017FD54}
.
==================== Find3M ====================
.
2011-12-15 04:49:26 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-18 19:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-10-15 18:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 18:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 18:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 18:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 18:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 18:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 18:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 18:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 18:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 21:42:47.68 ===============
Attached File  Attach.txt   9.48KB   1 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 PM

Posted 08 January 2012 - 03:15 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bowser3132

bowser3132
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 10 January 2012 - 03:14 PM

Gringo,

Thank you very much for the help. I am having trouble disabling Mcafee. I have tried to disable it the way that was written above but it continues to show up when I try to run combofix. Should I remove Mcafee with the removal tool?

Thanks again

William Bower

#4 bowser3132

bowser3132
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 10 January 2012 - 03:38 PM

After trying to disable Mcafee, I opened the task manager/processes and there is not any current mcafee programs running at this time. After they were removed combofix still says that both mcafee antivirus and antispyware are still running. Didn't know if that could help.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 PM

Posted 10 January 2012 - 06:48 PM

go ahead and run combofix it will be OK


gringo9
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 bowser3132

bowser3132
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 10 January 2012 - 10:57 PM

A box popped up saying "There's a newer version of ComboFix available. Would you like to update ComboFix? Is this normal?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 PM

Posted 10 January 2012 - 11:05 PM

yes it is please allow it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 bowser3132

bowser3132
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 January 2012 - 12:37 AM

It just finished and gave me this log file.


