Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Internet Security 2012 and Firefox re-directing/pop-ups


  • This topic is locked This topic is locked
22 replies to this topic

#1 barnbabe718

barnbabe718

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 18 January 2012 - 07:50 PM

Yesterday, I started having the Windows 7 Security 2012 pop-ups. I've seen something similar before and knew it was a virus, so I didn't click on them and came here instead. I followed each step of the guide to remove the virus, and it seemed to have worked. However, I noticed today, that Firefox wasn't working correctly. When I tried to use Google, I couldn't open my searches; instead it re-directed to random sites. I've also been getting frequent pop-ups, despite having the pop-up blocker turned on. Some were porn, and others were local news sites.

I completed all of the steps in the guide on this site (FixNCR, RKill, TDSSKiller, Malwarebytes). I also ran Spybot S&D which found some cookies but nothing else. I'm not sure what to do at this point...

Here is my DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by ltuominen at 19:03:11 on 2012-01-18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.1044 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Symplcty\symplcty.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Sylvan\Impact Client\SC.App.CenterAdmin.exe
C:\Program Files\Sylvan\EOS Client\EOS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://companyweb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
uRun: [file:///C:/Program Files/Sylvan/RenPlace Tray Widget/Sylvan.Widgets.RenPlaceTray.exe] c:\program files\sylvan\renplace tray widget\Sylvan.Widgets.RenPlaceTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\ltuominen\appdata\roaming\microsoft\windows\start menu\programs\startup\MapDrive.bat
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{C280AC37-D1C1-4A8E-B0A9-53E36A9644D4} : NameServer = 10.0.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ltuominen\appdata\roaming\mozilla\firefox\profiles\8x8zqycc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInst11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 MpKsl687acae0;MpKsl687acae0;c:\programdata\microsoft\microsoft antimalware\definition updates\{217099b0-b236-4bec-9c8c-29d3f32874cc}\MpKsl687acae0.sys [2012-1-18 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-3-10 145936]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-5-7 57424]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-3-10 256528]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-11 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-12 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-12 136176]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-11 132352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-6-6 497008]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-15 1343400]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-7 380928]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384]
S4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;"c:\program files\trend micro\client server security agent\tmproxy.exe" --> c:\program files\trend micro\client server security agent\TmProxy.exe [?]
.
=============== Created Last 30 ================
.
2012-01-18 23:42:42 -------- d-----w- c:\users\ltuominen\appdata\roaming\SUPERAntiSpyware.com
2012-01-18 23:42:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-18 23:42:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-18 19:46:58 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{217099b0-b236-4bec-9c8c-29d3f32874cc}\MpKsl687acae0.sys
2012-01-18 19:46:57 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{217099b0-b236-4bec-9c8c-29d3f32874cc}\offreg.dll
2012-01-17 23:58:27 -------- d-----w- c:\users\ltuominen\appdata\roaming\Malwarebytes
2012-01-17 23:58:22 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 23:58:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 23:58:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-17 23:33:58 360960 ----a-w- c:\users\ltuominen\appdata\local\tszpru.exe
2012-01-17 22:16:42 -------- d-----w- c:\program files\iPod
2012-01-17 22:16:38 -------- d-----w- c:\program files\iTunes
2012-01-17 20:32:02 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{217099b0-b236-4bec-9c8c-29d3f32874cc}\mpengine.dll
2012-01-13 18:09:01 -------- d-----w- c:\program files\Citrix
2012-01-11 19:42:17 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:42:13 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:42:11 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:42:10 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 21:26:23 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-09 21:26:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-09 21:26:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-09 21:26:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-26 16:35:02 -------- d-----w- c:\windows\system32\DDCPickup
.
==================== Find3M ====================
.
2012-01-04 09:26:22 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:42:38 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42:37 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 19:03:33.07 ===============

Thank you in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 AM

Posted 22 January 2012 - 12:25 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 barnbabe718

barnbabe718
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 24 January 2012 - 07:00 PM

Hi Gringo,
Thanks for your help. I apologize for not getting back to you sooner. This is my work computer and I did not have access to it over the weekend. I tried to run ComboFix and had some issues.

I tried to follow the instructions to disable anti-virus software, and it seemed to have worked. Then, when I tried to run ComboFix, I came up with an error message:

ComboFix has detected the following real-time scanner(s) to be active:
antivirus: Microsoft Security Essentials
antispyware: Microsoft Security Essentials.
Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking OK.

I double-checked the directions, and checked Microsoft Security Essentials. It definitely said (and still says) that real-time protection is off. I pressed okay, since I knew that they weren't running.

Unfortunately, I got another message:

antivirus: Microsoft Security Essentials
antispyware: Microsoft Security Essentials
The above real-time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.

I wasn't sure what to do, so I let it run. After about 15 minutes, I got another error. A Windows notification said:

Freeware implementation of XCACLS has stopped working

And another window said:

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


I re-started my computer, and upon restart, came up with a window that said that "The recycle bin is corrupted." I'm not sure if this has anything to do with the rest...


So, I have no idea what to do from here... It seems that my anti-virus software is disabled, but I can't get ComboFix to run. I don't know if it has something to do with the network I'm on. Again, this is my work computer...

Do you have any suggestions?



Thanks,
Liz

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 AM

Posted 24 January 2012 - 07:05 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 barnbabe718

barnbabe718
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 24 January 2012 - 07:26 PM

It said "No threats found."

