Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Blackhole Exploit virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 harkonen

harkonen

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 15 January 2012 - 12:58 PM

Avg 2012 informed me that I was infected with a Blackhole Exploit virus.

DDS.txt log is as follows:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Clint Stone at 11:57:06 on 2012-01-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.85 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Anti-Virus - SBC Yahoo! Online Protection *Disabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.southbend.libproxy.ivytech.edu.allstate.libproxy.ivytech.edu/lib/ivytech/support/plugins/ebraryRdr.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file://c:\program files\pantheon\images\stg_drm.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://games.bigfishgames.com/en_dinerdash2restaura/online/DinerDash2.1.0.0.48.cab
DPF: {64D01C7F-810D-446E-A07E-365764235644} - hxxp://kraisoft.com/files/realone/atomaders.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176235652062
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://real.gamehouse.com/games/luxor/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\venice\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://real.gamehouse.com/games/bonniesbookstore/popcaploader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbc/TrueInstallSBC.exe
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E30964ED-8237-4A01-9DB3-63D78AB81C3A} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\clint stone\application data\mozilla\firefox\profiles\dv75lqh0.default\
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: f:\my games\mediago\npmediago.dll
FF - plugin: f:\program files\divx\divx web player\npdivx32.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 295248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S3 lac97inf;lac97inf;\??\c:\docume~1\clints~1\locals~1\temp\lac97inf.sys --> c:\docume~1\clints~1\locals~1\temp\lac97inf.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\SiriusUSB.sys [2005-12-31 7552]
.
=============== Created Last 30 ================
.
2012-01-03 13:10:44 182672 -c--a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-01 19:52:04 87608 -c--a-w- c:\documents and settings\clint stone\application data\inst.exe
.
==================== Find3M ====================
.
2012-01-01 19:52:04 47360 -c--a-w- c:\documents and settings\clint stone\application data\pcouffin.sys
2011-11-23 13:25:32 1859584 -c--a-w- c:\windows\system32\win32k.sys
2011-11-14 21:59:04 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 -c--a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 -c--a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 -c--a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 -c--a-w- c:\windows\system32\encdec.dll
2009-01-09 17:51:41 140 -c--a-w- c:\program files\client_restart.reg
2006-04-22 19:17:42 36465208 -c----w- c:\program files\iTunesSetup.exe
2005-10-09 12:51:50 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-12-19 19:31:51 274664 -c----w- c:\program files\aolsupp.exe
2004-10-01 19:00:16 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340014A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B4B49F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86b52738]; MOV EAX, [0x86b528ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86F8E030]
3 CLASSPNP[0xF7557FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x86A72EE0]
\Driver\atapi[0x86C0F840] -> IRP_MJ_CREATE -> 0x86B4B49F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86B4B2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:01:51.37 ===============

The DDS Attach log and Gmer/Ark logs are attached to message.
Thanks in advance for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:44 PM

Posted 17 January 2012 - 12:25 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 harkonen

harkonen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 17 January 2012 - 07:53 PM

Log from Combofix:

ComboFix 12-01-17.01 - Clint Stone 01/17/2012 18:06:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.298 [GMT -5:00]
Running from: c:\documents and settings\Clint Stone\Desktop\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *Disabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\6C5EC3CD.TMP
c:\documents and settings\Clint Stone\Application Data\inst.exe
c:\documents and settings\Clint Stone\Local Settings\Application Data\assembly\tmp
F:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 22:19 . 2012-01-17 22:19 -------- dc----w- c:\windows\LastGood
2012-01-03 13:10 . 2012-01-03 13:10 182672 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-29 02:25 . 2011-12-29 02:25 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-29 02:24 . 2011-12-29 02:24 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-12-29 02:23 . 2011-12-29 02:23 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 19:52 . 2007-02-09 11:24 47360 -c--a-w- c:\documents and settings\Clint Stone\Application Data\pcouffin.sys
2011-11-23 13:25 . 2004-08-04 11:00 1859584 -c--a-w- c:\windows\system32\win32k.sys
2011-11-14 21:59 . 2011-06-02 14:45 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 11:00 916992 -c--a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 11:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 11:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 11:00 385024 -c--a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 11:00 1288704 -c--a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 11:00 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 11:00 2192768 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 11:00 2069376 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2009-01-09 17:51 . 2009-01-09 17:51 140 -c--a-w- c:\program files\client_restart.reg
2006-04-22 19:17 . 2006-04-22 19:17 36465208 -c----w- c:\program files\iTunesSetup.exe
2005-10-09 12:51 . 2005-10-09 12:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-12-19 19:31 . 2004-12-19 19:31 274664 -c----w- c:\program files\aolsupp.exe
2004-10-01 19:00 . 2007-04-19 01:35 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2011-03-04 11:50 . 2011-03-12 21:50 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
2006-12-02 20:05 230512 -c--a-w- c:\program files\Yahoo!\Antivirus\CAVTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
2006-12-02 20:05 185456 -c--a-w- c:\program files\Yahoo!\Antivirus\CAVRid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 2690 Daemon]
2002-02-07 15:45 65536 -c----w- c:\windows\SYSTEM32\SK6200dm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- f:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -c--a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-02-11 01:40 2048000 -c--a-w- c:\program files\ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 -c--a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-19 21:43 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2006-07-21 15:43 407032 -c--a-w- c:\progra~1\Yahoo!\YOP\yop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\Clint Stone\\Desktop\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R3 lac97inf;lac97inf;c:\docume~1\CLINTS~1\LOCALS~1\Temp\lac97inf.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2008-05-08 47360]
R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\SiriusUSB.sys [2005-09-03 7552]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 Sk2690nt;PS/2 Keyboard Filter Driver for NT 4.0;c:\windows\system32\DRIVERS\SK6200nt.sys [2001-12-19 6112]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-08 24652]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 Sk26902k;PS/2 Keyboard Filter Driver for Win2000;c:\windows\system32\DRIVERS\SK62002k.sys [2002-02-05 7588]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{2DA829BF-3B61-4A58-8182-6A4A907915A7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file://c:\program files\Pantheon\Images\stg_drm.dll
DPF: {64D01C7F-810D-446E-A07E-365764235644} - hxxp://kraisoft.com/files/realone/atomaders.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
FF - ProfilePath - c:\documents and settings\Clint Stone\Application Data\Mozilla\Firefox\Profiles\dv75lqh0.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-PhotoShow Deluxe Media Manager - c:\progra~1\Nero\data\Xtras\mssysmgr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_06\bin\jusched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 18:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340014A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86B962C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\WININET.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2012-01-17 19:33:09
ComboFix-quarantined-files.txt 2012-01-18 00:32
.
Pre-Run: 4,996,059,136 bytes free
Post-Run: 5,437,300,736 bytes free
.
- - End Of File - - 6064B26B6C1468C902FE0A06B838CECA