ComboFix 12-01-10.02 - Alison Howard 01/10/2012 23:22:14.3.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.3108 [GMT -5:00]
Running from: c:\users\Alison Howard\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 05:10 . 2012-01-11 05:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-11 05:10 . 2012-01-11 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 04:07 . 2012-01-11 04:07 -------- d-----w- c:\programdata\McAfee
2012-01-11 04:06 . 2012-01-11 04:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FA398DA-5E4A-42A4-B38F-258325605159}\offreg.dll
2012-01-11 03:58 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FA398DA-5E4A-42A4-B38F-258325605159}\mpengine.dll
2012-01-10 20:23 . 2012-01-10 20:23 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-01-10 15:36 . 2012-01-10 15:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-01-04 06:16 . 2012-01-04 06:16 -------- d-----w- c:\users\Alison Howard\AppData\Roaming\McAfee
2012-01-04 02:31 . 2012-01-04 02:31 -------- d-----w- c:\windows\Sun
2012-01-04 02:18 . 2012-01-10 20:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-04 02:18 . 2012-01-10 20:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-24 23:49 . 2011-12-24 23:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-12-23 13:27 . 2011-12-30 16:17 -------- d-----w- c:\users\Mary and Cindy
2011-12-23 05:18 . 2011-12-23 05:19 -------- d-----w- c:\users\Becca and Kimberly
2011-12-18 02:18 . 2011-12-30 01:56 -------- d-----w- c:\programdata\STOPzilla!
2011-12-18 02:18 . 2011-12-18 02:18 -------- d-----w- c:\program files (x86)\Common Files\iS3
2011-12-18 01:54 . 2011-12-18 01:54 -------- d-----w- c:\program files (x86)\McAfeeMOBK
2011-12-18 01:54 . 2010-04-14 01:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-12-18 01:54 . 2011-12-18 01:54 -------- d-----w- c:\program files (x86)\McAfee Online Backup
2011-12-15 05:28 . 2011-12-15 05:28 -------- d-----w- c:\program files\iPod
2011-12-15 05:28 . 2011-12-15 05:29 -------- d-----w- c:\program files\iTunes
2011-12-15 05:28 . 2011-12-15 05:29 -------- d-----w- c:\program files (x86)\iTunes
2011-12-15 03:43 . 2011-11-04 01:53 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-15 03:43 . 2011-11-04 01:44 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 03:43 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-15 03:43 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-15 03:43 . 2011-11-04 01:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-15 03:43 . 2011-11-03 22:42 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-15 03:39 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 03:39 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 03:39 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 03:39 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 03:39 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 03:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 04:49 . 2011-05-14 19:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 04:28 . 2011-11-17 04:28 485576 ----a-w- c:\users\Alison Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-11-15 19:29 . 2011-04-18 01:16 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-09 20:17 . 2011-11-09 20:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-09 20:17 . 2011-11-09 20:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-09 20:17 . 2011-11-09 20:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-09 20:17 . 2011-11-09 20:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-09 20:17 . 2011-11-09 20:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-09 20:17 . 2011-11-09 20:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-09 20:17 . 2011-11-09 20:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-09 20:17 . 2011-11-09 20:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-09 20:17 . 2011-11-09 20:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-09 20:17 . 2011-11-09 20:17 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-09 20:17 . 2011-11-09 20:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-09 20:17 . 2011-11-09 20:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-09 20:17 . 2011-11-09 20:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-09 20:17 . 2011-11-09 20:17 448512 ----a-w- c:\windows\system32\html.iec
2011-11-09 20:17 . 2011-11-09 20:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-09 20:17 . 2011-11-09 20:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-09 20:17 . 2011-11-09 20:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-09 20:17 . 2011-11-09 20:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-09 20:17 . 2011-11-09 20:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-09 20:17 . 2011-11-09 20:17 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-09 20:17 . 2011-11-09 20:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-09 20:17 . 2011-11-09 20:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-09 20:17 . 2011-11-09 20:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-09 20:17 . 2011-11-09 20:17 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-09 20:17 . 2011-11-09 20:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-09 20:17 . 2011-11-09 20:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-09 20:17 . 2011-11-09 20:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-09 20:17 . 2011-11-09 20:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-09 20:17 . 2011-11-09 20:17 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-09 20:17 . 2011-11-09 20:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-09 20:17 . 2011-11-09 20:17 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-09 20:17 . 2011-11-09 20:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-09 20:17 . 2011-11-09 20:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-09 20:17 . 2011-11-09 20:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-09_23.48.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-04 05:00 . 2012-01-04 05:00 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-01-11 04:03 . 2012-01-11 04:03 13384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-12-24 23:49 . 2012-01-04 03:28 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-24 23:49 . 2012-01-11 03:50 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:10 . 2012-01-11 03:54 41154 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-16 14:36 . 2012-01-11 03:54 17228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-616439301-182660682-4282693050-1000_UserData.bin
- 2009-07-14 05:30 . 2011-12-25 12:53 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-01-10 20:21 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-01-10 15:36 . 2012-01-10 15:36 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-11 04:04 . 2012-01-11 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-09 21:10 . 2012-01-09 21:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 04:04 . 2012-01-11 04:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-09 21:10 . 2012-01-09 21:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-17 02:09 . 2012-01-11 04:03 308334 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:30 . 2011-12-25 12:53 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-01-10 20:21 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-14 14:55 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-01-10 20:21 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-01-11 04:03 234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-04 05:00 234124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-01-05 18:50 . 2011-12-27 02:10 1130840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-05 18:50 . 2012-01-11 04:03 1130840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-16 14:43 . 2012-01-04 05:00 26982044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-616439301-182660682-4282693050-1000-8192.dat
+ 2011-02-16 14:43 . 2012-01-11 04:03 26982044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-616439301-182660682-4282693050-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"cat"=c:\program files (x86)\CAT\cat.exe
"HP Quick Launch"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" /runkey
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 MOBCleanup;MOBCleanup;c:\users\Alison Howard\AppData\Local\Temp\MOBCleanup.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 0071241326253665mcinstcleanup;McAfee Application Installer Cleanup (0071241326253665);c:\users\ALISON~1\AppData\Local\Temp\007124~1.EXE [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 136176]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R4 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 00:55]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-30 00:55]
.
2012-01-04 c:\windows\Tasks\HPCeeScheduleForAlison Howard.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Alison Howard\AppData\Roaming\Mozilla\Firefox\Profiles\f6hsiafr.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=B8BA3681-52C5-4238-B7D4-A5CBDAA506C0&ind=2011111700&ptnrS=CDxdm162YYus&si=1061411&n=77df2114&psa=&st=kwd&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-11 00:30:41
ComboFix-quarantined-files.txt 2012-01-11 05:30
ComboFix2.txt 2012-01-10 22:40
ComboFix3.txt 2012-01-10 00:09
.
Pre-Run: 410,325,286,912 bytes free
Post-Run: 409,891,012,608 bytes free
.
- - End Of File - - 69002C1DD0803813ECFBE3A8E1B954C3

