Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows will not load/ win7 antivirus software infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 u2kid22

u2kid22

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 28 January 2012 - 09:56 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by mlmarlin at 18:35:21 on 2012-01-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1903.792 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rpcnet.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\mlmarlin\AppData\Local\gpt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.episd.org
uDefault_Page_URL = hxxp://www.episd.org
uWindow Title = Windows Internet Explorer provided by the EPISD
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi5c88~1\datamngr\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi5c88~1\datamngr\IEBHO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
TB: !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi5c88~1\datamngr\toolbar\searchqudtx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DagentUI] c:\program files\altiris\dagent\dagentui.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
mRun: [ActivControl] c:\program files\activ software\activdriver\ActivControl2.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DATAMNGR] c:\progra~1\wi5c88~1\datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\pixela\mediabrowser le\MBCameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)
uPolicies-explorer: NoPropertiesMyDocuments = 1 (0x1)
uPolicies-explorer: ConfirmFileDelete = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{73F313AC-4043-4DF6-8DFF-7E059FC2BFC2} : DhcpNameServer = 10.254.8.5 10.254.8.6
TCP: Interfaces\{B8B4C4C5-877F-40D1-A81D-205AC8F9559D} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B8B4C4C5-877F-40D1-A81D-205AC8F9559D}\2375942554732333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8B4C4C5-877F-40D1-A81D-205AC8F9559D}\5405943544 : DhcpNameServer = 10.254.8.4 10.254.8.5
Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: c:\progra~1\wi5c88~1\datamngr\datamngr.dll c:\progra~1\wi5c88~1\datamngr\iebho.dll c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mlmarlin\appdata\roaming\mozilla\firefox\profiles\uadr0i6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\windows savevid toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mlmarlin\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-10 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-10 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-1-10 656320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-2-23 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-2-23 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-2-23 38912]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2009-5-5 55936]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-23 224424]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2009-10-5 6144]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2011-1-25 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2011-1-25 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2011-1-25 21872]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-28 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-28 314456]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-1-10 233976]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2011-2-24 122360]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-2-23 81920]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2010-3-22 1254736]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-28 20568]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-28 55128]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-28 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2010-8-23 103992]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-21 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-9-27 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-10-1 280120]
S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-2-24 635416]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-2-24 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-2-24 97520]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-1-10 371472]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-1-10 1117144]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-2-24 1541360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-2-23 2320920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-21 246272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-2-23 23928]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-24 1343400]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-2-23 22536]
.
=============== File Associations ===============
.
.exe=05
.
=============== Created Last 30 ================
.
2012-01-28 20:33:15 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-28 20:33:15 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-28 20:33:09 41184 ----a-w- c:\windows\avastSS.scr
2012-01-28 20:33:03 -------- d-----w- c:\programdata\AVAST Software
2012-01-28 20:33:03 -------- d-----w- c:\program files\AVAST Software
2012-01-10 20:10:50 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-10 20:10:50 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-10 20:10:50 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-10 20:10:50 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-01-10 20:10:46 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-10 20:10:46 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-10 20:10:45 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-10 20:10:42 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-10 20:10:32 -------- d-----w- c:\programdata\PC Tools
2012-01-10 20:10:32 -------- d-----w- c:\program files\PC Tools Security
2012-01-10 20:10:32 -------- d-----w- c:\program files\common files\PC Tools
2012-01-10 16:57:13 2422784 ----a-w- c:\users\mlmarlin\appdata\local\gpt.exe
2012-01-08 22:09:29 -------- d-----w- c:\users\mlmarlin\appdata\local\{92DE7B2C-009A-4A0F-8297-C736EB3BC458}
2012-01-08 22:09:18 -------- d-----w- c:\users\mlmarlin\appdata\local\{CA82AA26-B3E3-4A47-94A2-FDC69169A7E2}
2012-01-08 22:06:23 272384 ----a-w- c:\users\mlmarlin\appdata\local\kxa.exe
2012-01-06 16:03:56 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb3c0eb1-816b-46b7-9cab-6740c9d1d869}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-29 00:12:29 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-29 00:12:27 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-12-26 17:47:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:36:24.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 28 January 2012 - 11:14 PM

Hello u2kid22,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKIller log
Combofix.txt
How is our machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 u2kid22

u2kid22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 30 January 2012 - 07:24 PM

here are the logs. Also when i ran combofix, it continually said that sophos was running but i had it disabled, it ran anyway. Hopefully this does not create bad results. I am now able to log into regular windows, prior to these steps i could only log into safe mode.
Thanks again

tdss log:

14:24:03.0934 1936 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
14:24:04.0398 1936 ============================================================
14:24:04.0398 1936 Current date / time: 2012/01/30 14:24:04.0398
14:24:04.0399 1936 SystemInfo:
14:24:04.0399 1936
14:24:04.0399 1936 OS Version: 6.1.7601 ServicePack: 1.0
14:24:04.0399 1936 Product type: Workstation
14:24:04.0399 1936 ComputerName: CNU1020G8Q
14:24:04.0399 1936 UserName: mlmarlin
14:24:04.0399 1936 Windows directory: C:\Windows
14:24:04.0399 1936 System windows directory: C:\Windows
14:24:04.0399 1936 Processor architecture: Intel x86
14:24:04.0399 1936 Number of processors: 4
14:24:04.0399 1936 Page size: 0x1000
14:24:04.0399 1936 Boot type: Safe boot with network
14:24:04.0399 1936 ============================================================
14:24:05.0032 1936 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:24:05.0034 1936 \Device\Harddisk0\DR0:
14:24:05.0034 1936 MBR used
14:24:05.0034 1936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x66000, BlocksNum 0x8D800
14:24:05.0034 1936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF3800, BlocksNum 0x12925EB0
14:24:05.0092 1936 Initialize success
14:24:05.0092 1936 ============================================================
14:24:33.0869 0812 ============================================================
14:24:33.0869 0812 Scan started
14:24:33.0869 0812 Mode: Manual;
14:24:33.0869 0812 ============================================================
14:24:34.0583 0812 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:24:34.0585 0812 1394ohci - ok
14:24:34.0635 0812 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:24:34.0635 0812 Accelerometer - ok
14:24:34.0734 0812 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:24:34.0738 0812 ACPI - ok
14:24:34.0801 0812 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:24:34.0802 0812 AcpiPmi - ok
14:24:34.0867 0812 ActivHidSerMini (092542818ccd17b659e17e4dcb427bad) C:\Windows\system32\DRIVERS\activhidsermini.sys
14:24:34.0869 0812 ActivHidSerMini - ok
14:24:35.0003 0812 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:24:35.0008 0812 adp94xx - ok
14:24:35.0069 0812 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:24:35.0073 0812 adpahci - ok
14:24:35.0115 0812 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:24:35.0117 0812 adpu320 - ok
14:24:35.0255 0812 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:24:35.0259 0812 AFD - ok
14:24:35.0374 0812 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
14:24:35.0397 0812 AgereSoftModem - ok
14:24:35.0450 0812 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:24:35.0452 0812 agp440 - ok
14:24:35.0560 0812 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:24:35.0562 0812 aic78xx - ok
14:24:35.0625 0812 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:24:35.0626 0812 aliide - ok
14:24:35.0682 0812 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:24:35.0684 0812 amdagp - ok
14:24:35.0761 0812 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:24:35.0763 0812 amdide - ok
14:24:35.0819 0812 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:24:35.0821 0812 AmdK8 - ok
14:24:35.0856 0812 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:24:35.0858 0812 AmdPPM - ok
14:24:35.0950 0812 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:24:35.0952 0812 amdsata - ok
14:24:36.0055 0812 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:24:36.0058 0812 amdsbs - ok
14:24:36.0122 0812 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:24:36.0123 0812 amdxata - ok
14:24:36.0176 0812 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:24:36.0178 0812 AppID - ok
14:24:36.0233 0812 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:24:36.0235 0812 arc - ok
14:24:36.0244 0812 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:24:36.0246 0812 arcsas - ok
14:24:36.0301 0812 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
14:24:36.0302 0812 aswFsBlk - ok
14:24:36.0357 0812 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
14:24:36.0359 0812 aswMonFlt - ok
14:24:36.0385 0812 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
14:24:36.0386 0812 aswRdr - ok
14:24:36.0431 0812 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
14:24:36.0436 0812 aswSnx - ok
14:24:36.0502 0812 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
14:24:36.0506 0812 aswSP - ok
14:24:36.0558 0812 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
14:24:36.0559 0812 aswTdi - ok
14:24:36.0620 0812 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:36.0621 0812 AsyncMac - ok
14:24:36.0681 0812 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:24:36.0683 0812 atapi - ok
14:24:36.0794 0812 awecho (c7dfd42d1906bb6f3ab7368a638c706a) C:\Windows\system32\drivers\awechomd.sys
14:24:36.0795 0812 awecho - ok
14:24:36.0859 0812 awlegacy (fcd631b75d01fecb673d52bfe87774ac) C:\Windows\System32\Drivers\awlegacy.sys
14:24:36.0860 0812 awlegacy - ok
14:24:36.0885 0812 AW_HOST (be23b51d1af7ab948f883f864454393d) C:\Windows\system32\drivers\aw_host5.sys
14:24:36.0886 0812 AW_HOST - ok
14:24:36.0943 0812 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:24:36.0948 0812 b06bdrv - ok
14:24:36.0988 0812 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:24:36.0991 0812 b57nd60x - ok
14:24:37.0090 0812 BCM43XX (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:24:37.0105 0812 BCM43XX - ok