Upon starting computer AVG came up with the following message:
ookluyygf.info/main.php?page=2cfeaf0ec8fa9a9a
Blackhole Exploit kit (type 2082)

While I was bringing up Internet Explorer the 'Date & Time properties' window would pop up.

Also AVG alerted the following message:
search.php?s=5f85a1410dbecf28
Blackhole Exploit Kit (type 2094)

While running Combofix a window popped up stating the AVG realtime scanner was still active but that Combofix would attempt to run anyway. This was AFTER I disabled it per guidelines given.

After Combofix finished I was forced to cold boot to restore my desktop as all icons had vanished.

Thanks for your help!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:44 PM

Posted 18 January 2012 - 11:07 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 harkonen

harkonen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 18 January 2012 - 07:29 PM

18:17:40.0687 0640 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
18:17:41.0187 0640 ============================================================
18:17:41.0187 0640 Current date / time: 2012/01/18 18:17:41.0187
18:17:41.0187 0640 SystemInfo:
18:17:41.0187 0640
18:17:41.0187 0640 OS Version: 5.1.2600 ServicePack: 3.0
18:17:41.0187 0640 Product type: Workstation
18:17:41.0187 0640 ComputerName: D678J561
18:17:41.0187 0640 UserName: Clint Stone
18:17:41.0187 0640 Windows directory: C:\WINDOWS
18:17:41.0187 0640 System windows directory: C:\WINDOWS
18:17:41.0187 0640 Processor architecture: Intel x86
18:17:41.0187 0640 Number of processors: 1
18:17:41.0187 0640 Page size: 0x1000
18:17:41.0187 0640 Boot type: Normal boot
18:17:41.0187 0640 ============================================================
18:18:04.0515 0640 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:18:04.0515 0640 Drive \Device\Harddisk1\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:18:09.0859 0640 Initialize success
18:18:18.0031 5948 ============================================================
18:18:18.0031 5948 Scan started
18:18:18.0031 5948 Mode: Manual;
18:18:18.0031 5948 ============================================================
18:18:18.0421 5948 Abiosdsk - ok
18:18:18.0578 5948 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:18:18.0625 5948 abp480n5 - ok
18:18:18.0796 5948 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:18:18.0812 5948 ACPI - ok
18:18:18.0968 5948 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:18:19.0015 5948 ACPIEC - ok
18:18:19.0171 5948 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:18:19.0296 5948 adpu160m - ok
18:18:19.0484 5948 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:18:19.0531 5948 aec - ok
18:18:19.0734 5948 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:18:19.0750 5948 AFD - ok
18:18:19.0921 5948 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:18:19.0953 5948 agp440 - ok
18:18:20.0062 5948 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:18:20.0062 5948 agpCPQ - ok
18:18:20.0250 5948 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:18:20.0343 5948 Aha154x - ok
18:18:20.0515 5948 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:18:20.0546 5948 aic78u2 - ok
18:18:20.0687 5948 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:18:20.0703 5948 aic78xx - ok
18:18:20.0890 5948 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:18:20.0921 5948 AliIde - ok
18:18:21.0062 5948 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:18:21.0078 5948 alim1541 - ok
18:18:21.0250 5948 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:18:21.0312 5948 amdagp - ok
18:18:21.0500 5948 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:18:21.0515 5948 amsint - ok
18:18:21.0703 5948 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:18:21.0734 5948 asc - ok
18:18:21.0906 5948 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:18:21.0937 5948 asc3350p - ok
18:18:22.0046 5948 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:18:22.0078 5948 asc3550 - ok
18:18:22.0281 5948 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:18:22.0359 5948 AsyncMac - ok
18:18:22.0546 5948 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:18:22.0546 5948 atapi - ok
18:18:22.0687 5948 Atdisk - ok
18:18:22.0828 5948 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:18:22.0906 5948 Atmarpc - ok
18:18:23.0078 5948 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:18:23.0109 5948 audstub - ok
18:18:23.0328 5948 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:18:23.0406 5948 AVGIDSDriver - ok
18:18:23.0578 5948 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:18:23.0578 5948 AVGIDSEH - ok
18:18:23.0734 5948 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:18:23.0734 5948 AVGIDSFilter - ok
18:18:23.0906 5948 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:18:23.0906 5948 AVGIDSShim - ok
18:18:24.0078 5948 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:18:24.0093 5948 Avgldx86 - ok
18:18:24.0281 5948 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:18:24.0281 5948 Avgmfx86 - ok
18:18:24.0484 5948 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:18:24.0484 5948 Avgrkx86 - ok
18:18:24.0703 5948 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:18:24.0734 5948 Avgtdix - ok
18:18:24.0906 5948 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:18:24.0921 5948 Beep - ok
18:18:25.0093 5948 bvrp_pci - ok
18:18:25.0343 5948 catchme - ok