Here is the report:

19:20:57.0619 2268 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
19:20:57.0915 2268 ============================================================
19:20:57.0915 2268 Current date / time: 2012/01/24 19:20:57.0915
19:20:57.0915 2268 SystemInfo:
19:20:57.0915 2268
19:20:57.0915 2268 OS Version: 6.1.7600 ServicePack: 0.0
19:20:57.0915 2268 Product type: Workstation
19:20:57.0915 2268 ComputerName: LIZ-PC
19:20:57.0915 2268 UserName: ltuominen
19:20:57.0915 2268 Windows directory: C:\Windows
19:20:57.0915 2268 System windows directory: C:\Windows
19:20:57.0915 2268 Processor architecture: Intel x86
19:20:57.0915 2268 Number of processors: 2
19:20:57.0915 2268 Page size: 0x1000
19:20:57.0915 2268 Boot type: Normal boot
19:20:57.0915 2268 ============================================================
19:20:58.0602 2268 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:20:58.0664 2268 Initialize success
19:21:00.0677 2440 ============================================================
19:21:00.0677 2440 Scan started
19:21:00.0677 2440 Mode: Manual;
19:21:00.0677 2440 ============================================================
19:21:01.0441 2440 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:21:01.0441 2440 1394ohci - ok
19:21:01.0472 2440 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:21:01.0488 2440 ACPI - ok
19:21:01.0503 2440 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:21:01.0503 2440 AcpiPmi - ok
19:21:01.0550 2440 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:21:01.0550 2440 adp94xx - ok
19:21:01.0566 2440 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:21:01.0566 2440 adpahci - ok
19:21:01.0597 2440 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:21:01.0597 2440 adpu320 - ok
19:21:01.0644 2440 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
19:21:01.0659 2440 AFD - ok
19:21:01.0675 2440 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:21:01.0675 2440 agp440 - ok
19:21:01.0691 2440 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:21:01.0691 2440 aic78xx - ok
19:21:01.0737 2440 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:21:01.0737 2440 aliide - ok
19:21:01.0753 2440 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:21:01.0753 2440 amdagp - ok
19:21:01.0769 2440 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:21:01.0769 2440 amdide - ok
19:21:01.0800 2440 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:21:01.0800 2440 AmdK8 - ok
19:21:01.0815 2440 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:21:01.0815 2440 AmdPPM - ok
19:21:01.0847 2440 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
19:21:01.0847 2440 amdsata - ok
19:21:01.0878 2440 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:21:01.0878 2440 amdsbs - ok
19:21:01.0909 2440 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
19:21:01.0909 2440 amdxata - ok
19:21:01.0925 2440 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:21:01.0925 2440 AppID - ok
19:21:02.0018 2440 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:21:02.0018 2440 arc - ok
19:21:02.0049 2440 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:21:02.0049 2440 arcsas - ok
19:21:02.0081 2440 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:21:02.0081 2440 AsyncMac - ok
19:21:02.0081 2440 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:21:02.0081 2440 atapi - ok
19:21:02.0174 2440 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
19:21:02.0252 2440 atikmdag - ok
19:21:02.0330 2440 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:21:02.0330 2440 b06bdrv - ok
19:21:02.0393 2440 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:21:02.0408 2440 b57nd60x - ok
19:21:02.0517 2440 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:21:02.0517 2440 Beep - ok
19:21:02.0533 2440 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:21:02.0533 2440 blbdrive - ok
19:21:02.0642 2440 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
19:21:02.0642 2440 bowser - ok
19:21:02.0673 2440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:21:02.0673 2440 BrFiltLo - ok
19:21:02.0689 2440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:21:02.0689 2440 BrFiltUp - ok
19:21:02.0736 2440 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:21:02.0736 2440 BridgeMP - ok
19:21:02.0783 2440 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:21:02.0783 2440 Brserid - ok
19:21:02.0798 2440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:21:02.0798 2440 BrSerWdm - ok
19:21:02.0814 2440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:21:02.0814 2440 BrUsbMdm - ok
19:21:02.0829 2440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:21:02.0829 2440 BrUsbSer - ok
19:21:02.0845 2440 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:21:02.0845 2440 BTHMODEM - ok
19:21:02.0970 2440 catchme - ok
19:21:03.0048 2440 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:21:03.0048 2440 cdfs - ok
19:21:03.0095 2440 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:21:03.0095 2440 cdrom - ok
19:21:03.0126 2440 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:21:03.0126 2440 circlass - ok
19:21:03.0157 2440 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:21:03.0157 2440 CLFS - ok
19:21:03.0266 2440 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:21:03.0266 2440 CmBatt - ok
19:21:03.0297 2440 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:21:03.0297 2440 cmdide - ok
19:21:03.0313 2440 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:21:03.0329 2440 CNG - ok
19:21:03.0344 2440 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:21:03.0344 2440 Compbatt - ok
19:21:03.0375 2440 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:21:03.0375 2440 CompositeBus - ok
19:21:03.0407 2440 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:21:03.0407 2440 crcdisk - ok
19:21:03.0438 2440 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
19:21:03.0453 2440 CSC - ok
19:21:03.0485 2440 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
19:21:03.0485 2440 DfsC - ok
19:21:03.0516 2440 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:21:03.0516 2440 discache - ok
19:21:03.0531 2440 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:21:03.0531 2440 Disk - ok
19:21:03.0563 2440 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:21:03.0563 2440 drmkaud - ok
19:21:03.0609 2440 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
19:21:03.0609 2440 DXGKrnl - ok
19:21:03.0625 2440 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
19:21:03.0625 2440 e1express - ok
19:21:03.0703 2440 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:21:03.0750 2440 ebdrv - ok
19:21:03.0781 2440 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:21:03.0797 2440 elxstor - ok
19:21:03.0812 2440 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:21:03.0812 2440 ErrDev - ok
19:21:03.0843 2440 EUSBMSD (3dc945a9abbfb2ecf268eed276e05fec) C:\Windows\system32\DRIVERS\EUSBMSD.SYS
19:21:03.0843 2440 EUSBMSD - ok
19:21:03.0875 2440 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:21:03.0875 2440 exfat - ok
19:21:03.0890 2440 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:21:03.0906 2440 fastfat - ok
