Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sporadic DNS failure, weird .exes causing ntdll.dll errors - please help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 argh21

argh21

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 25 January 2012 - 03:24 PM

Hi,
For the last few days, I've had sporadic instances of DNS resolution failing on this win7-64 machine, when other computers in the house aren't having that problem and the dsl connection is fine. At these times, the win7 box can still ping sites. I know people with virtual wi-fi adaptors see similar symptoms; I don't have any such adaptors installed.

Moreover, a few times since the DNS failure problem started, there have been error messages from Windows that strangely named .exe files have stopped running. The last one was "vhbmtk.exe"; both it and the prior name (didn't write it down) were ungooglable filenames, which made me suspicious. The error messages all indicated the ntdll.dll was the fault module.

Sophos rootkit scan found nothing, MSE virus detection hasn't gone off, and Malwarebytes found and removed the "vknt.exe" keylogger from the winamp plugin "morphyre", which may have been a false positive. I've never actually run that visualizer since it was installed many months ago.

Looking at the system logs for warnings about name resolution failure, there were a few back in december, but the frequency really shoots up on Jan 20.

DDS log follows, with hijackthis and attach.txt attached.

Any help ruling in or out malware issues would be greatly appreciated!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by bobo at 14:57:59 on 2012-01-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6134.2006 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Windows\Explorer.EXE
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files (x86)\Subsonic\subsonic-service.exe
C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\locate32-64\locate32.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DynSite\DynSite.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\DynDNS Updater\DynTray.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files (x86)\Subsonic\subsonic-agent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\palmOne\HOTSYNC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUAdmin.exe
C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUDaemon.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files (x86)\SoulseekNS\slsk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\VMWindow.exe
C:\Windows\system32\vpc.exe
C:\Program Files (x86)\Squeezebox\server\squeezeboxcp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\HTC\HTC Sync\Sync Manager\syncindicator.exe
C:\Users\bobo\AppData\Local\Temp\_iu14D2N.tmp
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DynSite] "C:\Program Files (x86)\DynSite\DynSite.exe"
uRun: [ServUTrayIcon] C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUTray.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\bobo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\palmOne\HOTSYNC.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DYNDNS~1.LNK - C:\Program Files (x86)\DynDNS Updater\DynTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQUEEZ~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Subsonic.lnk - C:\Program Files (x86)\Subsonic\subsonic-agent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: Interfaces\{0E5D6748-4B66-4E96-ACFE-EF7056CBD77C} : NameServer = 208.67.220.220,8.8.8.8
TCP: Interfaces\{D0176857-09A5-4B15-8DF5-DAB3D3DCF259} : NameServer = 172.31.0.203,172.31.0.204
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bobo\AppData\Roaming\Mozilla\Firefox\Profiles\jq9zvzxx.bobo\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R0 mvSata;mvSata;C:\Windows\System32\drivers\mvsata.sys [2007-9-28 118600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2010-10-17 20549]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2011-8-15 96896]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 DynDNS Updater;DynDNS Updater;C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [2011-4-15 93048]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-9-18 3271496]
R2 PACS Client Updater;PACS Client Updater;C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [2010-4-15 24576]
R2 SqueezeMySQL;SqueezeMySQL;C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL --> C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~3\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\F605.tmp --> C:\Windows\system32\F605.tmp [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-25 18:46:43 -------- d-----w- C:\Users\bobo\AppData\Roaming\DriverCure
2012-01-25 18:46:42 -------- d-----w- C:\Users\bobo\AppData\Roaming\ParetoLogic
2012-01-25 18:41:44 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2012-01-25 18:41:37 -------- d-----w- C:\ProgramData\ParetoLogic
2012-01-25 18:41:37 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2012-01-25 18:40:54 388096 ----a-r- C:\Users\bobo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-25 18:40:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-25 18:36:57 -------- d-----w- C:\Users\bobo\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 18:36:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-25 18:36:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-25 17:38:01 -------- d-----w- C:\Users\bobo\AppData\Roaming\Malwarebytes
2012-01-25 17:36:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-25 17:36:26 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-25 17:36:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-25 16:48:05 6144 ------w- C:\Windows\System32\F605.tmp
2012-01-25 16:46:25 6144 ------w- C:\Windows\System32\7042.tmp
2012-01-25 16:46:21 -------- d-----w- C:\Program Files (x86)\Sophos
2012-01-25 05:32:42 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2F4DA24-D2AD-4514-8583-0B4A2DCFF8BB}\mpengine.dll
2012-01-24 18:26:08 -------- d-----w- C:\Users\bobo\AppData\Roaming\NWPS
2012-01-24 18:26:07 -------- d-----w- C:\ProgramData\NWPS
2012-01-24 18:26:07 -------- d-----w- C:\Program Files (x86)\NWPS
2012-01-24 18:03:37 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-01-23 15:31:01 -------- d-----w- C:\Users\bobo\AppData\Roaming\Boilsoft
2012-01-23 15:30:56 -------- d-----w- C:\Program Files (x86)\Boilsoft
2012-01-22 23:16:21 -------- d-----w- C:\Program Files (x86)\Chopper XP
2012-01-20 14:22:56 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-20 14:22:56 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-20 14:21:59 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-20 14:21:59 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-19 18:40:58 -------- d-----w- C:\Windows\System32\appmgmt
2012-01-16 16:02:11 -------- d-----w- C:\Program Files\WMV9_VCM
2012-01-09 19:09:12 -------- d-----w- C:\ProgramData\Extreme Picture Finder
2012-01-09 19:09:12 -------- d-----w- C:\Program Files (x86)\Extreme Picture Finder 3
2012-01-09 18:54:23 -------- d-----w- C:\ProgramData\Z-Manufaktur
2012-01-09 18:53:28 -------- d-----w- C:\Program Files (x86)\Z-Cron
2012-01-07 22:24:04 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 22:24:04 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 22:24:03 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 22:24:03 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-05 15:58:50 -------- d-----w- C:\Program Files\ShrewSoft
2012-01-05 14:23:18 3145216 ----a-w- C:\Windows\System32\win32k.sys
2012-01-05 14:23:15 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-01-05 14:23:11 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-01-05 14:23:11 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-01-05 14:21:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-05 14:21:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-05 16:16:17 6656 ----a-w- C:\Windows\System32\lpcio.dll
2011-12-02 18:13:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:00:06.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:01 PM

Posted 29 January 2012 - 03:06 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 argh21

argh21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 29 January 2012 - 09:54 AM

Thank you for the help, Gringo.
Here is the combifix log:

ComboFix 12-01-29.01 - bobo 29/01/2012 9:20.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6134.3222 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\2076671ee5d0a5323570c92c74abac6f\Process.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\23fe5d76b9491fa255db2281ac7687d5\Service.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\7020d50af327e3fc94b98242c307fc81\Cwd.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\86351894c58e4804ca004825fea78bbb\Encode.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\f48694173221cfa9bad4275e2389b498\Win32.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-5300\perl510.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\14d02158d1dc4c498d1acd9638684120\Name.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\1760917c94a6dfc5d7404399c61fafee\mysql.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\1f458e26b838bfe8f25fe6329ff2339d\Imager.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\2076671ee5d0a5323570c92c74abac6f\Process.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\23fe5d76b9491fa255db2281ac7687d5\Service.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\2f0807b0946b0fe6a4923ffadf1218fc\vxs.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\461090bfc26706cc26ffa02662c1592c\Syck.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\48a4e6ef370984d8d9ce53660d66a7a5\Unicode.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\4e3813a1edb6903dcc223941e51f7e18\Parser.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\52831fecbfbbfee1a05b91977e499808\File.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\52ade7602469b51858072e874c345e37\ReadKey.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\5f6960e0234e0b14396e4c82a1f56c8f\HiRes.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\5ff67c77560df778223e3ec495b98f1e\Hebrew.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\62aa3b09ac39e34fd76505142c94e975\Storable.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\6c1da131f436ce35edb0690f338bdad8\File.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\6c25de79371a4db1d7e8eff0d11d5337\Base64.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\6eca2cf2961ac400050de852a1cbef9b\Byte.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\7020d50af327e3fc94b98242c307fc81\Cwd.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\76c0175b78e6f49c7544e19221d4457d\IO.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\81368e51ca54d10b955b02b2e5382e48\Peek.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\86351894c58e4804ca004825fea78bbb\Encode.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\880556fb31088a703b58d0705c4f2b53\DBI.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\89c552b9aa641030773cbce7545c6143\XS.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\8f8bffaa9136789fd266c59519e6a452\encoding.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\90198bd2c008178752393a8740fa6369\XS.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\9076f6dacaea506ecfb169822b132706\MD5.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\952d7675581ad6751c38c1bc1610a553\EV.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\bb8ac2d2050e30577927a7ac95d99cd9\GD.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\be372c8e01efaf0b11c7b4c15f0b20ea\Scan.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\c06adade199b7f380d57181669fb22c1\Util.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\c8b0e39733c3e73e232a64a5c305ca76\API.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\e1ea0dbaf8a3ac5d1f0be83f219f8571\FastCalc.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\e775fca35641b4340ecf5cdba1fc6f62\Expat.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\ea4a4f99088551dd603ccfbabfaf3932\XSAccessor.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\f48694173221cfa9bad4275e2389b498\Win32.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\fb22f5f9e49be57b17c0cb997237d604\Shortcut.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\fc665959964b1312aee9d476290accdc\SHA1.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\fc8b9fd242032de837413f14e26ce21c\Zlib.dll
c:\users\bobo\AppData\Local\Temp\pdk-bobo-6940\perl510.dll
c:\users\bobo\AppData\Roaming\dvdae
c:\users\bobo\AppData\Roaming\dvdae\dvdae.config
c:\users\bobo\AppData\Roaming\dvdae\dvdae.lic
c:\windows\system32\java.exe
c:\windows\SysWow64\img_utils.dll
c:\windows\SysWow64\imgscaler.dll
c:\windows\SysWow64\videocore.dll
c:\windows\SysWow64\videoformat.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Serv-U
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 14:28 . 2012-01-29 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-28 23:09 . 2012-01-28 23:12 -------- d-----w- c:\users\bobo\AppData\Roaming\TeraCopy
2012-01-28 23:09 . 2012-01-28 23:09 -------- d-----w- c:\program files\TeraCopy
2012-01-28 22:09 . 2012-01-28 22:09 -------- d-----w- c:\program files (x86)\KDiff3
2012-01-28 21:51 . 2012-01-29 14:36 -------- d-----w- c:\program files (x86)\WinMerge
2012-01-28 20:18 . 2012-01-28 20:18 -------- d-----w- c:\program files\Better File Rename
2012-01-28 18:33 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40784793-6344-458B-8A7C-0C95A4BAB327}\mpengine.dll
2012-01-27 16:13 . 2012-01-27 16:13 -------- d-----w- c:\program files (x86)\DriverMax
2012-01-27 16:11 . 2012-01-27 16:11 -------- d-----w- c:\programdata\AVG Secure Search
2012-01-27 16:11 . 2012-01-27 16:11 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-01-27 16:11 . 2012-01-27 16:11 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-01-27 16:11 . 2012-01-27 16:11 -------- d--h--w- c:\programdata\Common Files
2012-01-26 02:14 . 2012-01-26 02:14 -------- d-----w- c:\programdata\Key Metric Software
2012-01-26 02:13 . 2012-01-26 02:13 -------- d-----w- c:\users\bobo\AppData\Roaming\Key Metric Software
2012-01-25 20:31 . 2012-01-25 22:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-25 20:31 . 2012-01-25 20:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-25 18:46 . 2012-01-25 18:46 -------- d-----w- c:\users\bobo\AppData\Roaming\DriverCure
2012-01-25 18:46 . 2012-01-25 18:46 -------- d-----w- c:\users\bobo\AppData\Roaming\ParetoLogic
2012-01-25 18:41 . 2012-01-26 14:12 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 18:41 . 2012-01-25 18:41 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 18:40 . 2012-01-25 18:40 388096 ----a-r- c:\users\bobo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-25 18:40 . 2012-01-25 18:40 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-25 18:36 . 2012-01-25 18:36 -------- d-----w- c:\users\bobo\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 18:36 . 2012-01-25 18:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 18:36 . 2012-01-25 18:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-25 17:38 . 2012-01-25 17:38 -------- d-----w- c:\users\bobo\AppData\Roaming\Malwarebytes
2012-01-25 17:36 . 2012-01-25 17:36 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 17:36 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-25 17:36 . 2012-01-25 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-25 16:48 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\F605.tmp
2012-01-25 16:46 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\7042.tmp
2012-01-25 16:46 . 2012-01-25 16:46 -------- d-----w- c:\program files (x86)\Sophos
2012-01-24 18:26 . 2012-01-24 18:26 -------- d-----w- c:\users\bobo\AppData\Roaming\NWPS
2012-01-24 18:26 . 2012-01-24 18:26 -------- d-----w- c:\programdata\NWPS
2012-01-24 18:26 . 2012-01-24 18:26 -------- d-----w- c:\program files (x86)\NWPS
2012-01-24 18:03 . 2012-01-24 18:03 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-01-23 15:31 . 2012-01-23 15:31 -------- d-----w- c:\users\bobo\AppData\Roaming\Boilsoft