#9 bowser3132

bowser3132
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 January 2012 - 12:46 AM

Google still redirected me after a few searches.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 PM

Posted 11 January 2012 - 08:16 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bowser3132

bowser3132
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 January 2012 - 09:47 AM

09:42:21.0382 0948 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
09:42:21.0756 0948 ============================================================
09:42:21.0756 0948 Current date / time: 2012/01/11 09:42:21.0756
09:42:21.0756 0948 SystemInfo:
09:42:21.0756 0948
09:42:21.0756 0948 OS Version: 6.1.7601 ServicePack: 1.0
09:42:21.0756 0948 Product type: Workstation
09:42:21.0756 0948 ComputerName: ALISONHOWARD-HP
09:42:21.0756 0948 UserName: Alison Howard
09:42:21.0756 0948 Windows directory: C:\Windows
09:42:21.0756 0948 System windows directory: C:\Windows
09:42:21.0756 0948 Running under WOW64
09:42:21.0756 0948 Processor architecture: Intel x64
09:42:21.0756 0948 Number of processors: 4
09:42:21.0756 0948 Page size: 0x1000
09:42:21.0756 0948 Boot type: Safe boot with network
09:42:21.0756 0948 ============================================================
09:42:22.0084 0948 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
09:42:22.0162 0948 Initialize success
09:42:25.0656 1472 ============================================================
09:42:25.0656 1472 Scan started
09:42:25.0656 1472 Mode: Manual;
09:42:25.0656 1472 ============================================================
09:42:26.0670 1472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:42:26.0670 1472 1394ohci - ok
09:42:26.0748 1472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:42:26.0748 1472 ACPI - ok
09:42:26.0811 1472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:42:26.0811 1472 AcpiPmi - ok
09:42:26.0857 1472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:42:26.0857 1472 adp94xx - ok
09:42:26.0904 1472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:42:26.0904 1472 adpahci - ok
09:42:26.0935 1472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:42:26.0935 1472 adpu320 - ok
09:42:27.0013 1472 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:42:27.0013 1472 AFD - ok
09:42:27.0060 1472 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
09:42:27.0060 1472 AgereSoftModem - ok
09:42:27.0138 1472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:42:27.0138 1472 agp440 - ok
09:42:27.0201 1472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:42:27.0201 1472 aliide - ok
09:42:27.0216 1472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:42:27.0216 1472 amdide - ok
09:42:27.0232 1472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:42:27.0232 1472 AmdK8 - ok
09:42:27.0263 1472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:42:27.0263 1472 AmdPPM - ok
09:42:27.0310 1472 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:42:27.0310 1472 amdsata - ok
09:42:27.0357 1472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:42:27.0357 1472 amdsbs - ok
09:42:27.0357 1472 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:42:27.0357 1472 amdxata - ok
09:42:27.0419 1472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:42:27.0419 1472 AppID - ok
09:42:27.0497 1472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:42:27.0497 1472 arc - ok
09:42:27.0513 1472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:42:27.0513 1472 arcsas - ok
09:42:27.0559 1472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:42:27.0559 1472 AsyncMac - ok
09:42:27.0591 1472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:42:27.0591 1472 atapi - ok
09:42:27.0637 1472 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
09:42:27.0653 1472 athr - ok
09:42:27.0731 1472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:42:27.0731 1472 b06bdrv - ok
09:42:27.0747 1472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:42:27.0747 1472 b57nd60a - ok
09:42:27.0840 1472 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:42:27.0856 1472 BCM43XX - ok
09:42:27.0887 1472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:42:27.0903 1472 Beep - ok
09:42:27.0934 1472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:42:27.0949 1472 blbdrive - ok
09:42:28.0027 1472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:42:28.0027 1472 bowser - ok
09:42:28.0059 1472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:42:28.0059 1472 BrFiltLo - ok
09:42:28.0074 1472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:42:28.0074 1472 BrFiltUp - ok
09:42:28.0137 1472 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:42:28.0137 1472 BridgeMP - ok
09:42:28.0183 1472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:42:28.0183 1472 Brserid - ok
09:42:28.0199 1472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:42:28.0199 1472 BrSerWdm - ok
09:42:28.0230 1472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:42:28.0230 1472 BrUsbMdm - ok