19:21:03.0921 2440 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:21:03.0921 2440 fdc - ok
19:21:03.0953 2440 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:21:03.0953 2440 FileInfo - ok
19:21:03.0968 2440 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:21:03.0968 2440 Filetrace - ok
19:21:03.0984 2440 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:03.0984 2440 flpydisk - ok
19:21:04.0015 2440 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:21:04.0015 2440 FltMgr - ok
19:21:04.0031 2440 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:21:04.0031 2440 FsDepends - ok
19:21:04.0046 2440 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:21:04.0046 2440 Fs_Rec - ok
19:21:04.0093 2440 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
19:21:04.0093 2440 fvevol - ok
19:21:04.0109 2440 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:04.0109 2440 gagp30kx - ok
19:21:04.0140 2440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:21:04.0140 2440 GEARAspiWDM - ok
19:21:04.0187 2440 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:21:04.0187 2440 hcw85cir - ok
19:21:04.0233 2440 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
19:21:04.0233 2440 HdAudAddService - ok
19:21:04.0249 2440 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:21:04.0249 2440 HDAudBus - ok
19:21:04.0265 2440 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:04.0265 2440 HidBatt - ok
19:21:04.0280 2440 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:21:04.0280 2440 HidBth - ok
19:21:04.0296 2440 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:21:04.0296 2440 HidIr - ok
19:21:04.0343 2440 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:21:04.0358 2440 HidUsb - ok
19:21:04.0374 2440 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:21:04.0389 2440 HpSAMD - ok
19:21:04.0421 2440 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:21:04.0421 2440 HTTP - ok
19:21:04.0436 2440 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:21:04.0436 2440 hwpolicy - ok
19:21:04.0467 2440 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:21:04.0467 2440 i8042prt - ok
19:21:04.0514 2440 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
19:21:04.0530 2440 iaStorV - ok
19:21:04.0701 2440 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:21:04.0842 2440 igfx - ok
19:21:04.0873 2440 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:21:04.0873 2440 iirsp - ok
19:21:04.0920 2440 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
19:21:04.0920 2440 Impcd - ok
19:21:04.0998 2440 IntcAzAudAddService (2a4eb3167a071a67d3f56e94663544ec) C:\Windows\system32\drivers\RTKVHDA.sys
19:21:05.0013 2440 IntcAzAudAddService - ok
19:21:05.0029 2440 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:21:05.0029 2440 intelide - ok
19:21:05.0045 2440 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:21:05.0045 2440 intelppm - ok
19:21:05.0076 2440 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:05.0076 2440 IpFilterDriver - ok
19:21:05.0076 2440 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:21:05.0076 2440 IPMIDRV - ok
19:21:05.0091 2440 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:21:05.0091 2440 IPNAT - ok
19:21:05.0123 2440 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:21:05.0123 2440 IRENUM - ok
19:21:05.0138 2440 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:21:05.0138 2440 isapnp - ok
19:21:05.0154 2440 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:21:05.0154 2440 iScsiPrt - ok
19:21:05.0185 2440 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:21:05.0185 2440 kbdclass - ok
19:21:05.0216 2440 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:21:05.0216 2440 kbdhid - ok
19:21:05.0232 2440 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
19:21:05.0232 2440 KSecDD - ok
19:21:05.0263 2440 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
19:21:05.0279 2440 KSecPkg - ok
19:21:05.0310 2440 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:21:05.0310 2440 lltdio - ok
19:21:05.0341 2440 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:21:05.0341 2440 LSI_FC - ok
19:21:05.0357 2440 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:21:05.0357 2440 LSI_SAS - ok
19:21:05.0372 2440 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:21:05.0372 2440 LSI_SAS2 - ok
19:21:05.0372 2440 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:21:05.0372 2440 LSI_SCSI - ok
19:21:05.0403 2440 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:21:05.0403 2440 luafv - ok
19:21:05.0419 2440 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:21:05.0419 2440 megasas - ok
19:21:05.0435 2440 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:21:05.0435 2440 MegaSR - ok
19:21:05.0450 2440 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:21:05.0450 2440 Modem - ok
19:21:05.0466 2440 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:21:05.0466 2440 monitor - ok
19:21:05.0497 2440 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:21:05.0497 2440 mouclass - ok
19:21:05.0513 2440 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:21:05.0513 2440 mouhid - ok
19:21:05.0528 2440 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:21:05.0528 2440 mountmgr - ok
19:21:05.0575 2440 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
19:21:05.0575 2440 MpFilter - ok
19:21:05.0591 2440 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:21:05.0591 2440 mpio - ok
19:21:05.0684 2440 MpKsl680a3326 - ok
19:21:05.0700 2440 MpKslf549fbbc - ok
19:21:05.0778 2440 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:21:05.0778 2440 MpNWMon - ok
19:21:05.0809 2440 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:21:05.0809 2440 mpsdrv - ok
19:21:05.0840 2440 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:21:05.0840 2440 MRxDAV - ok
19:21:05.0871 2440 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:05.0871 2440 mrxsmb - ok
19:21:05.0903 2440 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:05.0903 2440 mrxsmb10 - ok
19:21:05.0918 2440 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:05.0918 2440 mrxsmb20 - ok
19:21:05.0949 2440 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:21:05.0949 2440 msahci - ok
19:21:05.0949 2440 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:21:05.0965 2440 msdsm - ok
19:21:05.0996 2440 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:21:05.0996 2440 Msfs - ok
19:21:06.0012 2440 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:21:06.0012 2440 mshidkmdf - ok
19:21:06.0027 2440 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:21:06.0027 2440 msisadrv - ok
19:21:06.0074 2440 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:21:06.0074 2440 MSKSSRV - ok
19:21:06.0105 2440 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:06.0105 2440 MSPCLOCK - ok
19:21:06.0121 2440 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:21:06.0121 2440 MSPQM - ok
19:21:06.0137 2440 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:21:06.0137 2440 MsRPC - ok
19:21:06.0168 2440 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:21:06.0168 2440 mssmbios - ok