2012-01-23 15:30 . 2012-01-23 15:30 -------- d-----w- c:\program files (x86)\Boilsoft
2012-01-22 23:16 . 2012-01-22 23:16 -------- d-----w- c:\program files (x86)\Chopper XP
2012-01-20 14:54 . 2012-01-20 15:01 -------- d-----w- c:\users\bobo\AppData\Roaming\ImgBurn
2012-01-20 14:49 . 2012-01-20 14:49 -------- d-----w- c:\program files (x86)\ImgBurn
2012-01-20 14:22 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-20 14:22 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-20 14:21 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-20 14:21 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-19 18:40 . 2012-01-19 18:40 -------- d-----w- c:\windows\system32\appmgmt
2012-01-16 16:02 . 2012-01-16 16:02 -------- d-----w- c:\program files\WMV9_VCM
2012-01-09 19:09 . 2012-01-09 19:09 -------- d-----w- c:\program files (x86)\Extreme Picture Finder 3
2012-01-09 19:09 . 2012-01-09 19:09 -------- d-----w- c:\programdata\Extreme Picture Finder
2012-01-09 18:54 . 2012-01-09 18:54 -------- d-----w- c:\programdata\Z-Manufaktur
2012-01-09 18:53 . 2012-01-12 03:12 -------- d-----w- c:\program files (x86)\Z-Cron
2012-01-07 22:24 . 2012-01-07 22:24 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 22:24 . 2012-01-07 22:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 22:24 . 2012-01-07 22:24 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-07 22:24 . 2012-01-07 22:24 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-05 15:58 . 2012-01-05 15:58 -------- d-----w- c:\program files\ShrewSoft
2012-01-05 14:23 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2012-01-05 14:23 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-05 14:23 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-05 14:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-05 14:21 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-05 14:21 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 05:15 . 2011-08-12 02:09 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-05 16:16 . 2011-08-12 02:27 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-01-04 09:26 . 2011-08-11 18:38 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-02 18:13 . 2011-08-12 02:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-27 16:11 1574240 ----a-w- c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-27 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-20 641400]
"DynSite"="c:\program files (x86)\DynSite\DynSite.exe" [2008-09-25 1342072]
"ServUTrayIcon"="c:\program files (x86)\RhinoSoft.com\Serv-U\ServUTray.exe" [2007-10-01 102400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
"DriverMax"="c:\program files (x86)\DriverMax\drivermax.exe" [2012-01-19 8563624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2010-03-10 1439360]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-01-14 611968]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-27 892768]
.
c:\users\bobo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-4-13 299008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DynDNS Updater Tray Icon.lnk - c:\program files (x86)\DynDNS Updater\DynTray.exe [2011-4-15 76656]
Squeezebox Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2011-8-15 2351191]
Subsonic.lnk - c:\program files (x86)\Subsonic\subsonic-agent.exe [2011-8-11 172032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ASUS Ai Charger"=c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
"TurboV"="c:\program files (x86)\ASUS\TurboV\TurboV.exe" -b
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F605.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S0 mvSata;mvSata;c:\windows\system32\DRIVERS\mvsata.sys [2007-09-28 118600]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-29 96896]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
S2 DynDNS Updater;DynDNS Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-04-15 93048]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-09-18 3271496]
S2 PACS Client Updater;PACS Client Updater;c:\program files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [2010-04-15 24576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SqueezeMySQL;SqueezeMySQL;c:\progra~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2011-07-11 4149248]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-01-27 869216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
"Locate32-64"="c:\program files\locate32-64\locate32.exe" [2011-07-10 1966080]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-09-18 3993416]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF31936.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={E2A3D0AD-4BF0-4233-A89E-18417A004BC9}&mid=c5e91fd07f0047d19f12d16f5ebf4334-6ae5292fa2302f161c2484d9e9a331b3eed15718&lang=en&ds=is015&pr=sa&d=2012-01-27 11:11&v=9.0.0.23&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{0E5D6748-4B66-4E96-ACFE-EF7056CBD77C}: NameServer = 208.67.220.220,8.8.8.8
TCP: Interfaces\{D0176857-09A5-4B15-8DF5-DAB3D3DCF259}: NameServer = 172.31.0.203,172.31.0.204
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\bobo\AppData\Roaming\Mozilla\Firefox\Profiles\jq9zvzxx.bobo\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file)
AddRemove-Rosewill RC-218 HDD Controller Windows Driver - c:\users\bobo\AppData\Local\Temp\88SX7042\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F605.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="E47D6EB501299377ABC0BE563E1E12B4675F5CCCD05C6C802356F9EE6EA3BE7B15AA8D58445AFB559A7F7AEFF8175EF4BB08CA3236ED6C71C240FCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D1407D6AFFACCD3C80E4388785FD62C87778F0D9A0CA23E27EA5048F25756A345C1CD6DC00D84B31A29224DABC2367E81DD00FEE8FC79932A400F49E7A081184BA6D5650EBC5EB6699235120B9B3C51A9A7F2EDB025B789BFF9CF2EE517BC1EDDAABA9CA48BFD103E5481660545F41BBBC8A5C0605CF27EEF1B2A547F2FC696F57C0C025228ECC4A66B3171C84E5227722DF971A9AF27A2C99B59AA839344B793417D1B2B7B16312E488EEACA7B29970FB176107FE0327ADE663AB38920BA0CB812677E061FCB04EC500C2243C4B2DE5629C4BB1DE256E0435A51076BE7176F6CF8C5587DE1BF3F77DC3F752E540D4411D7B22D7EDFB97F92C946504630A716B8F7B76B70C68DBA693A5F5CCB0B39648B79332E65B2E659E8FC62CEFE71A0842D80038984822E9F64294B5E1F7B9CAE95BC5A9CD6EBCD42E8AE94D4B9D999935CFC8D1D1D03056F0B60821BF2EC01678641E26A9BD0BDE3B78CF0CBDF4B8DF25CC8642069E255F90587A9C1D05B1425B41FAB1FC0D96F397FBB2EAC21DB5A23473336A454F74767FDBB0A1989F6E555FC60355419B3FC94EDD02687EF53467ABD01D84D15C667B1258E1179B2226CB6C001A538B63EE31AB35AD77F0130F6A1DF6AC254200B26292F834F50A3F482DCE3F4478CF50F87438753674DCEA37819571A0F043132D76F5396F99E77BBE33051218828716D2DDC22B19A3B1914B9AF4BB1003EC85F357BCCB169F98E74B16BF161F8758CD60187425B5DA75F1A8F0CED447876A768D918DA389A0D8E53F220B881D1F26A7B103628ABBE86EA84AE296F5B7FB5D75947E442FDAE12DE4090B09A44EAB2F4BF4C341B70EFDF43D334D386F04296216FE1D3CA4B6BDC2BD6D5550FE0C25AD93C0E1DE26E484D373D1F2D70758F4C951DF0AABE5FB7D2E365779993FE7AA48A3E0EE14F5CC300592A542CE74DDB18070A21066F69A1EA3D70885E29BF5A61BA446BC7B0E3813A8039981A32513FD38C1004D3AE105B34AFAF0455D232C8EEE4852866DCA5C25345BB991516CCF46B023D0C57D569B6CF770EC5871A5ED5C745E72BAC2EB4EFB60736E58EDD005EDE065514274085AFF2932C10D00DBC33745D8A3ED8801692E3E6636FCC579D7DC3FBCD57ACCCE3E1E6485B8961B93C379273BB1000B7C65BECCB2F906855CFFA400B5174A9DFFA8C081F26B83CB7BFD9558E01348CB8B51C7B5F3E82CFAE32A3929D3FF2ADDF3297C9E3458CB91C1CBB827C139E3B"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Subsonic\subsonic-service.exe
.
**************************************************************************
.
Completion time: 2012-01-29 09:43:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-29 14:43
.
Pre-Run: 225,907,974,144 bytes free
Post-Run: 225,673,375,744 bytes free
.
- - End Of File - - 4240388B58006E0655934F8B15104130