18:18:25.0515 5948 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:18:25.0546 5948 cbidf - ok
18:18:25.0718 5948 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:18:25.0718 5948 cbidf2k - ok
18:18:25.0890 5948 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:18:25.0968 5948 CCDECODE - ok
18:18:26.0140 5948 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:18:26.0171 5948 cd20xrnt - ok
18:18:26.0359 5948 CdaC15BA (08f60f40d1a2a95a1f12eddbd9f25c1c) C:\WINDOWS\system32\drivers\CdaC15BA.SYS
18:18:29.0015 5948 CdaC15BA - ok
18:18:29.0187 5948 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:18:29.0203 5948 Cdaudio - ok
18:18:29.0375 5948 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:18:29.0421 5948 Cdfs - ok
18:18:29.0609 5948 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:18:29.0640 5948 Cdrom - ok
18:18:29.0734 5948 Changer - ok
18:18:29.0859 5948 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:18:29.0906 5948 CmdIde - ok
18:18:30.0093 5948 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:18:30.0109 5948 Cpqarray - ok
18:18:30.0296 5948 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:18:30.0312 5948 dac2w2k - ok
18:18:30.0500 5948 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:18:30.0546 5948 dac960nt - ok
18:18:30.0734 5948 DCamUSBEMPIA (0c63e13e8debad206e20015115cedd1e) C:\WINDOWS\system32\DRIVERS\emDevice.sys
18:18:34.0109 5948 DCamUSBEMPIA - ok
18:18:34.0281 5948 DgiVecp (277b9af0f1034be4731cba7eff10e8f9) C:\WINDOWS\system32\Drivers\DgiVecp.sys
18:18:36.0203 5948 DgiVecp - ok
18:18:36.0390 5948 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:18:36.0421 5948 Disk - ok
18:18:36.0656 5948 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:18:36.0687 5948 dmboot - ok
18:18:36.0890 5948 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:18:36.0953 5948 dmio - ok
18:18:37.0109 5948 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:18:37.0140 5948 dmload - ok
18:18:37.0328 5948 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:18:37.0343 5948 DMusic - ok
18:18:37.0593 5948 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:18:37.0593 5948 dpti2o - ok
18:18:37.0765 5948 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:18:37.0796 5948 drmkaud - ok
18:18:37.0984 5948 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:18:38.0609 5948 DSproct - ok
18:18:38.0781 5948 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
18:18:38.0921 5948 dsunidrv - ok
18:18:39.0125 5948 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:18:39.0125 5948 E100B - ok
18:18:39.0312 5948 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
18:18:39.0421 5948 elagopro - ok
18:18:39.0609 5948 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
18:18:39.0625 5948 elaunidr - ok
18:18:39.0937 5948 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:18:39.0937 5948 Fastfat - ok
18:18:40.0093 5948 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:18:40.0171 5948 Fdc - ok
18:18:40.0359 5948 FiltUSBEMPIA (4723090a93c0052e568e8d15e63efd56) C:\WINDOWS\system32\DRIVERS\emFilter.sys
18:18:41.0437 5948 FiltUSBEMPIA - ok
18:18:41.0656 5948 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:18:41.0687 5948 Fips - ok
18:18:41.0890 5948 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:18:42.0000 5948 Flpydisk - ok
18:18:42.0281 5948 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:18:42.0343 5948 FltMgr - ok
18:18:42.0531 5948 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:18:42.0593 5948 Fs_Rec - ok
18:18:42.0796 5948 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:18:42.0843 5948 Ftdisk - ok
18:18:43.0031 5948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:18:43.0078 5948 GEARAspiWDM - ok
18:18:43.0250 5948 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:18:43.0265 5948 Gpc - ok
18:18:43.0484 5948 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:18:43.0515 5948 HidUsb - ok
18:18:43.0750 5948 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:18:43.0765 5948 hpn - ok
18:18:43.0921 5948 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:18:43.0937 5948 HTTP - ok
18:18:44.0078 5948 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:18:44.0093 5948 i2omgmt - ok
18:18:44.0265 5948 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:18:44.0296 5948 i2omp - ok
18:18:44.0484 5948 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:18:44.0562 5948 i8042prt - ok
18:18:44.0812 5948 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:18:44.0890 5948 ialm - ok
18:18:45.0109 5948 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:18:45.0500 5948 Imapi - ok
18:18:45.0781 5948 InCDfs (744d80c319be9eb75cd32e135096824d) C:\WINDOWS\system32\drivers\InCDfs.sys
18:18:47.0750 5948 InCDfs - ok
18:18:47.0921 5948 InCDPass (6f4928e570ce70dd6160b15d0ce83b3f) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
18:18:49.0250 5948 InCDPass - ok
18:18:49.0390 5948 InCDrec (6a89459e81156d67067ff2b83f9c8d7f) C:\WINDOWS\system32\drivers\InCDrec.sys
18:18:49.0890 5948 InCDrec - ok
18:18:50.0093 5948 incdrm (d9225f114625e1e856a0f676451491ab) C:\WINDOWS\system32\drivers\incdrm.sys
18:18:51.0109 5948 incdrm - ok
18:18:51.0281 5948 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:18:51.0281 5948 ini910u - ok
18:18:51.0515 5948 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
18:18:51.0640 5948 IntelC51 - ok
18:18:51.0875 5948 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