09:42:28.0230 1472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:42:28.0230 1472 BrUsbSer - ok
09:42:28.0277 1472 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:42:28.0277 1472 BthEnum - ok
09:42:28.0308 1472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:42:28.0324 1472 BTHMODEM - ok
09:42:28.0339 1472 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:42:28.0339 1472 BthPan - ok
09:42:28.0402 1472 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:42:28.0402 1472 BTHPORT - ok
09:42:28.0449 1472 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:42:28.0449 1472 BTHUSB - ok
09:42:28.0589 1472 catchme - ok
09:42:28.0745 1472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:42:28.0745 1472 cdfs - ok
09:42:28.0776 1472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:42:28.0792 1472 cdrom - ok
09:42:28.0823 1472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:42:28.0823 1472 circlass - ok
09:42:28.0885 1472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:42:28.0885 1472 CLFS - ok
09:42:28.0963 1472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:42:28.0963 1472 CmBatt - ok
09:42:29.0073 1472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:42:29.0073 1472 cmdide - ok
09:42:29.0135 1472 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
09:42:29.0135 1472 CNG - ok
09:42:29.0166 1472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:42:29.0166 1472 Compbatt - ok
09:42:29.0197 1472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:42:29.0197 1472 CompositeBus - ok
09:42:29.0244 1472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:42:29.0244 1472 crcdisk - ok
09:42:29.0307 1472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:42:29.0307 1472 DfsC - ok
09:42:29.0338 1472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:42:29.0338 1472 discache - ok
09:42:29.0369 1472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:42:29.0369 1472 Disk - ok
09:42:29.0431 1472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:42:29.0431 1472 drmkaud - ok
09:42:29.0478 1472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:42:29.0478 1472 DXGKrnl - ok
09:42:29.0572 1472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:42:29.0587 1472 ebdrv - ok
09:42:29.0650 1472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:42:29.0650 1472 elxstor - ok
09:42:29.0681 1472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:42:29.0681 1472 ErrDev - ok
09:42:29.0775 1472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:42:29.0790 1472 exfat - ok
09:42:29.0806 1472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:42:29.0806 1472 fastfat - ok
09:42:29.0837 1472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:42:29.0837 1472 fdc - ok
09:42:29.0899 1472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:42:29.0899 1472 FileInfo - ok
09:42:29.0899 1472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:42:29.0899 1472 Filetrace - ok
09:42:29.0946 1472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:42:29.0946 1472 flpydisk - ok
09:42:29.0993 1472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:42:29.0993 1472 FltMgr - ok
09:42:30.0055 1472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:42:30.0055 1472 FsDepends - ok
09:42:30.0118 1472 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:42:30.0118 1472 fssfltr - ok
09:42:30.0133 1472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:42:30.0133 1472 Fs_Rec - ok
09:42:30.0196 1472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:42:30.0196 1472 fvevol - ok
09:42:30.0258 1472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:42:30.0258 1472 gagp30kx - ok
09:42:30.0352 1472 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:42:30.0352 1472 GEARAspiWDM - ok
09:42:30.0383 1472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:42:30.0383 1472 hcw85cir - ok
09:42:30.0430 1472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:42:30.0430 1472 HdAudAddService - ok
09:42:30.0477 1472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:42:30.0477 1472 HDAudBus - ok
09:42:30.0523 1472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:42:30.0523 1472 HECIx64 - ok
09:42:30.0539 1472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:42:30.0539 1472 HidBatt - ok
09:42:30.0586 1472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:42:30.0586 1472 HidBth - ok
09:42:30.0601 1472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:42:30.0601 1472 HidIr - ok
09:42:30.0648 1472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:42:30.0648 1472 HidUsb - ok
09:42:30.0757 1472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:42:30.0757 1472 HpSAMD - ok
09:42:30.0867 1472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:42:30.0867 1472 HTTP - ok
09:42:30.0929 1472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:42:30.0929 1472 hwpolicy - ok
09:42:30.0960 1472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:42:30.0960 1472 i8042prt - ok
09:42:31.0007 1472 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
09:42:31.0007 1472 iaStor - ok