#4 argh21

argh21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 29 January 2012 - 09:55 AM

Other notes: had to reboot due to deleted registry key issue that you noted. Can't comment yet on any change in status as the problem is quite sporadic.
Thanks again!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:01 PM

Posted 29 January 2012 - 12:59 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 argh21

argh21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 29 January 2012 - 05:46 PM

17:44:12.0338 7604 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
17:44:12.0734 7604 ============================================================
17:44:12.0734 7604 Current date / time: 2012/01/29 17:44:12.0734
17:44:12.0734 7604 SystemInfo:
17:44:12.0734 7604
17:44:12.0734 7604 OS Version: 6.1.7601 ServicePack: 1.0
17:44:12.0734 7604 Product type: Workstation
17:44:12.0734 7604 ComputerName: xxx
17:44:12.0734 7604 UserName: xxx
17:44:12.0734 7604 Windows directory: C:\Windows
17:44:12.0734 7604 System windows directory: C:\Windows
17:44:12.0734 7604 Running under WOW64
17:44:12.0734 7604 Processor architecture: Intel x64
17:44:12.0734 7604 Number of processors: 8
17:44:12.0734 7604 Page size: 0x1000
17:44:12.0734 7604 Boot type: Normal boot
17:44:12.0734 7604 ============================================================
17:44:13.0519 7604 Drive \Device\Harddisk6\DR6 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:44:13.0540 7604 Drive \Device\Harddisk7\DR7 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:44:13.0945 7604 Drive \Device\Harddisk8\DR8 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:44:14.0023 7604 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:14.0037 7604 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:14.0049 7604 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:14.0056 7604 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:14.0070 7604 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:14.0083 7604 Drive \Device\Harddisk5\DR5 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:14.0139 7604 Drive \Device\Harddisk9\DR9 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:44:14.0657 7604 Initialize success
17:44:25.0835 7824 ============================================================
17:44:25.0835 7824 Scan started
17:44:25.0835 7824 Mode: Manual;
17:44:25.0835 7824 ============================================================
17:44:26.0550 7824 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:44:26.0554 7824 1394ohci - ok
17:44:26.0615 7824 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:44:26.0620 7824 ACPI - ok
17:44:26.0668 7824 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:44:26.0669 7824 AcpiPmi - ok
17:44:26.0730 7824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:44:26.0739 7824 adp94xx - ok
17:44:26.0758 7824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:44:26.0765 7824 adpahci - ok
17:44:26.0781 7824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:44:26.0785 7824 adpu320 - ok
17:44:26.0854 7824 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:44:26.0862 7824 AFD - ok
17:44:26.0894 7824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:44:26.0896 7824 agp440 - ok
17:44:26.0962 7824 AiCharger (254a19686e9c8e1b59ac06b7fd1e753c) C:\Windows\system32\DRIVERS\AiCharger.sys
17:44:26.0963 7824 AiCharger - ok
17:44:26.0994 7824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:44:26.0995 7824 aliide - ok
17:44:27.0052 7824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:44:27.0053 7824 amdide - ok
17:44:27.0109 7824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:44:27.0111 7824 AmdK8 - ok
17:44:27.0373 7824 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
17:44:27.0563 7824 amdkmdag - ok
17:44:27.0631 7824 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
17:44:27.0638 7824 amdkmdap - ok
17:44:27.0651 7824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:44:27.0653 7824 AmdPPM - ok
17:44:27.0714 7824 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:44:27.0717 7824 amdsata - ok
17:44:27.0761 7824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:44:27.0765 7824 amdsbs - ok
17:44:27.0788 7824 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:44:27.0789 7824 amdxata - ok
17:44:27.0869 7824 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:44:27.0871 7824 AppID - ok
17:44:27.0926 7824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:44:27.0928 7824 arc - ok
17:44:27.0942 7824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:44:27.0945 7824 arcsas - ok
17:44:27.0956 7824 AsIO - ok
17:44:28.0024 7824 AsUpIO - ok
17:44:28.0061 7824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:44:28.0062 7824 AsyncMac - ok
17:44:28.0087 7824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:44:28.0088 7824 atapi - ok
17:44:28.0385 7824 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\drivers\atikmdag.sys
17:44:28.0423 7824 atikmdag - ok
17:44:28.0491 7824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:44:28.0499 7824 b06bdrv - ok
17:44:28.0531 7824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:44:28.0537 7824 b57nd60a - ok
17:44:28.0581 7824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:44:28.0582 7824 Beep - ok
17:44:28.0628 7824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:44:28.0629 7824 blbdrive - ok
17:44:28.0664 7824 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:44:28.0666 7824 bowser - ok
17:44:28.0689 7824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:44:28.0691 7824 BrFiltLo - ok
17:44:28.0703 7824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:44:28.0704 7824 BrFiltUp - ok
17:44:28.0736 7824 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:44:28.0739 7824 BridgeMP - ok
17:44:28.0796 7824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:44:28.0802 7824 Brserid - ok
17:44:28.0839 7824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:44:28.0841 7824 BrSerWdm - ok
17:44:28.0854 7824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:44:28.0855 7824 BrUsbMdm - ok
17:44:28.0868 7824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:44:28.0869 7824 BrUsbSer - ok
17:44:28.0885 7824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:44:28.0887 7824 BTHMODEM - ok
17:44:28.0920 7824 catchme - ok
17:44:28.0942 7824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:44:28.0944 7824 cdfs - ok
17:44:28.0994 7824 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:44:28.0997 7824 cdrom - ok
17:44:29.0055 7824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:44:29.0057 7824 circlass - ok
17:44:29.0090 7824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:44:29.0096 7824 CLFS - ok
17:44:29.0134 7824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:44:29.0135 7824 CmBatt - ok
17:44:29.0178 7824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:44:29.0179 7824 cmdide - ok
17:44:29.0233 7824 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:44:29.0242 7824 CNG - ok
17:44:29.0263 7824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:44:29.0264 7824 Compbatt - ok
17:44:29.0332 7824 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:44:29.0333 7824 CompositeBus - ok
17:44:29.0397 7824 cpuz135 (76355d5eafdfa3e9b7580b9153de1f30) C:\Windows\system32\drivers\cpuz135_x64.sys
17:44:29.0398 7824 cpuz135 - ok
17:44:29.0424 7824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:44:29.0426 7824 crcdisk - ok
17:44:29.0489 7824 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:44:29.0499 7824 CSC - ok
17:44:29.0560 7824 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
17:44:29.0561 7824 CVirtA - ok
17:44:29.0599 7824 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:44:29.0605 7824 CVPNDRVA - ok
17:44:29.0685 7824 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
17:44:29.0686 7824 dc3d - ok
17:44:29.0771 7824 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:44:29.0773 7824 DfsC - ok
17:44:29.0803 7824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:44:29.0804 7824 discache - ok
17:44:29.0862 7824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:44:29.0864 7824 Disk - ok
17:44:29.0907 7824 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
17:44:29.0911 7824 DNE - ok
17:44:29.0974 7824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:44:29.0975 7824 drmkaud - ok
17:44:30.0038 7824 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:44:30.0043 7824 dtsoftbus01 - ok
17:44:30.0091 7824 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:44:30.0109 7824 DXGKrnl - ok
17:44:30.0248 7824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:44:30.0332 7824 ebdrv - ok
17:44:30.0411 7824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:44:30.0428 7824 elxstor - ok
17:44:30.0460 7824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:44:30.0461 7824 ErrDev - ok
17:44:30.0513 7824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:44:30.0517 7824 exfat - ok
17:44:30.0541 7824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:44:30.0545 7824 fastfat - ok
17:44:30.0577 7824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:44:30.0579 7824 fdc - ok
17:44:30.0596 7824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:44:30.0598 7824 FileInfo - ok
17:44:30.0625 7824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:44:30.0626 7824 Filetrace - ok
17:44:30.0639 7824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:44:30.0640 7824 flpydisk - ok
17:44:30.0669 7824 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:44:30.0676 7824 FltMgr - ok
17:44:30.0707 7824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:44:30.0708 7824 FsDepends - ok
17:44:30.0745 7824 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:44:30.0746 7824 Fs_Rec - ok
17:44:30.0807 7824 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:44:30.0811 7824 fvevol - ok
17:44:30.0857 7824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:44:30.0860 7824 gagp30kx - ok
17:44:30.0883 7824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:44:30.0884 7824 hcw85cir - ok
17:44:30.0960 7824 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:44:30.0967 7824 HdAudAddService - ok
17:44:31.0027 7824 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:44:31.0029 7824 HDAudBus - ok
17:44:31.0053 7824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:44:31.0054 7824 HidBatt - ok
17:44:31.0069 7824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:44:31.0072 7824 HidBth - ok
17:44:31.0092 7824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:44:31.0093 7824 HidIr - ok
17:44:31.0140 7824 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:44:31.0141 7824 HidUsb - ok
17:44:31.0205 7824 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:44:31.0207 7824 HpSAMD - ok
17:44:31.0286 7824 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:44:31.0288 7824 HTCAND64 - ok
17:44:31.0360 7824 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:44:31.0374 7824 HTTP - ok