18:18:51.0937 5948 IntelC52 - ok
18:18:52.0140 5948 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
18:18:52.0203 5948 IntelC53 - ok
18:18:52.0390 5948 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:18:52.0453 5948 IntelIde - ok
18:18:52.0625 5948 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:18:52.0640 5948 intelppm - ok
18:18:52.0843 5948 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:18:52.0906 5948 Ip6Fw - ok
18:18:53.0171 5948 IPFilter (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
18:18:53.0875 5948 IPFilter - ok
18:18:54.0187 5948 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:18:54.0203 5948 IpFilterDriver - ok
18:18:54.0343 5948 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:18:54.0359 5948 IpInIp - ok
18:18:54.0531 5948 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:18:54.0531 5948 IpNat - ok
18:18:54.0765 5948 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:18:54.0828 5948 IPSec - ok
18:18:55.0062 5948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:18:55.0140 5948 IRENUM - ok
18:18:55.0312 5948 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:18:55.0328 5948 isapnp - ok
18:18:55.0515 5948 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:18:55.0546 5948 Kbdclass - ok
18:18:55.0718 5948 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:18:55.0718 5948 kmixer - ok
18:18:55.0937 5948 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:18:55.0984 5948 KSecDD - ok
18:18:56.0203 5948 lac97inf - ok
18:18:56.0375 5948 lbrtfdc - ok
18:18:56.0515 5948 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:18:56.0515 5948 mnmdd - ok
18:18:56.0703 5948 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:18:56.0703 5948 Modem - ok
18:18:56.0890 5948 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:18:56.0921 5948 MODEMCSA - ok
18:18:57.0125 5948 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
18:18:57.0125 5948 mohfilt - ok
18:18:57.0265 5948 motccgp - ok
18:18:57.0359 5948 motccgpfl - ok
18:18:57.0437 5948 motmodem - ok
18:18:57.0531 5948 motport - ok
18:18:57.0687 5948 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:18:57.0734 5948 Mouclass - ok
18:18:57.0953 5948 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:18:57.0968 5948 mouhid - ok
18:18:58.0171 5948 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:18:58.0187 5948 MountMgr - ok
18:18:58.0343 5948 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:18:58.0359 5948 mraid35x - ok
18:18:58.0515 5948 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:18:58.0515 5948 MREMP50 - ok
18:18:58.0531 5948 MREMP50a64 - ok
18:18:58.0546 5948 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:18:58.0562 5948 MRESP50 - ok
18:18:58.0640 5948 MRESP50a64 - ok
18:18:58.0859 5948 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:18:58.0890 5948 MRxDAV - ok
18:18:59.0093 5948 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:18:59.0109 5948 MRxSmb - ok
18:18:59.0312 5948 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:18:59.0328 5948 Msfs - ok
18:18:59.0531 5948 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:18:59.0578 5948 MSKSSRV - ok
18:18:59.0765 5948 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:18:59.0812 5948 MSPCLOCK - ok
18:19:00.0031 5948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:19:00.0109 5948 MSPQM - ok
18:19:00.0296 5948 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:19:00.0296 5948 mssmbios - ok
18:19:00.0453 5948 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:19:00.0500 5948 MSTEE - ok
18:19:00.0671 5948 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:19:00.0687 5948 Mup - ok
18:19:00.0843 5948 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:19:00.0921 5948 NABTSFEC - ok
18:19:01.0312 5948 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:19:01.0343 5948 NDIS - ok
18:19:01.0546 5948 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:19:01.0578 5948 NdisIP - ok
18:19:01.0750 5948 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:19:01.0750 5948 NdisTapi - ok
18:19:01.0843 5948 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:19:01.0875 5948 Ndisuio - ok
18:19:02.0093 5948 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:19:02.0125 5948 NdisWan - ok
18:19:02.0312 5948 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:19:02.0421 5948 NDProxy - ok
18:19:02.0593 5948 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:19:02.0625 5948 NetBIOS - ok
18:19:02.0812 5948 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:19:02.0859 5948 NetBT - ok
18:19:03.0093 5948 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:19:03.0140 5948 Npfs - ok
18:19:03.0328 5948 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:19:03.0390 5948 Ntfs - ok
18:19:03.0578 5948 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:19:03.0609 5948 Null - ok
18:19:03.0859 5948 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:19:04.0000 5948 nv - ok
18:19:04.0187 5948 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:19:04.0203 5948 NwlnkFlt - ok
18:19:04.0328 5948 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:19:04.0359 5948 NwlnkFwd - ok
18:19:04.0578 5948 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:19:04.0640 5948 Parport - ok
18:19:04.0812 5948 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:19:04.0906 5948 PartMgr - ok