09:42:31.0085 1472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:42:31.0085 1472 iaStorV - ok
09:42:31.0272 1472 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:42:31.0319 1472 igfx - ok
09:42:31.0366 1472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:42:31.0366 1472 iirsp - ok
09:42:31.0459 1472 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
09:42:31.0475 1472 IntcAzAudAddService - ok
09:42:31.0522 1472 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:42:31.0522 1472 IntcDAud - ok
09:42:31.0584 1472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:42:31.0584 1472 intelide - ok
09:42:31.0615 1472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:42:31.0615 1472 intelppm - ok
09:42:31.0678 1472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:42:31.0678 1472 IpFilterDriver - ok
09:42:31.0709 1472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:42:31.0709 1472 IPMIDRV - ok
09:42:31.0740 1472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:42:31.0740 1472 IPNAT - ok
09:42:31.0803 1472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:42:31.0803 1472 IRENUM - ok
09:42:31.0803 1472 is3srv - ok
09:42:31.0834 1472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:42:31.0834 1472 isapnp - ok
09:42:31.0896 1472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:42:31.0896 1472 iScsiPrt - ok
09:42:31.0927 1472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:42:31.0927 1472 kbdclass - ok
09:42:31.0974 1472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:42:31.0974 1472 kbdhid - ok
09:42:32.0005 1472 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
09:42:32.0005 1472 KSecDD - ok
09:42:32.0037 1472 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
09:42:32.0037 1472 KSecPkg - ok
09:42:32.0052 1472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:42:32.0052 1472 ksthunk - ok
09:42:32.0115 1472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:42:32.0115 1472 lltdio - ok
09:42:32.0161 1472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:42:32.0161 1472 LSI_FC - ok
09:42:32.0193 1472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:42:32.0193 1472 LSI_SAS - ok
09:42:32.0224 1472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:42:32.0224 1472 LSI_SAS2 - ok
09:42:32.0271 1472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:42:32.0271 1472 LSI_SCSI - ok
09:42:32.0302 1472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:42:32.0302 1472 luafv - ok
09:42:32.0349 1472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:42:32.0364 1472 megasas - ok
09:42:32.0380 1472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:42:32.0380 1472 MegaSR - ok
09:42:32.0458 1472 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
09:42:32.0458 1472 MOBKFilter - ok
09:42:32.0489 1472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:42:32.0489 1472 Modem - ok
09:42:32.0505 1472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:42:32.0505 1472 monitor - ok
09:42:32.0551 1472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:42:32.0551 1472 mouclass - ok
09:42:32.0583 1472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:42:32.0583 1472 mouhid - ok
09:42:32.0645 1472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:42:32.0661 1472 mountmgr - ok
09:42:32.0692 1472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:42:32.0692 1472 mpio - ok
09:42:32.0723 1472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:42:32.0723 1472 mpsdrv - ok
09:42:32.0754 1472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:42:32.0754 1472 MRxDAV - ok
09:42:32.0785 1472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:42:32.0801 1472 mrxsmb - ok
09:42:32.0832 1472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:42:32.0832 1472 mrxsmb10 - ok
09:42:32.0863 1472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:42:32.0863 1472 mrxsmb20 - ok
09:42:32.0910 1472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:42:32.0910 1472 msahci - ok
09:42:32.0957 1472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:42:32.0957 1472 msdsm - ok
09:42:32.0988 1472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:42:32.0988 1472 Msfs - ok
09:42:33.0004 1472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:42:33.0004 1472 mshidkmdf - ok
09:42:33.0035 1472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:42:33.0035 1472 msisadrv - ok
09:42:33.0066 1472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:42:33.0066 1472 MSKSSRV - ok
09:42:33.0097 1472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:42:33.0097 1472 MSPCLOCK - ok
09:42:33.0113 1472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:42:33.0113 1472 MSPQM - ok
09:42:33.0160 1472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:42:33.0160 1472 MsRPC - ok
09:42:33.0191 1472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:42:33.0191 1472 mssmbios - ok
09:42:33.0207 1472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:42:33.0207 1472 MSTEE - ok
09:42:33.0222 1472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:42:33.0222 1472 MTConfig - ok