17:44:31.0407 7824 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:44:31.0408 7824 hwpolicy - ok
17:44:31.0473 7824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:44:31.0475 7824 i8042prt - ok
17:44:31.0541 7824 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:44:31.0549 7824 iaStorV - ok
17:44:31.0582 7824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:44:31.0584 7824 iirsp - ok
17:44:31.0696 7824 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
17:44:31.0739 7824 IntcAzAudAddService - ok
17:44:31.0767 7824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:44:31.0768 7824 intelide - ok
17:44:31.0820 7824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:44:31.0821 7824 intelppm - ok
17:44:31.0862 7824 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:44:31.0864 7824 IpFilterDriver - ok
17:44:31.0893 7824 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:44:31.0895 7824 IPMIDRV - ok
17:44:31.0923 7824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:44:31.0926 7824 IPNAT - ok
17:44:31.0972 7824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:44:31.0973 7824 IRENUM - ok
17:44:32.0006 7824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:44:32.0007 7824 isapnp - ok
17:44:32.0048 7824 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:44:32.0054 7824 iScsiPrt - ok
17:44:32.0103 7824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:44:32.0105 7824 kbdclass - ok
17:44:32.0174 7824 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:44:32.0175 7824 kbdhid - ok
17:44:32.0223 7824 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:44:32.0225 7824 KSecDD - ok
17:44:32.0252 7824 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:44:32.0256 7824 KSecPkg - ok
17:44:32.0295 7824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:44:32.0297 7824 ksthunk - ok
17:44:32.0380 7824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:44:32.0382 7824 lltdio - ok
17:44:32.0451 7824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:44:32.0453 7824 LSI_FC - ok
17:44:32.0468 7824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:44:32.0471 7824 LSI_SAS - ok
17:44:32.0488 7824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:44:32.0490 7824 LSI_SAS2 - ok
17:44:32.0549 7824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:44:32.0552 7824 LSI_SCSI - ok
17:44:32.0606 7824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:44:32.0609 7824 luafv - ok
17:44:32.0629 7824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:44:32.0630 7824 megasas - ok
17:44:32.0648 7824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:44:32.0654 7824 MegaSR - ok
17:44:32.0715 7824 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\F605.tmp
17:44:32.0734 7824 MEMSWEEP2 - ok
17:44:32.0750 7824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:44:32.0751 7824 Modem - ok
17:44:32.0812 7824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:44:32.0813 7824 monitor - ok
17:44:32.0847 7824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:44:32.0848 7824 mouclass - ok
17:44:32.0875 7824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:44:32.0876 7824 mouhid - ok
17:44:32.0915 7824 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:44:32.0916 7824 mountmgr - ok
17:44:32.0967 7824 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:44:32.0971 7824 MpFilter - ok
17:44:33.0001 7824 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:44:33.0004 7824 mpio - ok
17:44:33.0037 7824 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:44:33.0039 7824 MpNWMon - ok
17:44:33.0066 7824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:44:33.0068 7824 mpsdrv - ok
17:44:33.0120 7824 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:44:33.0123 7824 MRxDAV - ok
17:44:33.0160 7824 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:44:33.0164 7824 mrxsmb - ok
17:44:33.0189 7824 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:44:33.0195 7824 mrxsmb10 - ok
17:44:33.0211 7824 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:44:33.0213 7824 mrxsmb20 - ok
17:44:33.0243 7824 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:44:33.0244 7824 msahci - ok
17:44:33.0284 7824 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:44:33.0287 7824 msdsm - ok
17:44:33.0327 7824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:44:33.0328 7824 Msfs - ok
17:44:33.0347 7824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:44:33.0348 7824 mshidkmdf - ok
17:44:33.0385 7824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:44:33.0386 7824 msisadrv - ok
17:44:33.0449 7824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:44:33.0450 7824 MSKSSRV - ok
17:44:33.0482 7824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:44:33.0483 7824 MSPCLOCK - ok
17:44:33.0497 7824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:44:33.0498 7824 MSPQM - ok
17:44:33.0536 7824 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:44:33.0544 7824 MsRPC - ok
17:44:33.0571 7824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:44:33.0571 7824 mssmbios - ok
17:44:33.0585 7824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:44:33.0586 7824 MSTEE - ok
17:44:33.0619 7824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:44:33.0620 7824 MTConfig - ok
17:44:33.0649 7824 MTK - ok
17:44:33.0701 7824 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
17:44:33.0703 7824 MTsensor - ok
17:44:33.0752 7824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:44:33.0754 7824 Mup - ok
17:44:33.0790 7824 mvSata (1828b195fd342e3af1567ae9710e6f0f) C:\Windows\system32\DRIVERS\mvsata.sys
17:44:33.0791 7824 mvSata - ok
17:44:33.0850 7824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:44:33.0857 7824 NativeWifiP - ok
17:44:33.0937 7824 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:44:33.0954 7824 NDIS - ok
17:44:33.0988 7824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:44:33.0990 7824 NdisCap - ok
17:44:34.0024 7824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:44:34.0025 7824 NdisTapi - ok
17:44:34.0063 7824 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:44:34.0065 7824 Ndisuio - ok
17:44:34.0108 7824 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:44:34.0111 7824 NdisWan - ok
17:44:34.0146 7824 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:44:34.0147 7824 NDProxy - ok
17:44:34.0168 7824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:44:34.0169 7824 NetBIOS - ok
17:44:34.0205 7824 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:44:34.0209 7824 NetBT - ok
17:44:34.0274 7824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:44:34.0276 7824 nfrd960 - ok
17:44:34.0311 7824 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:44:34.0313 7824 NisDrv - ok
17:44:34.0341 7824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:44:34.0342 7824 Npfs - ok
17:44:34.0367 7824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:44:34.0368 7824 nsiproxy - ok
17:44:34.0433 7824 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:44:34.0476 7824 Ntfs - ok
17:44:34.0534 7824 NuidFltr (77eb11da191d12d12e28d7bd8905c42c) C:\Windows\system32\DRIVERS\NuidFltr.sys
17:44:34.0535 7824 NuidFltr - ok
17:44:34.0555 7824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:44:34.0556 7824 Null - ok
17:44:34.0629 7824 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:44:34.0632 7824 nvraid - ok
17:44:34.0666 7824 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:44:34.0670 7824 nvstor - ok
17:44:34.0697 7824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:44:34.0700 7824 nv_agp - ok
17:44:34.0735 7824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:44:34.0737 7824 ohci1394 - ok
17:44:34.0830 7824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:44:34.0832 7824 Parport - ok
17:44:34.0865 7824 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:44:34.0867 7824 partmgr - ok
17:44:34.0897 7824 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:44:34.0901 7824 pci - ok
17:44:34.0922 7824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:44:34.0923 7824 pciide - ok
17:44:34.0946 7824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:44:34.0955 7824 pcmcia - ok
17:44:34.0969 7824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:44:34.0970 7824 pcw - ok
17:44:34.0995 7824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:44:35.0018 7824 PEAUTH - ok
17:44:35.0087 7824 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
17:44:35.0089 7824 Point64 - ok
17:44:35.0164 7824 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:44:35.0167 7824 PptpMiniport - ok
17:44:35.0190 7824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:44:35.0192 7824 Processor - ok
17:44:35.0261 7824 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:44:35.0263 7824 Psched - ok
17:44:35.0339 7824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:44:35.0374 7824 ql2300 - ok
17:44:35.0389 7824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:44:35.0392 7824 ql40xx - ok
17:44:35.0408 7824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:44:35.0409 7824 QWAVEdrv - ok
17:44:35.0422 7824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:44:35.0423 7824 RasAcd - ok
17:44:35.0489 7824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:44:35.0491 7824 RasAgileVpn - ok
17:44:35.0541 7824 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:44:35.0544 7824 Rasl2tp - ok
17:44:35.0571 7824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:44:35.0574 7824 RasPppoe - ok
17:44:35.0588 7824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:44:35.0590 7824 RasSstp - ok
17:44:35.0626 7824 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:44:35.0632 7824 rdbss - ok
17:44:35.0653 7824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:44:35.0655 7824 rdpbus - ok
17:44:35.0675 7824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:44:35.0676 7824 RDPCDD - ok
17:44:35.0708 7824 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:44:35.0712 7824 RDPDR - ok
17:44:35.0765 7824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:44:35.0766 7824 RDPENCDD - ok
17:44:35.0787 7824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:44:35.0788 7824 RDPREFMP - ok
17:44:35.0859 7824 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:44:35.0861 7824 RdpVideoMiniport - ok
17:44:35.0910 7824 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:44:35.0914 7824 RDPWD - ok
17:44:35.0946 7824 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:44:35.0950 7824 rdyboost - ok
17:44:36.0001 7824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:44:36.0003 7824 rspndr - ok
17:44:36.0073 7824 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:44:36.0099 7824 RTL8167 - ok
17:44:36.0130 7824 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:44:36.0131 7824 s3cap - ok
17:44:36.0222 7824 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:44:36.0223 7824 SASDIFSV - ok
17:44:36.0272 7824 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:44:36.0273 7824 SASKUTIL - ok