18:19:05.0109 5948 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:19:05.0125 5948 ParVdm - ok
18:19:05.0281 5948 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:19:05.0328 5948 PCI - ok
18:19:05.0484 5948 PCIDump - ok
18:19:05.0609 5948 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:19:05.0640 5948 PCIIde - ok
18:19:05.0828 5948 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:19:05.0859 5948 Pcmcia - ok
18:19:06.0062 5948 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:19:06.0093 5948 pcouffin - ok
18:19:06.0203 5948 PDCOMP - ok
18:19:06.0312 5948 PDFRAME - ok
18:19:06.0390 5948 PDRELI - ok
18:19:06.0484 5948 PDRFRAME - ok
18:19:06.0593 5948 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:19:06.0609 5948 perc2 - ok
18:19:06.0796 5948 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:19:06.0828 5948 perc2hib - ok
18:19:07.0078 5948 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
18:19:07.0593 5948 pfc - ok
18:19:07.0765 5948 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys
18:19:07.0828 5948 Point32 - ok
18:19:08.0046 5948 PortlUSB (c12c507091492a99a84a93ec6bb39b3a) C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys
18:19:08.0171 5948 PortlUSB - ok
18:19:08.0359 5948 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:19:08.0406 5948 PptpMiniport - ok
18:19:08.0609 5948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:19:08.0671 5948 PSched - ok
18:19:08.0828 5948 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:19:08.0843 5948 Ptilink - ok
18:19:08.0968 5948 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:19:09.0031 5948 PxHelp20 - ok
18:19:09.0203 5948 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:19:09.0203 5948 ql1080 - ok
18:19:09.0375 5948 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:19:09.0421 5948 Ql10wnt - ok
18:19:09.0609 5948 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:19:09.0640 5948 ql12160 - ok
18:19:09.0812 5948 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:19:09.0875 5948 ql1240 - ok
18:19:10.0078 5948 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:19:10.0109 5948 ql1280 - ok
18:19:10.0234 5948 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:19:10.0281 5948 RasAcd - ok
18:19:10.0453 5948 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:19:10.0468 5948 Rasl2tp - ok
18:19:10.0640 5948 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:19:10.0703 5948 RasPppoe - ok
18:19:10.0859 5948 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:19:10.0875 5948 Raspti - ok
18:19:11.0171 5948 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:19:11.0171 5948 Rdbss - ok
18:19:11.0296 5948 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:19:11.0312 5948 RDPCDD - ok
18:19:11.0531 5948 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:19:11.0609 5948 rdpdr - ok
18:19:11.0796 5948 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:19:11.0859 5948 RDPWD - ok
18:19:12.0031 5948 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:19:12.0125 5948 redbook - ok
18:19:12.0265 5948 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:19:12.0343 5948 SASDIFSV - ok
18:19:12.0437 5948 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:19:12.0453 5948 SASKUTIL - ok
18:19:12.0640 5948 ScanUSBEMPIA (71343164b40e741b3ce8f35c4072fb6d) C:\WINDOWS\system32\DRIVERS\emScan.sys
18:19:13.0375 5948 ScanUSBEMPIA - ok
18:19:13.0578 5948 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:19:13.0718 5948 Secdrv - ok
18:19:13.0921 5948 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
18:19:14.0031 5948 senfilt - ok
18:19:14.0281 5948 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:19:14.0328 5948 serenum - ok
18:19:14.0515 5948 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:19:14.0578 5948 Serial - ok
18:19:14.0703 5948 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:19:14.0750 5948 Sfloppy - ok
18:19:14.0906 5948 Simbad - ok
18:19:15.0031 5948 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:19:15.0062 5948 sisagp - ok
18:19:15.0296 5948 Sk26902k (8dc2963876a53c7f711889bce3b9a9da) C:\WINDOWS\system32\DRIVERS\SK62002k.sys
18:19:15.0406 5948 Sk26902k - ok
18:19:15.0578 5948 Sk2690nt (b393b75f080c736f9b18ea80353420ad) C:\WINDOWS\system32\DRIVERS\SK6200nt.sys
18:19:15.0609 5948 Sk2690nt - ok
18:19:15.0812 5948 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:19:15.0906 5948 SLIP - ok
18:19:16.0109 5948 smwdm (479533bacc58b1edf916855bcd139556) C:\WINDOWS\system32\drivers\smwdm.sys
18:19:16.0156 5948 smwdm - ok
18:19:16.0281 5948 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:19:16.0296 5948 Sparrow - ok
18:19:16.0468 5948 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:19:16.0531 5948 splitter - ok
18:19:16.0734 5948 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:19:16.0781 5948 sr - ok
18:19:16.0984 5948 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:19:17.0031 5948 Srv - ok
18:19:17.0234 5948 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:19:17.0296 5948 StillCam - ok
18:19:17.0484 5948 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:19:17.0562 5948 streamip - ok
18:19:17.0734 5948 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:19:17.0781 5948 swenum - ok
18:19:17.0953 5948 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:19:18.0046 5948 swmidi - ok
18:19:18.0281 5948 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:19:18.0312 5948 symc810 - ok