09:42:33.0253 1472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:42:33.0253 1472 Mup - ok
09:42:33.0300 1472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:42:33.0316 1472 NativeWifiP - ok
09:42:33.0378 1472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:42:33.0378 1472 NDIS - ok
09:42:33.0409 1472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:42:33.0409 1472 NdisCap - ok
09:42:33.0441 1472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:42:33.0441 1472 NdisTapi - ok
09:42:33.0487 1472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:42:33.0487 1472 Ndisuio - ok
09:42:33.0534 1472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:42:33.0534 1472 NdisWan - ok
09:42:33.0565 1472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:42:33.0565 1472 NDProxy - ok
09:42:33.0597 1472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:42:33.0597 1472 NetBIOS - ok
09:42:33.0643 1472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:42:33.0659 1472 NetBT - ok
09:42:33.0753 1472 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:42:33.0784 1472 netw5v64 - ok
09:42:33.0799 1472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:42:33.0799 1472 nfrd960 - ok
09:42:33.0846 1472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:42:33.0846 1472 Npfs - ok
09:42:33.0862 1472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:42:33.0862 1472 nsiproxy - ok
09:42:33.0924 1472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:42:33.0940 1472 Ntfs - ok
09:42:33.0971 1472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:42:33.0971 1472 Null - ok
09:42:34.0018 1472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:42:34.0018 1472 nvraid - ok
09:42:34.0049 1472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:42:34.0049 1472 nvstor - ok
09:42:34.0080 1472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:42:34.0080 1472 nv_agp - ok
09:42:34.0127 1472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:42:34.0127 1472 ohci1394 - ok
09:42:34.0174 1472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:42:34.0174 1472 Parport - ok
09:42:34.0205 1472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:42:34.0205 1472 partmgr - ok
09:42:34.0221 1472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:42:34.0221 1472 pci - ok
09:42:34.0283 1472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:42:34.0283 1472 pciide - ok
09:42:34.0314 1472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:42:34.0314 1472 pcmcia - ok
09:42:34.0345 1472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:42:34.0345 1472 pcw - ok
09:42:34.0361 1472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:42:34.0377 1472 PEAUTH - ok
09:42:34.0439 1472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:42:34.0439 1472 PptpMiniport - ok
09:42:34.0455 1472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:42:34.0455 1472 Processor - ok
09:42:34.0517 1472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:42:34.0517 1472 Psched - ok
09:42:34.0564 1472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:42:34.0564 1472 ql2300 - ok
09:42:34.0595 1472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:42:34.0595 1472 ql40xx - ok
09:42:34.0611 1472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:42:34.0611 1472 QWAVEdrv - ok
09:42:34.0642 1472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:42:34.0642 1472 RasAcd - ok
09:42:34.0689 1472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:42:34.0689 1472 RasAgileVpn - ok
09:42:34.0751 1472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:42:34.0751 1472 Rasl2tp - ok
09:42:34.0767 1472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:42:34.0767 1472 RasPppoe - ok
09:42:34.0798 1472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:42:34.0798 1472 RasSstp - ok
09:42:34.0845 1472 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
09:42:34.0845 1472 rcmirror - ok
09:42:34.0891 1472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:42:34.0891 1472 rdbss - ok
09:42:34.0907 1472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:42:34.0907 1472 rdpbus - ok
09:42:34.0907 1472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:42:34.0907 1472 RDPCDD - ok
09:42:34.0938 1472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:42:34.0938 1472 RDPENCDD - ok
09:42:34.0969 1472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:42:34.0969 1472 RDPREFMP - ok
09:42:35.0001 1472 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:42:35.0001 1472 RDPWD - ok
09:42:35.0063 1472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:42:35.0063 1472 rdyboost - ok
09:42:35.0110 1472 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:42:35.0110 1472 RFCOMM - ok
09:42:35.0172 1472 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:42:35.0172 1472 RimUsb - ok
09:42:35.0219 1472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:42:35.0219 1472 rspndr - ok
09:42:35.0250 1472 RSUSBSTOR - ok
09:42:35.0297 1472 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:42:35.0297 1472 RTL8167 - ok