19:21:06.0183 2440 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:21:06.0183 2440 MSTEE - ok
19:21:06.0199 2440 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:06.0199 2440 MTConfig - ok
19:21:06.0215 2440 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:21:06.0215 2440 Mup - ok
19:21:06.0246 2440 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:21:06.0246 2440 NativeWifiP - ok
19:21:06.0293 2440 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:21:06.0308 2440 NDIS - ok
19:21:06.0324 2440 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:21:06.0324 2440 NdisCap - ok
19:21:06.0339 2440 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:06.0339 2440 NdisTapi - ok
19:21:06.0355 2440 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:06.0355 2440 Ndisuio - ok
19:21:06.0371 2440 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:06.0371 2440 NdisWan - ok
19:21:06.0386 2440 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:21:06.0386 2440 NDProxy - ok
19:21:06.0402 2440 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:21:06.0402 2440 NetBIOS - ok
19:21:06.0417 2440 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:21:06.0417 2440 NetBT - ok
19:21:06.0464 2440 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:21:06.0464 2440 nfrd960 - ok
19:21:06.0495 2440 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:21:06.0495 2440 Npfs - ok
19:21:06.0511 2440 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:21:06.0511 2440 nsiproxy - ok
19:21:06.0558 2440 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
19:21:06.0589 2440 Ntfs - ok
19:21:06.0620 2440 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:21:06.0620 2440 Null - ok
19:21:06.0651 2440 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
19:21:06.0651 2440 nvraid - ok
19:21:06.0683 2440 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
19:21:06.0683 2440 nvstor - ok
19:21:06.0698 2440 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:21:06.0698 2440 nv_agp - ok
19:21:06.0714 2440 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:21:06.0714 2440 ohci1394 - ok
19:21:06.0761 2440 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:21:06.0761 2440 Parport - ok
19:21:06.0776 2440 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:21:06.0776 2440 partmgr - ok
19:21:06.0792 2440 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:21:06.0792 2440 Parvdm - ok
19:21:06.0807 2440 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:21:06.0823 2440 pci - ok
19:21:06.0839 2440 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:21:06.0839 2440 pciide - ok
19:21:06.0854 2440 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:21:06.0854 2440 pcmcia - ok
19:21:06.0870 2440 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:21:06.0870 2440 pcw - ok
19:21:06.0885 2440 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:21:06.0901 2440 PEAUTH - ok
19:21:06.0948 2440 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:21:06.0948 2440 PptpMiniport - ok
19:21:06.0963 2440 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:21:06.0963 2440 Processor - ok
19:21:06.0995 2440 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:21:06.0995 2440 Psched - ok
19:21:07.0041 2440 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
19:21:07.0041 2440 PxHelp20 - ok
19:21:07.0073 2440 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:21:07.0104 2440 ql2300 - ok
19:21:07.0119 2440 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:21:07.0119 2440 ql40xx - ok
19:21:07.0135 2440 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:21:07.0135 2440 QWAVEdrv - ok
19:21:07.0151 2440 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:21:07.0151 2440 RasAcd - ok
19:21:07.0197 2440 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:21:07.0197 2440 RasAgileVpn - ok
19:21:07.0213 2440 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:07.0213 2440 Rasl2tp - ok
19:21:07.0229 2440 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:07.0244 2440 RasPppoe - ok
19:21:07.0260 2440 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:21:07.0260 2440 RasSstp - ok
19:21:07.0275 2440 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:21:07.0275 2440 rdbss - ok
19:21:07.0291 2440 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:21:07.0291 2440 rdpbus - ok
19:21:07.0307 2440 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:07.0307 2440 RDPCDD - ok
19:21:07.0322 2440 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
19:21:07.0322 2440 RDPDR - ok
19:21:07.0353 2440 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:21:07.0353 2440 RDPENCDD - ok
19:21:07.0353 2440 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:21:07.0353 2440 RDPREFMP - ok
19:21:07.0369 2440 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:21:07.0385 2440 RDPWD - ok
19:21:07.0400 2440 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:21:07.0400 2440 rdyboost - ok
19:21:07.0447 2440 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:21:07.0447 2440 rspndr - ok
19:21:07.0494 2440 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:21:07.0494 2440 RTL8167 - ok
19:21:07.0525 2440 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
19:21:07.0525 2440 s3cap - ok
19:21:07.0603 2440 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:21:07.0603 2440 SASDIFSV - ok
19:21:07.0619 2440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:21:07.0619 2440 SASKUTIL - ok
19:21:07.0697 2440 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:21:07.0697 2440 sbp2port - ok
19:21:07.0728 2440 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:21:07.0728 2440 scfilter - ok
19:21:07.0775 2440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:21:07.0775 2440 secdrv - ok
19:21:07.0806 2440 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:21:07.0806 2440 Serenum - ok
19:21:07.0821 2440 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:21:07.0821 2440 Serial - ok
19:21:07.0853 2440 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:21:07.0853 2440 sermouse - ok
19:21:07.0868 2440 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:21:07.0868 2440 sffdisk - ok
19:21:07.0884 2440 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:21:07.0884 2440 sffp_mmc - ok
19:21:07.0884 2440 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:21:07.0884 2440 sffp_sd - ok
19:21:07.0899 2440 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:21:07.0899 2440 sfloppy - ok
19:21:07.0915 2440 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:21:07.0915 2440 sisagp - ok
19:21:07.0931 2440 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:21:07.0931 2440 SiSRaid2 - ok
19:21:07.0946 2440 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:21:07.0946 2440 SiSRaid4 - ok
19:21:07.0962 2440 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:21:07.0962 2440 Smb - ok
19:21:07.0977 2440 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:21:07.0977 2440 spldr - ok
19:21:08.0009 2440 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
19:21:08.0024 2440 srv - ok
19:21:08.0040 2440 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