18:19:18.0468 5948 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:19:18.0500 5948 symc8xx - ok
18:19:18.0671 5948 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:19:18.0671 5948 sym_hi - ok
18:19:18.0796 5948 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:19:18.0812 5948 sym_u3 - ok
18:19:18.0984 5948 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:19:19.0031 5948 sysaudio - ok
18:19:19.0250 5948 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:19:19.0312 5948 Tcpip - ok
18:19:19.0500 5948 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:19:19.0562 5948 TDPIPE - ok
18:19:19.0750 5948 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:19:19.0812 5948 TDTCP - ok
18:19:19.0984 5948 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:19:20.0000 5948 TermDD - ok
18:19:20.0234 5948 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:19:20.0265 5948 TosIde - ok
18:19:20.0437 5948 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:19:20.0484 5948 Udfs - ok
18:19:20.0656 5948 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:19:20.0687 5948 ultra - ok
18:19:20.0875 5948 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:19:20.0953 5948 Update - ok
18:19:21.0140 5948 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:19:21.0312 5948 USBAAPL - ok
18:19:21.0484 5948 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:19:21.0531 5948 usbaudio - ok
18:19:21.0703 5948 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:19:21.0781 5948 usbccgp - ok
18:19:21.0968 5948 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:19:22.0015 5948 usbehci - ok
18:19:22.0203 5948 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:19:22.0250 5948 usbhub - ok
18:19:22.0453 5948 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:19:22.0531 5948 usbprint - ok
18:19:22.0703 5948 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:19:22.0750 5948 usbscan - ok
18:19:22.0921 5948 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:19:23.0000 5948 USBSTOR - ok
18:19:23.0203 5948 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:19:23.0234 5948 usbuhci - ok
18:19:23.0453 5948 VET-FILT (4357fb4c00702cc1e2c7b8e43e73c72d) C:\WINDOWS\system32\drivers\VET-FILT.sys
18:19:24.0593 5948 VET-FILT - ok
18:19:24.0765 5948 VET-REC (4cecb83be879ee3b7ae467b4a300a79f) C:\WINDOWS\system32\drivers\VET-REC.sys
18:19:25.0625 5948 VET-REC - ok
18:19:25.0796 5948 VETEBOOT (5bb0c1b5f8be72132456827394da70b9) C:\WINDOWS\system32\drivers\VETEBOOT.sys
18:19:25.0828 5948 VETEBOOT - ok
18:19:26.0046 5948 VETEFILE (8a2e756bb478ddaf4127653a613333be) C:\WINDOWS\system32\drivers\VETEFILE.sys
18:19:26.0078 5948 VETEFILE - ok
18:19:26.0250 5948 VETFDDNT (88130b90303b7672d4854e9e6de9fddd) C:\WINDOWS\system32\drivers\VETFDDNT.sys
18:19:26.0890 5948 VETFDDNT - ok
18:19:27.0062 5948 VETMONNT (89e280b1f8d07123e8ea80fdd4d95f51) C:\WINDOWS\system32\drivers\VETMONNT.sys
18:19:27.0796 5948 VETMONNT - ok
18:19:28.0015 5948 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:19:28.0046 5948 VgaSave - ok
18:19:28.0203 5948 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:19:28.0234 5948 viaagp - ok
18:19:28.0531 5948 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:19:28.0578 5948 ViaIde - ok
18:19:28.0984 5948 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:19:29.0062 5948 VolSnap - ok
18:19:29.0609 5948 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:19:29.0843 5948 Wanarp - ok
18:19:30.0093 5948 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:19:30.0218 5948 wanatw - ok
18:19:30.0625 5948 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:19:30.0828 5948 Wdf01000 - ok
18:19:31.0140 5948 WDICA - ok
18:19:31.0515 5948 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:19:31.0578 5948 wdmaud - ok
18:19:32.0062 5948 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:19:32.0187 5948 WpdUsb - ok
18:19:32.0531 5948 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:19:32.0671 5948 WS2IFSL - ok
18:19:33.0078 5948 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:19:33.0234 5948 WSTCODEC - ok
18:19:33.0640 5948 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:19:34.0000 5948 WudfPf - ok
18:19:34.0453 5948 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:19:34.0546 5948 WudfRd - ok
18:19:34.0609 5948 MBR (0x1B8) (4bc21aabb8ea83c34000756722b7398b) \Device\Harddisk0\DR0
18:19:34.0656 5948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:19:34.0656 5948 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:19:34.0656 5948 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR4
18:19:34.0671 5948 \Device\Harddisk1\DR4 - ok
18:19:34.0703 5948 Boot (0x1200) (4df417add92ec4a1cc1ed2700f2c6066) \Device\Harddisk0\DR0\Partition0
18:19:34.0734 5948 \Device\Harddisk0\DR0\Partition0 - ok
18:19:34.0750 5948 Boot (0x1200) (8b1876347166c8475a7f7ea09a1809ab) \Device\Harddisk1\DR4\Partition0
18:19:34.0750 5948 \Device\Harddisk1\DR4\Partition0 - ok
18:19:34.0750 5948 ============================================================
18:19:34.0750 5948 Scan finished
18:19:34.0750 5948 ============================================================
18:19:34.0765 4132 Detected object count: 1
18:19:34.0765 4132 Actual detected object count: 1
18:25:08.0312 4132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:25:08.0312 4132 \Device\Harddisk0\DR0 - ok
18:25:08.0312 4132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:25:13.0281 3412 Deinitialize success