09:42:35.0344 1472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:42:35.0344 1472 sbp2port - ok
09:42:35.0406 1472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:42:35.0406 1472 scfilter - ok
09:42:35.0453 1472 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:42:35.0453 1472 sdbus - ok
09:42:35.0500 1472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:42:35.0500 1472 secdrv - ok
09:42:35.0547 1472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:42:35.0547 1472 Serenum - ok
09:42:35.0562 1472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:42:35.0578 1472 Serial - ok
09:42:35.0609 1472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:42:35.0609 1472 sermouse - ok
09:42:35.0656 1472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:42:35.0656 1472 sffdisk - ok
09:42:35.0687 1472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:42:35.0687 1472 sffp_mmc - ok
09:42:35.0703 1472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:42:35.0703 1472 sffp_sd - ok
09:42:35.0749 1472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:42:35.0749 1472 sfloppy - ok
09:42:35.0796 1472 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
09:42:35.0796 1472 Sftfs - ok
09:42:35.0859 1472 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:42:35.0859 1472 Sftplay - ok
09:42:35.0874 1472 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:42:35.0874 1472 Sftredir - ok
09:42:35.0905 1472 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
09:42:35.0905 1472 Sftvol - ok
09:42:35.0937 1472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:42:35.0937 1472 SiSRaid2 - ok
09:42:35.0968 1472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:42:35.0968 1472 SiSRaid4 - ok
09:42:36.0030 1472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:42:36.0030 1472 Smb - ok
09:42:36.0077 1472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:42:36.0077 1472 spldr - ok
09:42:36.0124 1472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:42:36.0124 1472 srv - ok
09:42:36.0155 1472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:42:36.0155 1472 srv2 - ok
09:42:36.0202 1472 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:42:36.0202 1472 SrvHsfHDA - ok
09:42:36.0249 1472 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:42:36.0264 1472 SrvHsfV92 - ok
09:42:36.0280 1472 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:42:36.0280 1472 SrvHsfWinac - ok
09:42:36.0311 1472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:42:36.0311 1472 srvnet - ok
09:42:36.0342 1472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:42:36.0342 1472 stexstor - ok
09:42:36.0405 1472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:42:36.0405 1472 swenum - ok
09:42:36.0483 1472 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
09:42:36.0483 1472 SynTP - ok
09:42:36.0529 1472 szkg5 - ok
09:42:36.0592 1472 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:42:36.0607 1472 Tcpip - ok
09:42:36.0639 1472 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:42:36.0654 1472 TCPIP6 - ok
09:42:36.0701 1472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:42:36.0701 1472 tcpipreg - ok
09:42:36.0717 1472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:42:36.0717 1472 TDPIPE - ok
09:42:36.0732 1472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:42:36.0732 1472 TDTCP - ok
09:42:36.0779 1472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:42:36.0779 1472 tdx - ok
09:42:36.0810 1472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:42:36.0810 1472 TermDD - ok
09:42:36.0873 1472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:42:36.0873 1472 tssecsrv - ok
09:42:36.0935 1472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:42:36.0935 1472 TsUsbFlt - ok
09:42:36.0982 1472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:42:36.0982 1472 tunnel - ok
09:42:37.0013 1472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:42:37.0013 1472 uagp35 - ok
09:42:37.0060 1472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:42:37.0060 1472 udfs - ok
09:42:37.0091 1472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:42:37.0091 1472 uliagpkx - ok
09:42:37.0138 1472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:42:37.0138 1472 umbus - ok
09:42:37.0185 1472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:42:37.0185 1472 UmPass - ok
09:42:37.0247 1472 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:42:37.0247 1472 USBAAPL64 - ok
09:42:37.0263 1472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:42:37.0278 1472 usbccgp - ok
09:42:37.0309 1472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:42:37.0309 1472 usbcir - ok
09:42:37.0341 1472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:42:37.0341 1472 usbehci - ok
09:42:37.0403 1472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:42:37.0403 1472 usbhub - ok
09:42:37.0434 1472 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:42:37.0434 1472 usbohci - ok
09:42:37.0465 1472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:42:37.0465 1472 usbprint - ok