19:21:08.0040 2440 srv2 - ok
19:21:08.0071 2440 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
19:21:08.0071 2440 srvnet - ok
19:21:08.0102 2440 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:21:08.0102 2440 stexstor - ok
19:21:08.0133 2440 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
19:21:08.0133 2440 storflt - ok
19:21:08.0149 2440 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
19:21:08.0149 2440 storvsc - ok
19:21:08.0180 2440 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:21:08.0180 2440 swenum - ok
19:21:08.0243 2440 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
19:21:08.0258 2440 Tcpip - ok
19:21:08.0305 2440 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
19:21:08.0321 2440 TCPIP6 - ok
19:21:08.0367 2440 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:21:08.0367 2440 tcpipreg - ok
19:21:08.0367 2440 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:21:08.0367 2440 TDPIPE - ok
19:21:08.0383 2440 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:21:08.0383 2440 TDTCP - ok
19:21:08.0414 2440 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:21:08.0414 2440 tdx - ok
19:21:08.0430 2440 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:21:08.0430 2440 TermDD - ok
19:21:08.0477 2440 tmactmon (0868d7c7a793987dc9a1e3a3b6904466) C:\Windows\system32\DRIVERS\tmactmon.sys
19:21:08.0477 2440 tmactmon - ok
19:21:08.0508 2440 tmcomm (c4ddce6124bf6a711ab14d8153eac61d) C:\Windows\system32\DRIVERS\tmcomm.sys
19:21:08.0508 2440 tmcomm - ok
19:21:08.0539 2440 tmevtmgr (63660bb99905a6d78024467b3ec022a1) C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:21:08.0539 2440 tmevtmgr - ok
19:21:08.0570 2440 TmFilter - ok
19:21:08.0664 2440 tmlwf (c29cdbb5312178215ff7c50bf3609f06) C:\Windows\system32\DRIVERS\tmlwf.sys
19:21:08.0664 2440 tmlwf - ok
19:21:08.0695 2440 TmPreFilter - ok
19:21:08.0742 2440 tmwfp (5564df0df65cd79e7511089877a398b4) C:\Windows\system32\DRIVERS\tmwfp.sys
19:21:08.0742 2440 tmwfp - ok
19:21:08.0773 2440 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:08.0773 2440 tssecsrv - ok
19:21:08.0820 2440 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:21:08.0820 2440 tunnel - ok
19:21:08.0835 2440 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:21:08.0835 2440 uagp35 - ok
19:21:08.0851 2440 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:21:08.0867 2440 udfs - ok
19:21:08.0898 2440 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:21:08.0898 2440 uliagpkx - ok
19:21:08.0913 2440 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:21:08.0913 2440 umbus - ok
19:21:08.0929 2440 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:21:08.0929 2440 UmPass - ok
19:21:08.0976 2440 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:21:08.0976 2440 USBAAPL - ok
19:21:09.0007 2440 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:09.0007 2440 usbccgp - ok
19:21:09.0023 2440 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:21:09.0023 2440 usbcir - ok
19:21:09.0054 2440 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
19:21:09.0054 2440 usbehci - ok
19:21:09.0085 2440 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
19:21:09.0085 2440 usbhub - ok
19:21:09.0116 2440 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
19:21:09.0116 2440 usbohci - ok
19:21:09.0147 2440 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:21:09.0147 2440 usbprint - ok
19:21:09.0179 2440 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:21:09.0179 2440 USBSTOR - ok
19:21:09.0210 2440 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
19:21:09.0210 2440 usbuhci - ok
19:21:09.0225 2440 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:21:09.0225 2440 vdrvroot - ok
19:21:09.0257 2440 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:09.0257 2440 vga - ok
19:21:09.0272 2440 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:21:09.0272 2440 VgaSave - ok
19:21:09.0288 2440 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:21:09.0288 2440 vhdmp - ok
19:21:09.0303 2440 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:21:09.0303 2440 viaagp - ok
19:21:09.0319 2440 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:21:09.0319 2440 ViaC7 - ok
19:21:09.0335 2440 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:21:09.0335 2440 viaide - ok
19:21:09.0350 2440 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
19:21:09.0350 2440 vmbus - ok
19:21:09.0350 2440 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
19:21:09.0350 2440 VMBusHID - ok
19:21:09.0381 2440 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:21:09.0381 2440 volmgr - ok
19:21:09.0397 2440 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:21:09.0397 2440 volmgrx - ok
19:21:09.0413 2440 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:21:09.0413 2440 volsnap - ok
19:21:09.0444 2440 VSApiNt - ok
19:21:09.0475 2440 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:21:09.0475 2440 vsmraid - ok
19:21:09.0491 2440 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:21:09.0491 2440 vwifibus - ok
19:21:09.0506 2440 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:21:09.0506 2440 WacomPen - ok
19:21:09.0537 2440 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:09.0537 2440 WANARP - ok
19:21:09.0537 2440 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:09.0537 2440 Wanarpv6 - ok
19:21:09.0569 2440 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:21:09.0569 2440 Wd - ok
19:21:09.0584 2440 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:21:09.0584 2440 Wdf01000 - ok
19:21:09.0631 2440 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:21:09.0631 2440 WfpLwf - ok
19:21:09.0647 2440 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:21:09.0647 2440 WIMMount - ok
19:21:09.0709 2440 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
19:21:09.0709 2440 WinUsb - ok
19:21:09.0740 2440 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:21:09.0740 2440 WmiAcpi - ok
19:21:09.0756 2440 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:21:09.0756 2440 ws2ifsl - ok
19:21:09.0787 2440 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:21:09.0803 2440 WudfPf - ok
19:21:09.0803 2440 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:09.0803 2440 WUDFRd - ok
19:21:09.0834 2440 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:21:09.0896 2440 \Device\Harddisk0\DR0 - ok
19:21:09.0896 2440 Boot (0x1200) (2a1029f78ac2ad345b5c2ef98b764481) \Device\Harddisk0\DR0\Partition0
19:21:09.0896 2440 \Device\Harddisk0\DR0\Partition0 - ok
19:21:09.0912 2440 Boot (0x1200) (12c21e4761f5c09c717b2027432aae3b) \Device\Harddisk0\DR0\Partition1
19:21:09.0912 2440 \Device\Harddisk0\DR0\Partition1 - ok
19:21:09.0927 2440 Boot (0x1200) (31a175aadfcceb147d4dc6de2cff687c) \Device\Harddisk0\DR0\Partition2
19:21:09.0927 2440 \Device\Harddisk0\DR0\Partition2 - ok
19:21:09.0927 2440 ============================================================
19:21:09.0927 2440 Scan finished
19:21:09.0927 2440 ============================================================
19:21:09.0927 2964 Detected object count: 0
19:21:09.0927 2964 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 AM