Please note: waited 45 minutes for reboot to complete before cold booting.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:44 PM

Posted 18 January 2012 - 09:32 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 harkonen

harkonen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 19 January 2012 - 08:27 PM

ComboFix 12-01-17.01 - Clint Stone 01/19/2012 19:40:43.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.362 [GMT -5:00]
Running from: c:\documents and settings\Clint Stone\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clint Stone\Desktop\CFScript.txt.txt
AV: Anti-Virus - SBC Yahoo! Online Protection *Disabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 00:03 . 2012-01-20 00:03 12568 -c--a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-01-03 13:10 . 2012-01-03 13:10 182672 -c--a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-29 02:25 . 2011-12-29 02:25 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-29 02:24 . 2011-12-29 02:24 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-12-29 02:23 . 2011-12-29 02:23 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-01 19:52 . 2007-02-09 11:24 47360 -c--a-w- c:\documents and settings\Clint Stone\Application Data\pcouffin.sys
2011-11-23 13:25 . 2004-08-04 11:00 1859584 -c--a-w- c:\windows\system32\win32k.sys
2011-11-14 21:59 . 2011-06-02 14:45 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 11:00 916992 -c--a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 11:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 11:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 11:00 385024 -c--a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 11:00 1288704 -c--a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 11:00 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 11:00 2192768 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 11:00 2069376 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2009-01-09 17:51 . 2009-01-09 17:51 140 -c--a-w- c:\program files\client_restart.reg
2006-04-22 19:17 . 2006-04-22 19:17 36465208 -c----w- c:\program files\iTunesSetup.exe
2005-10-09 12:51 . 2005-10-09 12:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-12-19 19:31 . 2004-12-19 19:31 274664 -c----w- c:\program files\aolsupp.exe
2004-10-01 19:00 . 2007-04-19 01:35 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2011-03-04 11:50 . 2011-03-12 21:50 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-17_23.50.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-19 23:16 . 2012-01-19 23:16 16384 c:\windows\Temp\Perflib_Perfdata_adc.dat
- 2011-12-29 02:24 . 2012-01-01 02:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-29 02:24 . 2012-01-18 21:59 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-12-05 17:57 . 2012-01-18 21:59 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-05 17:57 . 2012-01-01 02:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-12-29 02:24 . 2012-01-18 21:59 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2011-12-29 02:24 . 2012-01-01 02:38 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
2006-12-02 20:05 230512 -c--a-w- c:\program files\Yahoo!\Antivirus\CAVTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
2006-12-02 20:05 185456 -c--a-w- c:\program files\Yahoo!\Antivirus\CAVRid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 2690 Daemon]
2002-02-07 15:45 65536 -c----w- c:\windows\SYSTEM32\SK6200dm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- f:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -c--a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2006-02-11 01:40 2048000 -c--a-w- c:\program files\ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 -c--a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
c:\progra~1\Nero\data\Xtras\mssysmgr.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\j2re1.4.2_06\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-03-19 21:43 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2006-07-21 15:43 407032 -c--a-w- c:\progra~1\Yahoo!\YOP\yop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\Clint Stone\\Desktop\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [3/16/2011 3:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [4/4/2011 11:59 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 Sk2690nt;PS/2 Keyboard Filter Driver for NT 4.0;c:\windows\SYSTEM32\DRIVERS\SK6200nt.sys [12/27/2004 3:37 PM 6112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:53 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 Sk26902k;PS/2 Keyboard Filter Driver for Win2000;c:\windows\SYSTEM32\DRIVERS\SK62002k.sys [12/27/2004 3:37 PM 7588]
S3 lac97inf;lac97inf;\??\c:\docume~1\CLINTS~1\LOCALS~1\Temp\lac97inf.sys --> c:\docume~1\CLINTS~1\LOCALS~1\Temp\lac97inf.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [2/9/2007 6:24 AM 47360]
S3 PortlUSB;PortlUSB;c:\windows\SYSTEM32\DRIVERS\SiriusUSB.sys [12/31/2005 7:04 PM 7552]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\User_Feed_Synchronization-{2DA829BF-3B61-4A58-8182-6A4A907915A7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file://c:\program files\Pantheon\Images\stg_drm.dll
DPF: {64D01C7F-810D-446E-A07E-365764235644} - hxxp://kraisoft.com/files/realone/atomaders.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
FF - ProfilePath - c:\documents and settings\Clint Stone\Application Data\Mozilla\Firefox\Profiles\dv75lqh0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340014A rev.8.16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86B882C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\WININET.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
- - - - - - - > 'explorer.exe'(5716)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-19 20:23:20
ComboFix-quarantined-files.txt 2012-01-20 01:23
ComboFix2.txt 2012-01-18 00:33
.
Pre-Run: 5,205,540,864 bytes free
Post-Run: 5,442,039,808 bytes free
.
- - End Of File - - D38DFAD7CB791E0A978D30A38997D56B


The Date / time properties window is still popping up in mutliples.
I had to disable AVG to re-run Combofix which thinks it's a virus and tries to eliminate it.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:44 PM

Posted 19 January 2012 - 08:33 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 harkonen

harkonen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 21 January 2012 - 08:41 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 20:38:47
-----------------------------
20:38:47.203 OS Version: Windows 5.1.2600 Service Pack 3
20:38:47.203 Number of processors: 1 586 0x304
20:38:47.203 ComputerName: D678J561 UserName:
20:38:55.156 Initialize success
20:39:16.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:39:16.000 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
20:39:16.000 Device \Driver\atapi -> DriverStartIo 86b872c6
20:39:16.000 Disk 0 MBR read successfully
20:39:16.000 Disk 0 MBR scan
20:39:16.000 Disk 0 TDL4@MBR code has been found
20:39:16.000 Disk 0 MBR hidden
20:39:16.000 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
20:39:16.015 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34506 MB offset 96390
20:39:16.031 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 70766325
20:39:16.031 Disk 0 MBR [TDL4] **ROOTKIT**
20:39:16.031 Disk 0 trace - called modules:
20:39:16.031 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86b8749f]<<
20:39:16.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f44ab8]
20:39:16.250 3 CLASSPNP.SYS[f7557fd7] -> nt!IofCallDriver -> [0x86a10d10]
20:39:16.265 \Driver\atapi[0x86cdf030] -> IRP_MJ_CREATE -> 0x86b8749f
20:39:16.265 Scan finished successfully
20:39:36.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Clint Stone\Desktop\MBR.dat"
20:39:36.328 The log file has been saved successfully to "C:\Documents and Settings\Clint Stone\Desktop\aswMBRlog.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:44 PM