17:44:36.0369 7824 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:44:36.0371 7824 sbp2port - ok
17:44:36.0437 7824 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:44:36.0439 7824 scfilter - ok
17:44:36.0509 7824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:44:36.0510 7824 secdrv - ok
17:44:36.0529 7824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:44:36.0531 7824 Serenum - ok
17:44:36.0552 7824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:44:36.0554 7824 Serial - ok
17:44:36.0586 7824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:44:36.0587 7824 sermouse - ok
17:44:36.0638 7824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:44:36.0640 7824 sffdisk - ok
17:44:36.0680 7824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:44:36.0681 7824 sffp_mmc - ok
17:44:36.0711 7824 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:44:36.0712 7824 sffp_sd - ok
17:44:36.0726 7824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:44:36.0727 7824 sfloppy - ok
17:44:36.0792 7824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:44:36.0794 7824 SiSRaid2 - ok
17:44:36.0809 7824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:44:36.0811 7824 SiSRaid4 - ok
17:44:36.0846 7824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:44:36.0848 7824 Smb - ok
17:44:36.0909 7824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:44:36.0910 7824 spldr - ok
17:44:36.0947 7824 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:44:36.0957 7824 srv - ok
17:44:36.0978 7824 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:44:36.0986 7824 srv2 - ok
17:44:37.0010 7824 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:44:37.0014 7824 srvnet - ok
17:44:37.0064 7824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:44:37.0065 7824 stexstor - ok
17:44:37.0087 7824 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:44:37.0089 7824 storflt - ok
17:44:37.0122 7824 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:44:37.0123 7824 storvsc - ok
17:44:37.0168 7824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:44:37.0169 7824 swenum - ok
17:44:37.0210 7824 Synth3dVsc - ok
17:44:37.0305 7824 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:44:37.0356 7824 Tcpip - ok
17:44:37.0438 7824 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:44:37.0451 7824 TCPIP6 - ok
17:44:37.0497 7824 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:44:37.0499 7824 tcpipreg - ok
17:44:37.0531 7824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:44:37.0532 7824 TDPIPE - ok
17:44:37.0556 7824 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:44:37.0557 7824 TDTCP - ok
17:44:37.0623 7824 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:44:37.0626 7824 tdx - ok
17:44:37.0663 7824 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:44:37.0665 7824 TermDD - ok
17:44:37.0713 7824 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:44:37.0714 7824 tssecsrv - ok
17:44:37.0742 7824 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:44:37.0744 7824 TsUsbFlt - ok
17:44:37.0757 7824 tsusbhub - ok
17:44:37.0827 7824 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:44:37.0830 7824 tunnel - ok
17:44:37.0867 7824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:44:37.0869 7824 uagp35 - ok
17:44:37.0915 7824 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:44:37.0921 7824 udfs - ok
17:44:37.0959 7824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:44:37.0961 7824 uliagpkx - ok
17:44:38.0008 7824 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:44:38.0010 7824 umbus - ok
17:44:38.0029 7824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:44:38.0030 7824 UmPass - ok
17:44:38.0066 7824 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:44:38.0069 7824 usbccgp - ok
17:44:38.0142 7824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:44:38.0145 7824 usbcir - ok
17:44:38.0167 7824 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:44:38.0169 7824 usbehci - ok
17:44:38.0202 7824 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:44:38.0209 7824 usbhub - ok
17:44:38.0254 7824 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:44:38.0255 7824 usbohci - ok
17:44:38.0325 7824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:44:38.0327 7824 usbprint - ok
17:44:38.0365 7824 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:44:38.0366 7824 usbscan - ok
17:44:38.0397 7824 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:44:38.0398 7824 USBSTOR - ok
17:44:38.0422 7824 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:44:38.0423 7824 usbuhci - ok
17:44:38.0460 7824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:44:38.0462 7824 vdrvroot - ok
17:44:38.0644 7824 vflt (00c7df4f50962ba218ab60d32869100b) C:\Windows\system32\DRIVERS\vfilter.sys
17:44:38.0658 7824 vflt - ok
17:44:38.0720 7824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:44:38.0721 7824 vga - ok
17:44:38.0744 7824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:44:38.0746 7824 VgaSave - ok
17:44:38.0780 7824 VGPU - ok
17:44:38.0832 7824 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:44:38.0837 7824 vhdmp - ok
17:44:38.0878 7824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:44:38.0879 7824 viaide - ok
17:44:38.0912 7824 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:44:38.0917 7824 vmbus - ok
17:44:38.0941 7824 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:44:38.0942 7824 VMBusHID - ok
17:44:39.0008 7824 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys
17:44:39.0009 7824 vnet - ok
17:44:39.0034 7824 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:44:39.0036 7824 volmgr - ok
17:44:39.0078 7824 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:44:39.0084 7824 volmgrx - ok
17:44:39.0104 7824 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:44:39.0110 7824 volsnap - ok
17:44:39.0139 7824 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
17:44:39.0142 7824 vpcbus - ok
17:44:39.0210 7824 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:44:39.0212 7824 vpcnfltr - ok
17:44:39.0243 7824 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
17:44:39.0245 7824 vpcusb - ok
17:44:39.0315 7824 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
17:44:39.0321 7824 vpcvmm - ok
17:44:39.0388 7824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:44:39.0392 7824 vsmraid - ok
17:44:39.0430 7824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:44:39.0431 7824 vwifibus - ok
17:44:39.0459 7824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:44:39.0461 7824 WacomPen - ok
17:44:39.0526 7824 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:44:39.0528 7824 WANARP - ok
17:44:39.0550 7824 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:44:39.0551 7824 Wanarpv6 - ok
17:44:39.0611 7824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:44:39.0612 7824 Wd - ok
17:44:39.0667 7824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:44:39.0679 7824 Wdf01000 - ok
17:44:39.0754 7824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:44:39.0755 7824 WfpLwf - ok
17:44:39.0769 7824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:44:39.0770 7824 WIMMount - ok
17:44:39.0855 7824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:44:39.0855 7824 WmiAcpi - ok
17:44:39.0892 7824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:44:39.0893 7824 ws2ifsl - ok
17:44:39.0927 7824 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:44:39.0929 7824 WudfPf - ok
17:44:39.0958 7824 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:44:39.0962 7824 WUDFRd - ok
17:44:39.0998 7824 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
17:44:40.0439 7824 \Device\Harddisk6\DR6 - ok
17:44:40.0456 7824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk7\DR7
17:44:40.0685 7824 \Device\Harddisk7\DR7 - ok
17:44:40.0693 7824 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR8
17:44:40.0694 7824 \Device\Harddisk8\DR8 - ok
17:44:40.0709 7824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4
17:44:40.0732 7824 \Device\Harddisk4\DR4 - ok
17:44:40.0734 7824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
17:44:40.0735 7824 \Device\Harddisk2\DR2 - ok
17:44:40.0737 7824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
17:44:40.0738 7824 \Device\Harddisk3\DR3 - ok
17:44:40.0740 7824 MBR (0x1B8) (451ffc6774a9f030b786af52f619e103) \Device\Harddisk1\DR1
17:44:40.0742 7824 \Device\Harddisk1\DR1 - ok
17:44:40.0743 7824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:44:40.0745 7824 \Device\Harddisk0\DR0 - ok
17:44:40.0747 7824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
17:44:40.0748 7824 \Device\Harddisk5\DR5 - ok
17:44:40.0825 7824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk9\DR9
17:44:40.0953 7824 \Device\Harddisk9\DR9 - ok
17:44:40.0956 7824 Boot (0x1200) (6c4b8a0e33a248f948b8463660264bbf) \Device\Harddisk6\DR6\Partition0
17:44:40.0957 7824 \Device\Harddisk6\DR6\Partition0 - ok
17:44:40.0961 7824 Boot (0x1200) (8190a1ce822e084f578953f5ca63c5d5) \Device\Harddisk7\DR7\Partition0
17:44:40.0961 7824 \Device\Harddisk7\DR7\Partition0 - ok
17:44:40.0965 7824 Boot (0x1200) (f9b7217fca6fe6ff9620f8fe8ae40c15) \Device\Harddisk8\DR8\Partition0
17:44:40.0966 7824 \Device\Harddisk8\DR8\Partition0 - ok
17:44:40.0975 7824 Boot (0x1200) (7ff877ce6866a352af4b4d15ef0379a1) \Device\Harddisk4\DR4\Partition0
17:44:40.0975 7824 \Device\Harddisk4\DR4\Partition0 - ok
17:44:40.0997 7824 Boot (0x1200) (d4325264c51580c19fa3142c299460a0) \Device\Harddisk4\DR4\Partition1
17:44:40.0997 7824 \Device\Harddisk4\DR4\Partition1 - ok
17:44:41.0020 7824 Boot (0x1200) (3ac86245638d942d4e34f2c26298d6eb) \Device\Harddisk2\DR2\Partition0
17:44:41.0021 7824 \Device\Harddisk2\DR2\Partition0 - ok
17:44:41.0023 7824 Boot (0x1200) (b49853c6ff3985d85d9df6e2e721eb71) \Device\Harddisk3\DR3\Partition0
17:44:41.0024 7824 \Device\Harddisk3\DR3\Partition0 - ok
17:44:41.0026 7824 Boot (0x1200) (dd9d87e4f7e5ee0a7c84244c683010c3) \Device\Harddisk1\DR1\Partition0
17:44:41.0027 7824 \Device\Harddisk1\DR1\Partition0 - ok
17:44:41.0029 7824 Boot (0x1200) (05a396da334d890d23a5fe89eb184db1) \Device\Harddisk0\DR0\Partition0
17:44:41.0030 7824 \Device\Harddisk0\DR0\Partition0 - ok
17:44:41.0032 7824 Boot (0x1200) (984d4e418bd6d20f63b44844628fc53c) \Device\Harddisk5\DR5\Partition0
17:44:41.0033 7824 \Device\Harddisk5\DR5\Partition0 - ok
17:44:41.0051 7824 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk9\DR9\Partition0
17:44:41.0052 7824 \Device\Harddisk9\DR9\Partition0 - ok
17:44:41.0084 7824 Boot (0x1200) (e7d0e48a775adfd59605d09e5ce682aa) \Device\Harddisk9\DR9\Partition1
17:44:41.0086 7824 \Device\Harddisk9\DR9\Partition1 - ok
17:44:41.0086 7824 ============================================================
17:44:41.0086 7824 Scan finished
17:44:41.0086 7824 ============================================================
17:44:41.0095 7820 Detected object count: 0
17:44:41.0095 7820 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:01 PM