Posted 24 January 2012 - 08:06 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 barnbabe718

barnbabe718
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 25 January 2012 - 08:12 PM

I just ran aswMBR. Here is the log:

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-25 19:52:42
-----------------------------
19:52:42.634 OS Version: Windows 6.1.7600
19:52:42.634 Number of processors: 2 586 0x170A
19:52:42.635 ComputerName: LIZ-PC UserName:
19:52:43.454 Initialize success
19:53:38.425 AVAST engine defs: 12012501
19:53:42.197 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:53:42.198 Disk 0 Vendor: WDC_WD3200AAJS-00L7A0 01.03E01 Size: 305245MB BusType: 3
19:53:42.220 Disk 0 MBR read successfully
19:53:42.222 Disk 0 MBR scan
19:53:42.226 Disk 0 Windows VISTA default MBR code
19:53:42.240 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
19:53:42.244 Disk 0 Partition - 00 0F Extended LBA 40960 MB offset 1026048
19:53:42.258 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 263783 MB offset 84912128
19:53:42.276 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40959 MB offset 1028096
19:53:42.290 Disk 0 scanning sectors +625139712
19:53:42.377 Disk 0 scanning C:\Windows\system32\drivers
19:53:49.581 Service scanning
19:53:50.557 Modules scanning
19:54:01.336 Disk 0 trace - called modules:
19:54:01.356 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
19:54:01.360 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865519a8]
19:54:01.365 3 CLASSPNP.SYS[8b7c059e] -> nt!IofCallDriver -> [0x860a2918]
19:54:01.369 5 ACPI.sys[8b29f3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x860a3030]
19:54:02.244 AVAST engine scan C:\Windows
19:54:04.220 AVAST engine scan C:\Windows\system32
19:55:29.080 AVAST engine scan C:\Windows\system32\drivers
19:55:36.323 AVAST engine scan C:\Users\ltuominen
20:07:01.802 AVAST engine scan C:\ProgramData
20:07:32.852 Scan finished successfully
20:07:53.677 Disk 0 MBR has been saved successfully to "C:\Users\ltuominen\Desktop\MBR.dat"
20:07:53.682 The log file has been saved successfully to "C:\Users\ltuominen\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 AM

Posted 26 January 2012 - 08:25 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 AM

Posted 29 January 2012 - 11:44 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 barnbabe718

barnbabe718
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 30 January 2012 - 07:50 PM

Sorry, I was out of the office over the weekend. I'll try the safe mode combofix now.

#11 barnbabe718

barnbabe718
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 30 January 2012 - 08:54 PM

Combofix took almost a half hour to run, then said "ComboFix has detected the presence of rootkit activity and needs to reboot the machine." I let it reboot into safe-mode again, and it ran all of the steps. Here is the log:

ComboFix 12-01-23.02 - LTuominen 01/30/2012 20:33:43.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.2361 [GMT -5:00]
Running from: c:\users\ltuominen\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\IE\1.1.2\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\users\ltuominen\Documents\pubFA08.tmp
c:\users\ltuominen\g2mdlhlpx.exe
c:\windows\$NtUninstallKB32000$
c:\windows\$NtUninstallKB32000$\35106621
c:\windows\$NtUninstallKB32000$\858672686\@
c:\windows\$NtUninstallKB32000$\858672686\bckfg.tmp
c:\windows\$NtUninstallKB32000$\858672686\cfg.ini
c:\windows\$NtUninstallKB32000$\858672686\Desktop.ini
c:\windows\$NtUninstallKB32000$\858672686\keywords
c:\windows\$NtUninstallKB32000$\858672686\kwrd.dll
c:\windows\$NtUninstallKB32000$\858672686\L\xadqgnnk
c:\windows\$NtUninstallKB32000$\858672686\lsflt7.ver
c:\windows\$NtUninstallKB32000$\858672686\U\00000001.@
c:\windows\$NtUninstallKB32000$\858672686\U\00000002.@
c:\windows\$NtUninstallKB32000$\858672686\U\00000004.@
c:\windows\$NtUninstallKB32000$\858672686\U\80000000.@
c:\windows\$NtUninstallKB32000$\858672686\U\80000004.@
c:\windows\$NtUninstallKB32000$\858672686\U\80000032.@
c:\windows\MSXML4-KB973685-ENU.EXE
c:\windows\MSXML4-KB973688-ENU.EXE
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 01:41 . 2012-01-31 01:42 -------- d-----w- c:\users\ltuominen\AppData\Local\temp
2012-01-31 01:41 . 2012-01-31 01:41 -------- d-----w- c:\users\Liz\AppData\Local\temp
2012-01-31 01:41 . 2012-01-31 01:41 -------- d-----w- c:\users\lboulet\AppData\Local\temp
2012-01-31 01:41 . 2012-01-31 01:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 01:30 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-30 21:33 . 2012-01-30 21:33 -------- d-----w- c:\program files\Crystal Decisions
2012-01-30 21:32 . 2001-09-10 08:47 103344 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-30 21:32 . 2012-01-30 21:32 -------- d-----w- c:\windows\system32\Adobe
2012-01-30 21:32 . 2012-01-30 21:32 -------- d-----w- c:\windows\Profiles
2012-01-30 21:32 . 2012-01-30 21:32 -------- d-----w- c:\users\ltuominen\AppData\Roaming\InterTrust
2012-01-30 21:32 . 2001-09-10 08:47 103344 ------w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-01-30 21:32 . 2001-08-01 22:05 270336 ----a-w- c:\program files\Internet Explorer\Plugins\NPDocBox.dll
2012-01-30 21:31 . 2012-01-30 21:31 -------- d-----w- C:\EOS Client 3.04 Install
2012-01-30 20:38 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C9739AE-7BB8-4A70-BB52-E3A3D7CE8100}\mpengine.dll
2012-01-30 20:34 . 2012-01-30 20:38 -------- d-----w- C:\EOS Client 3.04 Install - Server 2003
2012-01-18 23:42 . 2012-01-18 23:42 -------- d-----w- c:\users\ltuominen\AppData\Roaming\SUPERAntiSpyware.com
2012-01-18 23:42 . 2012-01-18 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-18 23:42 . 2012-01-18 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-17 23:58 . 2012-01-17 23:58 -------- d-----w- c:\users\ltuominen\AppData\Roaming\Malwarebytes
2012-01-17 23:58 . 2012-01-17 23:58 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 23:58 . 2012-01-18 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-17 23:58 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- c:\program files\iPod
2012-01-17 22:16 . 2012-01-17 22:17 -------- d-----w- c:\program files\iTunes
2012-01-13 18:09 . 2012-01-13 18:09 -------- d-----w- c:\program files\Citrix
2012-01-11 19:42 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:42 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:42 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:42 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 21:26 . 2012-01-09 21:26 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-09 21:26 . 2012-01-09 21:26 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 21:26 . 2012-01-09 21:26 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 21:26 . 2012-01-09 21:26 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2010-05-14 16:57 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-05-11 12:13 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 16:56 . 2011-12-10 16:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-10 16:56 . 2011-12-10 16:56 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-10 16:56 . 2011-12-10 16:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-10 16:56 . 2011-12-10 16:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-10 16:56 . 2011-12-10 16:56 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-10 16:56 . 2011-12-10 16:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-10 16:56 . 2011-12-10 16:56 367104 ----a-w- c:\windows\system32\html.iec
2011-12-10 16:56 . 2011-12-10 16:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-10 16:56 . 2011-12-10 16:56 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-10 16:56 . 2011-12-10 16:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-10 16:56 . 2011-12-10 16:56 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 16:56 . 2011-12-10 16:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-10 16:56 . 2011-12-10 16:56 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-10 16:56 . 2011-12-10 16:56 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-10 16:56 . 2011-12-10 16:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-10 16:56 . 2011-12-10 16:56 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-10 16:56 . 2011-12-10 16:56 101888 ----a-w- c:\windows\system32\admparse.dll
2011-11-24 04:23 . 2011-12-13 19:01 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:30 . 2011-12-13 19:01 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 00:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 00:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 00:59 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 00:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-09 21:26 . 2011-05-16 20:11 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"file:///C:/Program Files/Sylvan/RenPlace Tray Widget/Sylvan.Widgets.RenPlaceTray.exe"="c:\program files\Sylvan\RenPlace Tray Widget\Sylvan.Widgets.RenPlaceTray.exe" [2010-09-29 300544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-05-24 935208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\ltuominen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MapDrive.bat [2011-8-1 118]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ltuominen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\ltuominen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 08:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2009-05-24 00:10 935208 ----a-w- c:\program files\Trend Micro\Client Server Security Agent\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-06-10 11:40 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-17 20:53 8546848 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-01-08 05:36 974848 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
R1 MpKsl680a3326;MpKsl680a3326;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B830BF6-11B9-46D9-9A82-80EC63F187C4}\MpKsl680a3326.sys [x]
R1 MpKslf549fbbc;MpKslf549fbbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A7F67EA-4A9D-4AA9-AB15-A9D1D58E5137}\MpKslf549fbbc.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-11 145936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-08-20 57424]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-11 256528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-11 132352]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-03-11 497008]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 17:44]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C280AC37-D1C1-4A8E-B0A9-53E36A9644D4}: NameServer = 10.0.0.2
FF - ProfilePath - c:\users\ltuominen\AppData\Roaming\Mozilla\Firefox\Profiles\8x8zqycc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-OfficeScanNT - c:\program files\Trend Micro\Client Server Security Agent\ntrmv.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-01-30 20:45:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 01:45
.
Pre-Run: 215,477,649,408 bytes free
Post-Run: 215,869,333,504 bytes free
.
- - End Of File - - F40C5FC93909C654589D3A2E07FBFA28

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 AM

Posted 30 January 2012 - 09:02 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 barnbabe718

barnbabe718
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 31 January 2012 - 12:17 PM

I just finished the process, so I haven't really noticed any changes yet. I'll let you know if I see a difference.

When I started ComboFix, it asked if I wanted to update. I wasn't sure how that would work with the script, so I said no. I hope that was okay.

After ComboFix ran (pretty fast this time), it restarted and then gave me the log. I tried to start my browser and got the "Illegal operation attempted on a registry key that has been marked for deletion" message that you mentioned. I restarted the computer, and everything was fine. I'm so glad that you mentioned that; I would have been panicking if I didn't expect it!

Anyway, here is the log from ComboFix:

ComboFix 12-01-23.02 - ltuominen 01/31/2012 11:54:47.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.2038 [GMT -5:00]
Running from: c:\users\ltuominen\Downloads\ComboFix.exe
Command switches used :: c:\users\ltuominen\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 17:00 . 2012-01-31 17:00 -------- d-----w- c:\users\Liz\AppData\Local\temp
2012-01-31 17:00 . 2012-01-31 17:00 -------- d-----w- c:\users\lboulet\AppData\Local\temp
2012-01-31 17:00 . 2012-01-31 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 01:41 . 2012-01-31 17:02 -------- d-----w- c:\users\ltuominen\AppData\Local\temp
2012-01-31 01:30 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-30 21:33 . 2012-01-30 21:33 -------- d-----w- c:\program files\Crystal Decisions
2012-01-30 21:32 . 2001-09-10 08:47 103344 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-30 21:32 . 2012-01-30 21:32 -------- d-----w- c:\windows\system32\Adobe
2012-01-30 21:32 . 2012-01-30 21:32 -------- d-----w- c:\windows\Profiles
2012-01-30 21:32 . 2012-01-30 21:32 -------- d-----w- c:\users\ltuominen\AppData\Roaming\InterTrust
2012-01-30 21:32 . 2001-09-10 08:47 103344 ------w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-01-30 21:32 . 2001-08-01 22:05 270336 ----a-w- c:\program files\Internet Explorer\Plugins\NPDocBox.dll
2012-01-30 21:31 . 2012-01-30 21:31 -------- d-----w- C:\EOS Client 3.04 Install
2012-01-30 20:38 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C9739AE-7BB8-4A70-BB52-E3A3D7CE8100}\mpengine.dll
2012-01-30 20:34 . 2012-01-30 20:38 -------- d-----w- C:\EOS Client 3.04 Install - Server 2003
2012-01-18 23:42 . 2012-01-18 23:42 -------- d-----w- c:\users\ltuominen\AppData\Roaming\SUPERAntiSpyware.com
2012-01-18 23:42 . 2012-01-18 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-18 23:42 . 2012-01-18 23:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-17 23:58 . 2012-01-17 23:58 -------- d-----w- c:\users\ltuominen\AppData\Roaming\Malwarebytes
2012-01-17 23:58 . 2012-01-17 23:58 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 23:58 . 2012-01-18 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-17 23:58 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- c:\program files\iPod
2012-01-17 22:16 . 2012-01-17 22:17 -------- d-----w- c:\program files\iTunes
2012-01-13 18:09 . 2012-01-13 18:09 -------- d-----w- c:\program files\Citrix
2012-01-11 19:42 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:42 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:42 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:42 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 21:26 . 2012-01-09 21:26 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-09 21:26 . 2012-01-09 21:26 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 21:26 . 2012-01-09 21:26 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 21:26 . 2012-01-09 21:26 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2010-05-14 16:57 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-05-11 12:13 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 16:56 . 2011-12-10 16:56 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-10 16:56 . 2011-12-10 16:56 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-10 16:56 . 2011-12-10 16:56 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-10 16:56 . 2011-12-10 16:56 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-10 16:56 . 2011-12-10 16:56 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-10 16:56 . 2011-12-10 16:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-10 16:56 . 2011-12-10 16:56 367104 ----a-w- c:\windows\system32\html.iec
2011-12-10 16:56 . 2011-12-10 16:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-10 16:56 . 2011-12-10 16:56 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-10 16:56 . 2011-12-10 16:56 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-10 16:56 . 2011-12-10 16:56 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 16:56 . 2011-12-10 16:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-10 16:56 . 2011-12-10 16:56 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-10 16:56 . 2011-12-10 16:56 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-10 16:56 . 2011-12-10 16:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-10 16:56 . 2011-12-10 16:56 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-10 16:56 . 2011-12-10 16:56 101888 ----a-w- c:\windows\system32\admparse.dll
2011-11-24 04:23 . 2011-12-13 19:01 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:30 . 2011-12-13 19:01 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 00:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 00:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 00:59 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 00:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-09 21:26 . 2011-05-16 20:11 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"file:///C:/Program Files/Sylvan/RenPlace Tray Widget/Sylvan.Widgets.RenPlaceTray.exe"="c:\program files\Sylvan\RenPlace Tray Widget\Sylvan.Widgets.RenPlaceTray.exe" [2010-09-29 300544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-05-24 935208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\ltuominen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MapDrive.bat [2011-8-1 118]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ltuominen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\ltuominen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 08:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2009-05-24 00:10 935208 ----a-w- c:\program files\Trend Micro\Client Server Security Agent\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-06-10 11:40 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-17 20:53 8546848 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-01-08 05:36 974848 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 05:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
R1 MpKsl680a3326;MpKsl680a3326;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B830BF6-11B9-46D9-9A82-80EC63F187C4}\MpKsl680a3326.sys [x]
R1 MpKslf549fbbc;MpKslf549fbbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A7F67EA-4A9D-4AA9-AB15-A9D1D58E5137}\MpKslf549fbbc.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-11 132352]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-03-11 497008]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-11 145936]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-08-20 57424]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-11 256528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 17:44]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-12 17:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C280AC37-D1C1-4A8E-B0A9-53E36A9644D4}: NameServer = 10.0.0.2
FF - ProfilePath - c:\users\ltuominen\AppData\Roaming\Mozilla\Firefox\Profiles\8x8zqycc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-31 12:07:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 17:07
ComboFix2.txt 2012-01-31 01:45
.
Pre-Run: 215,720,792,064 bytes free
Post-Run: 215,686,569,984 bytes free
.
- - End Of File - - 9C9737E704C8B33070CC315510809293

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 AM

Posted 31 January 2012 - 05:16 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.2
Adobe Reader 9.3
Java™ 6 Update 26
Java™ 6 Update 3
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 barnbabe718

barnbabe718
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 31 January 2012 - 06:25 PM

Hi!

I didn't have any issues following the steps that you listed. Thank you for being so thorough!


The Malwarebytes Quick Scan said, "The scan completed successfully. No malicious items were detected. Here is the log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
ltuominen :: LIZ-PC [administrator]

1/31/2012 6:12:32 PM
mbam-log-2012-01-31 (18-12-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218121
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Also, here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:05 PM, on 1/31/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [file:///C:/Program Files/Sylvan/RenPlace Tray Widget/Sylvan.Widgets.RenPlaceTray.exe] C:\Program Files\Sylvan\RenPlace Tray Widget\Sylvan.Widgets.RenPlaceTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MapDrive.bat
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sylvanri.local
O17 - HKLM\Software\..\Telephony: DomainName = sylvanri.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C280AC37-D1C1-4A8E-B0A9-53E36A9644D4}: NameServer = 10.0.0.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sylvanri.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{C280AC37-D1C1-4A8E-B0A9-53E36A9644D4}: NameServer = 10.0.0.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sylvanri.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{C280AC37-D1C1-4A8E-B0A9-53E36A9644D4}: NameServer = 10.0.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Unknown owner - C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe

--
End of file - 7168 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users