Posted 21 January 2012 - 08:58 PM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 harkonen

harkonen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 23 January 2012 - 06:58 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-23 16:35:38
-----------------------------
16:35:38.890 OS Version: Windows 5.1.2600 Service Pack 3
16:35:38.890 Number of processors: 1 586 0x304
16:35:38.890 ComputerName: D678J561 UserName:
16:37:47.281 Initialize success
16:42:32.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:42:33.077 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
16:42:33.077 Device \Driver\atapi -> DriverStartIo 86ba32c6
16:42:33.171 Disk 0 MBR read successfully
16:42:33.171 Disk 0 MBR scan
16:42:33.171 Disk 0 TDL4@MBR code has been found
16:42:33.171 Disk 0 MBR hidden
16:42:33.296 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
16:42:33.406 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34506 MB offset 96390
16:42:33.609 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 70766325
16:42:33.609 Disk 0 MBR [TDL4] **ROOTKIT**
16:42:33.609 Disk 0 trace - called modules:
16:42:33.609 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86ba349f]<<
16:42:33.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f44ab8]
16:42:34.843 3 CLASSPNP.SYS[f7557fd7] -> nt!IofCallDriver -> [0x86bd7a08]
16:42:34.843 \Driver\atapi[0x86c090b8] -> IRP_MJ_CREATE -> 0x86ba349f
16:42:34.859 Scan finished successfully
16:43:36.421 Disk 0 MBR read successfully
16:43:36.421 Disk 0 TDL4@MBR code has been found
16:43:36.609 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
16:43:36.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34506 MB offset 96390
16:43:36.718 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 70766325
16:43:36.734 Disk 0 fixing MBR ...
16:43:36.952 Disk 0 MBR restored successfully
16:43:36.968 Verifying disinfection
16:43:50.218 Infection fixed successfully - please reboot ASAP
16:45:18.327 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Clint Stone\Desktop\MBR.dat"
16:45:18.749 The log file has been saved successfully to "C:\Documents and Settings\Clint Stone\Desktop\aswMBRfixlog.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:44 PM

Posted 23 January 2012 - 08:43 PM

Hello


please restart the computer and run a scan for me with aswmbr


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 harkonen

harkonen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 24 January 2012 - 05:19 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-24 17:15:58
-----------------------------
17:15:58.343 OS Version: Windows 5.1.2600 Service Pack 3
17:15:58.343 Number of processors: 1 586 0x304
17:15:58.343 ComputerName: D678J561 UserName:
17:16:00.859 Initialize success
17:16:16.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:16:16.125 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
17:16:16.156 Disk 0 MBR read successfully
17:16:16.156 Disk 0 MBR scan
17:16:16.156 Disk 0 unknown MBR code
17:16:16.156 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
17:16:16.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34506 MB offset 96390
17:16:16.171 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 70766325
17:16:16.171 Disk 0 scanning sectors +78108030
17:16:16.218 Disk 0 scanning C:\WINDOWS\system32\drivers
17:16:44.578 Service scanning
17:16:45.890 Modules scanning
17:17:04.156 Disk 0 trace - called modules:
17:17:04.187 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:17:04.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f44ab8]
17:17:04.687 3 CLASSPNP.SYS[f7557fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f83d98]
17:17:04.687 Scan finished successfully
17:17:31.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Clint Stone\Desktop\MBR.dat"
17:17:31.656 The log file has been saved successfully to "C:\Documents and Settings\Clint Stone\Desktop\aswMBR2.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:44 PM

Posted 24 January 2012 - 07:28 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Internet Explorer Default Page
Java™ 6 Update 25
Viewpoint Manager (Remove Only)
Viewpoint Toolbar


and click on remove



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 harkonen

harkonen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 25 January 2012 - 06:18 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Clint Stone :: D678J561 [administrator]

Protection: Enabled

1/25/2012 5:45:50 PM
mbam-log-2012-01-25 (17-45-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182359
Time elapsed: 15 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:25 PM, on 1/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Clint Stone\Desktop\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\Clint Stone\Desktop\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Documents and Settings\Clint Stone\Desktop\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Documents and Settings\Clint Stone\Desktop\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.southbend.libproxy.ivytech.edu.allstate.libproxy.ivytech.edu/lib/ivytech/support/plugins/ebraryRdr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file://C:\Program Files\Pantheon\Images\stg_drm.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://games.bigfishgames.com/en_dinerdash2restaura/online/DinerDash2.1.0.0.48.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176235652062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://real.gamehouse.com/games/luxor/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/sis/axhost.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Venice\Images\armhelper.ocx
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/bonniesbookstore/popcaploader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Unknown owner - G:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Documents and Settings\Clint Stone\Desktop\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://www.cavein.net/media/downloads/images/cavein_icon_01.gif

--
End of file - 14582 bytes


So I couldn't find Internet Explorer Default page otherwise uninstalled the others.
Reinstalled Java, TFC ran and wanted to reboot but sat spinning its wheels for at least 30 minutes so I cold booted. Then ran the other programs and posted the logs per your instructions. Haven't really used the computer much except to do as you've requested so kind of hard to tell how it's performing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users