Posted 29 January 2012 - 08:31 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 argh21

argh21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 30 January 2012 - 12:28 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 21:21:12
-----------------------------
21:21:12.822 OS Version: Windows x64 6.1.7601 Service Pack 1
21:21:12.822 Number of processors: 8 586 0x1A04
21:21:12.823 ComputerName: xxx UserName: xxx
21:21:13.998 Initialize success
21:21:45.531 AVAST engine defs: 12012901
21:21:53.294 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5
21:21:53.297 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:21:53.299 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
21:21:53.302 Disk 1 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:21:53.305 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
21:21:53.308 Disk 2 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:21:53.311 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T1L0-6
21:21:53.314 Disk 3 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:21:53.319 Disk 4 (boot) \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP1T0L0-1
21:21:53.323 Disk 4 Vendor: ST3500630A 3.AAC Size: 476940MB BusType: 3
21:21:53.327 Disk 5 \Device\Harddisk5\DR5 -> \Device\Ide\IdeDeviceP5T0L0-7
21:21:53.332 Disk 5 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:21:53.337 Disk 6 \Device\Harddisk6\DR6 -> \Device\Scsi\mvSata1Port6Path0Target0Lun0
21:21:53.342 Disk 6 Vendor: WDC_____ 51.0 Size: 1907729MB BusType: 1
21:21:53.345 Disk 7 \Device\Harddisk7\DR7 -> \Device\Scsi\mvSata1Port6Path1Target0Lun0
21:21:53.349 Disk 7 Vendor: WDC_____ 51.0 Size: 1907729MB BusType: 1
21:21:53.352 Disk 8 \Device\Harddisk8\DR8 -> \Device\Scsi\mvSata1Port6Path2Target0Lun0
21:21:53.356 Disk 8 Vendor: WDC_____ 51.0 Size: 1907729MB BusType: 1
21:21:53.379 Disk 4 MBR read successfully
21:21:53.382 Disk 4 MBR scan
21:21:53.430 Disk 4 Windows 7 default MBR code
21:21:53.434 Disk 4 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
21:21:53.459 Disk 4 Partition - 00 0F Extended LBA 324312 MB offset 312576705
21:21:53.475 Disk 4 Partition 2 00 07 HPFS/NTFS NTFS 324312 MB offset 312576768
21:21:53.501 Service scanning
21:21:54.121 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:21:54.741 Modules scanning
21:21:54.747 Disk 4 trace - called modules:
21:21:54.766 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:21:54.771 1 nt!IofCallDriver -> \Device\Harddisk4\DR4[0xfffffa8006634060]
21:21:54.777 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8005528790]
21:21:54.782 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800630d680]
21:22:00.994 AVAST engine scan C:\Windows
21:22:05.265 AVAST engine scan C:\Windows\system32
21:25:23.178 AVAST engine scan C:\Windows\system32\drivers
21:25:36.392 AVAST engine scan C:\Users\bobo
21:32:06.075 AVAST engine scan C:\ProgramData
22:02:20.564 Scan finished successfully
12:27:26.300 Disk 4 MBR has been saved successfully to "E:\MBR.dat"
12:27:26.413 The log file has been saved successfully to "E:\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:01 PM