14:24:37.0173 0812 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:24:37.0174 0812 Beep - ok
14:24:37.0198 0812 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:24:37.0200 0812 blbdrive - ok
14:24:37.0292 0812 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:24:37.0293 0812 bowser - ok
14:24:37.0302 0812 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:24:37.0303 0812 BrFiltLo - ok
14:24:37.0311 0812 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:24:37.0312 0812 BrFiltUp - ok
14:24:37.0376 0812 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:24:37.0380 0812 Brserid - ok
14:24:37.0416 0812 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:37.0418 0812 BrSerWdm - ok
14:24:37.0426 0812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:37.0427 0812 BrUsbMdm - ok
14:24:37.0436 0812 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:24:37.0437 0812 BrUsbSer - ok
14:24:37.0488 0812 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:24:37.0490 0812 BTHMODEM - ok
14:24:37.0556 0812 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:24:37.0557 0812 cdfs - ok
14:24:37.0608 0812 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:24:37.0610 0812 cdrom - ok
14:24:37.0679 0812 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:24:37.0681 0812 circlass - ok
14:24:37.0761 0812 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:24:37.0765 0812 CLFS - ok
14:24:37.0799 0812 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:24:37.0800 0812 CmBatt - ok
14:24:37.0818 0812 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:24:37.0820 0812 cmdide - ok
14:24:37.0870 0812 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:24:37.0875 0812 CNG - ok
14:24:37.0928 0812 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:24:37.0929 0812 Compbatt - ok
14:24:37.0984 0812 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:24:37.0985 0812 CompositeBus - ok
14:24:38.0006 0812 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:24:38.0007 0812 crcdisk - ok
14:24:38.0071 0812 CSC (07777fae5c2d6e0c788ace83339ee41b) C:\Windows\system32\drivers\csc.sys
14:24:38.0073 0812 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: 07777fae5c2d6e0c788ace83339ee41b, Fake md5: 3c2177a897b4ca2788c6fb0c3fd81d4b
14:24:38.0074 0812 CSC ( Virus.Win32.ZAccess.k ) - infected
14:24:38.0074 0812 CSC - detected Virus.Win32.ZAccess.k (0)
14:24:38.0129 0812 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:24:38.0130 0812 DfsC - ok
14:24:38.0178 0812 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:24:38.0179 0812 discache - ok
14:24:38.0231 0812 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:24:38.0233 0812 Disk - ok
14:24:38.0292 0812 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:24:38.0293 0812 drmkaud - ok
14:24:38.0369 0812 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:24:38.0377 0812 DXGKrnl - ok
14:24:38.0484 0812 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
14:24:38.0486 0812 e1kexpress - ok
14:24:38.0573 0812 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:24:38.0640 0812 ebdrv - ok
14:24:38.0674 0812 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:24:38.0679 0812 elxstor - ok
14:24:38.0725 0812 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:24:38.0727 0812 ErrDev - ok
14:24:38.0742 0812 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:24:38.0744 0812 exfat - ok
14:24:38.0793 0812 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:24:38.0795 0812 fastfat - ok
14:24:38.0806 0812 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:24:38.0807 0812 fdc - ok
14:24:38.0860 0812 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:24:38.0862 0812 FileInfo - ok
14:24:38.0882 0812 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:24:38.0884 0812 Filetrace - ok
14:24:38.0913 0812 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:24:38.0915 0812 flpydisk - ok
14:24:38.0940 0812 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:24:38.0943 0812 FltMgr - ok
14:24:38.0993 0812 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:24:38.0994 0812 FsDepends - ok
14:24:39.0040 0812 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:24:39.0042 0812 Fs_Rec - ok
14:24:39.0104 0812 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:24:39.0107 0812 fvevol - ok
14:24:39.0116 0812 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:24:39.0118 0812 gagp30kx - ok
14:24:39.0169 0812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:24:39.0170 0812 GEARAspiWDM - ok
14:24:39.0234 0812 Gernuwa (b390bc5aa09f333c5d95be651c073564) C:\Windows\system32\drivers\Gernuwa.sys
14:24:39.0235 0812 Gernuwa - ok
14:24:39.0305 0812 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:24:39.0306 0812 hcw85cir - ok
14:24:39.0364 0812 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:24:39.0368 0812 HdAudAddService - ok
14:24:39.0413 0812 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:24:39.0415 0812 HDAudBus - ok
14:24:39.0482 0812 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
14:24:39.0483 0812 HECI - ok
14:24:39.0499 0812 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:24:39.0501 0812 HidBatt - ok
14:24:39.0538 0812 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:24:39.0540 0812 HidBth - ok
14:24:39.0548 0812 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:24:39.0550 0812 HidIr - ok
14:24:39.0605 0812 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:24:39.0606 0812 HidUsb - ok