09:42:37.0512 1472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:42:37.0512 1472 USBSTOR - ok
09:42:37.0543 1472 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:42:37.0543 1472 usbuhci - ok
09:42:37.0606 1472 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:42:37.0606 1472 usbvideo - ok
09:42:37.0668 1472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:42:37.0668 1472 vdrvroot - ok
09:42:37.0762 1472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:42:37.0762 1472 vga - ok
09:42:37.0793 1472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:42:37.0793 1472 VgaSave - ok
09:42:37.0824 1472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:42:37.0824 1472 vhdmp - ok
09:42:37.0855 1472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:42:37.0855 1472 viaide - ok
09:42:37.0887 1472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:42:37.0887 1472 volmgr - ok
09:42:37.0918 1472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:42:37.0933 1472 volmgrx - ok
09:42:37.0949 1472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:42:37.0949 1472 volsnap - ok
09:42:37.0965 1472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:42:37.0965 1472 vsmraid - ok
09:42:37.0996 1472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:42:37.0996 1472 vwifibus - ok
09:42:38.0027 1472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:42:38.0027 1472 vwififlt - ok
09:42:38.0058 1472 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:42:38.0058 1472 vwifimp - ok
09:42:38.0089 1472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:42:38.0089 1472 WacomPen - ok
09:42:38.0136 1472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:42:38.0136 1472 WANARP - ok
09:42:38.0167 1472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:42:38.0167 1472 Wanarpv6 - ok
09:42:38.0199 1472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:42:38.0199 1472 Wd - ok
09:42:38.0214 1472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:42:38.0214 1472 Wdf01000 - ok
09:42:38.0292 1472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:42:38.0292 1472 WfpLwf - ok
09:42:38.0308 1472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:42:38.0308 1472 WIMMount - ok
09:42:38.0370 1472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:42:38.0370 1472 WinUsb - ok
09:42:38.0433 1472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:42:38.0433 1472 WmiAcpi - ok
09:42:38.0479 1472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:42:38.0479 1472 ws2ifsl - ok
09:42:38.0495 1472 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:42:38.0495 1472 WSDPrintDevice - ok
09:42:38.0542 1472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:42:38.0542 1472 WudfPf - ok
09:42:38.0573 1472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:42:38.0573 1472 WUDFRd - ok
09:42:38.0635 1472 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
09:42:38.0635 1472 yukonw7 - ok
09:42:38.0667 1472 MBR (0x1B8) (cdfdd657a1bf665e7cc4978c5fb4e210) \Device\Harddisk0\DR0
09:42:38.0698 1472 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
09:42:38.0698 1472 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
09:42:38.0745 1472 Boot (0x1200) (eec3e9b28419025e478d9d9569b3cdbd) \Device\Harddisk0\DR0\Partition0
09:42:38.0745 1472 \Device\Harddisk0\DR0\Partition0 - ok
09:42:38.0760 1472 Boot (0x1200) (f9f50a876598ddc86e2e5573e7e2e688) \Device\Harddisk0\DR0\Partition1
09:42:38.0760 1472 \Device\Harddisk0\DR0\Partition1 - ok
09:42:38.0791 1472 Boot (0x1200) (727f20eb16c9d9e36651b904a5459d9c) \Device\Harddisk0\DR0\Partition2
09:42:38.0791 1472 \Device\Harddisk0\DR0\Partition2 - ok
09:42:38.0838 1472 Boot (0x1200) (8d65dd27c567a90ee50241b023fd1eb4) \Device\Harddisk0\DR0\Partition3
09:42:38.0854 1472 \Device\Harddisk0\DR0\Partition3 - ok
09:42:38.0869 1472 ============================================================
09:42:38.0869 1472 Scan finished
09:42:38.0869 1472 ============================================================
09:42:38.0869 1184 Detected object count: 1
09:42:38.0869 1184 Actual detected object count: 1
09:43:11.0973 1184 \Device\Harddisk0\DR0 - processing error
09:43:32.0611 1184 \Device\Harddisk0\DR0 - will be restored on reboot
09:43:32.0627 1184 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
09:43:58.0991 1964 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 PM

Posted 11 January 2012 - 10:16 AM

How is the computer doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 PM

Posted 14 January 2012 - 02:59 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bowser3132

bowser3132
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 14 January 2012 - 09:37 AM

Gringo,

Sorry about the wait, but everything seems to be ok now. Thank you very much for your time with the matter.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:47 PM

Posted 14 January 2012 - 08:54 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6 MUI
Java™ 6 Update 24
McAfee Security Scan Plus


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users