Posted 30 January 2012 - 12:57 PM

How has the computer been running


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 argh21

argh21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 30 January 2012 - 03:24 PM

Gringo,
I haven't had one of those weird ntdll.dll errors since we started this process.
Had the DNS thing happen once yesterday.

Can you tell from the logs if something was cleaned out already?

Thanks!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:01 PM

Posted 30 January 2012 - 04:17 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 argh21

argh21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 31 January 2012 - 04:31 PM

Nothing weird happening lately. Here are the requested logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:04 PM, on 31/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DynSite\DynSite.exe
C:\Program Files (x86)\DriverMax\drivermax.exe
C:\Program Files (x86)\DynDNS Updater\DynTray.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files (x86)\Subsonic\subsonic-agent.exe
C:\Program Files (x86)\palmOne\HOTSYNC.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\sysWow64\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={E2A3D0AD-4BF0-4233-A89E-18417A004BC9}&mid=c5e91fd07f0047d19f12d16f5ebf4334-6ae5292fa2302f161c2484d9e9a331b3eed15718&lang=en&ds=is015&pr=sa&d=2012-01-27 11:11:39&v=9.0.0.23&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DynSite] "C:\Program Files (x86)\DynSite\DynSite.exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\DriverMax\drivermax.exe" -agent
O4 - Startup: HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files (x86)\DynDNS Updater\DynTray.exe
O4 - Global Startup: Squeezebox Server Tray Tool.lnk = C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
O4 - Global Startup: Subsonic.lnk = C:\Program Files (x86)\Subsonic\subsonic-agent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E5D6748-4B66-4E96-ACFE-EF7056CBD77C}: NameServer = 208.67.220.220,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0176857-09A5-4B15-8DF5-DAB3D3DCF259}: Domain = domain.tshad.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0176857-09A5-4B15-8DF5-DAB3D3DCF259}: NameServer = 172.31.0.203,172.31.0.204
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E5D6748-4B66-4E96-ACFE-EF7056CBD77C}: NameServer = 208.67.220.220,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E5D6748-4B66-4E96-ACFE-EF7056CBD77C}: NameServer = 208.67.220.220,8.8.8.8
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\iked.exe
O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PACS Client Updater - Agfa Healthcare - C:\Program Files (x86)\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
O23 - Service: Subsonic - Unknown owner - C:\Program Files (x86)\Subsonic\subsonic-service.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11162 bytes



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bobo :: INTERSLICE [administrator]

31/01/2012 4:21:52 PM
mbam-log-2012-01-31 (16-21-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183210
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:01 PM

Posted 31 January 2012 - 06:20 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKCU\..\Run: [DynSite] "C:\Program Files (x86)\DynSite\DynSite.exe"
      O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUTray.exe
      O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\DriverMax\drivermax.exe" -agent
      O4 - Startup: HotSync Manager.lnk = C:\Program Files (x86)\palmOne\HOTSYNC.EXE
      O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files (x86)\DynDNS Updater\DynTray.exe
      O4 - Global Startup: Squeezebox Server Tray Tool.lnk = C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
      O4 - Global Startup: Subsonic.lnk = C:\Program Files (x86)\Subsonic\subsonic-agent.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 argh21

argh21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 02 February 2012 - 03:02 PM

Thanks for your help, Gringo. System has been stable, none of those dll errors for several days now.
From the logs and process we've been through, can you tell if I was indeed infected with something, and what it was? I'd like to avoid whatever it was in future!

HiJack was cool, I removed a few useless startup entries.

Eset results were largely things I'm not worried about - servu belongs there, and the other things look pretty innocuous.

C:\Documents and Settings\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_drivermax_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_winrar-x64-401_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\bobo\Downloads\FRESH INSTALL ESSENTIALS\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application
C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUDaemon.exe probably a variant of Win32/ServU-Daemon application
C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUTray.exe a variant of Win32/ServU-Daemon.AA application
C:\Users\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_drivermax_exe.exe a variant of Win32/InstallCore.D application
C:\Users\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_winrar-x64-401_exe.exe a variant of Win32/InstallCore.D application
C:\Users\bobo\Downloads\FRESH INSTALL ESSENTIALS\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application
Operating memory probably a variant of Win32/ServU-Daemon application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:01 PM

Posted 03 February 2012 - 01:02 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_drivermax_exe.exe"
    del /f /s /q "C:\Documents and Settings\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_winrar-x64-401_exe.exe"
    del /f /s /q "C:\Documents and Settings\bobo\Downloads\FRESH INSTALL ESSENTIALS\winamp5621_full_emusic-7plus_all.exe"
    del /f /s /q "C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUDaemon.exe"
    del /f /s /q "C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUTray.exe"
    del /f /s /q "C:\Users\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_drivermax_exe.exe"
    del /f /s /q "C:\Users\bobo\Downloads\FRESH INSTALL ESSENTIALS\cnet_winrar-x64-401_exe.exe"
    del /f /s /q "C:\Users\bobo\Downloads\FRESH INSTALL ESSENTIALS\winamp5621_full_emusic-7plus_all.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users