14:24:39.0678 0812 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:24:39.0679 0812 hpdskflt - ok
14:24:39.0731 0812 HpqKbFiltr (ee9f88368739554dcca142ae0214bcb1) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:24:39.0732 0812 HpqKbFiltr - ok
14:24:39.0791 0812 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:24:39.0793 0812 HpSAMD - ok
14:24:39.0826 0812 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:24:39.0832 0812 HTTP - ok
14:24:39.0863 0812 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:24:39.0864 0812 hwpolicy - ok
14:24:39.0920 0812 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:24:39.0921 0812 i8042prt - ok
14:24:39.0994 0812 iaStor (d9d3f168a2fd4c2380d98821a3ff3357) C:\Windows\system32\DRIVERS\iaStor.sys
14:24:39.0997 0812 iaStor - ok
14:24:40.0064 0812 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:24:40.0068 0812 iaStorV - ok
14:24:40.0276 0812 igfx (db7413cf09d74231720f78737dcf4188) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:24:40.0467 0812 igfx - ok
14:24:40.0486 0812 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:24:40.0488 0812 iirsp - ok
14:24:40.0538 0812 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
14:24:40.0540 0812 Impcd - ok
14:24:40.0602 0812 IntcDAud (af6d1e38bce11daba4c01d6a6de94410) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:24:40.0606 0812 IntcDAud - ok
14:24:40.0666 0812 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:24:40.0667 0812 intelide - ok
14:24:40.0683 0812 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:24:40.0685 0812 intelppm - ok
14:24:40.0725 0812 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:24:40.0727 0812 IpFilterDriver - ok
14:24:40.0751 0812 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:24:40.0753 0812 IPMIDRV - ok
14:24:40.0786 0812 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:24:40.0788 0812 IPNAT - ok
14:24:40.0852 0812 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:24:40.0853 0812 IRENUM - ok
14:24:40.0872 0812 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:24:40.0874 0812 isapnp - ok
14:24:40.0931 0812 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:24:40.0934 0812 iScsiPrt - ok
14:24:40.0985 0812 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
14:24:40.0986 0812 kbdclass - ok
14:24:41.0034 0812 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:24:41.0036 0812 kbdhid - ok
14:24:41.0057 0812 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:24:41.0058 0812 KSecDD - ok
14:24:41.0103 0812 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:24:41.0106 0812 KSecPkg - ok
14:24:41.0180 0812 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:24:41.0182 0812 lltdio - ok
14:24:41.0296 0812 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:24:41.0298 0812 LSI_FC - ok
14:24:41.0338 0812 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:24:41.0340 0812 LSI_SAS - ok
14:24:41.0349 0812 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:24:41.0351 0812 LSI_SAS2 - ok
14:24:41.0360 0812 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:24:41.0362 0812 LSI_SCSI - ok
14:24:41.0414 0812 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:24:41.0416 0812 luafv - ok
14:24:41.0481 0812 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:24:41.0483 0812 megasas - ok
14:24:41.0527 0812 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:24:41.0530 0812 MegaSR - ok
14:24:41.0556 0812 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:24:41.0558 0812 Modem - ok
14:24:41.0604 0812 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:24:41.0605 0812 monitor - ok
14:24:41.0624 0812 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:24:41.0625 0812 mouclass - ok
14:24:41.0675 0812 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:24:41.0676 0812 mouhid - ok
14:24:41.0728 0812 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:24:41.0729 0812 mountmgr - ok
14:24:41.0751 0812 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:24:41.0753 0812 mpio - ok
14:24:41.0799 0812 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:24:41.0800 0812 mpsdrv - ok
14:24:41.0846 0812 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:24:41.0848 0812 MRxDAV - ok
14:24:41.0877 0812 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:24:41.0879 0812 mrxsmb - ok
14:24:41.0935 0812 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:24:41.0938 0812 mrxsmb10 - ok
14:24:41.0982 0812 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:24:41.0984 0812 mrxsmb20 - ok
14:24:42.0032 0812 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:24:42.0033 0812 msahci - ok
14:24:42.0059 0812 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:24:42.0061 0812 msdsm - ok
14:24:42.0114 0812 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:24:42.0116 0812 Msfs - ok
14:24:42.0174 0812 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:24:42.0175 0812 mshidkmdf - ok
14:24:42.0226 0812 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:24:42.0227 0812 msisadrv - ok
14:24:42.0292 0812 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:24:42.0293 0812 MSKSSRV - ok
14:24:42.0338 0812 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:24:42.0340 0812 MSPCLOCK - ok
14:24:42.0349 0812 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:24:42.0350 0812 MSPQM - ok
14:24:42.0373 0812 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:24:42.0375 0812 MsRPC - ok
14:24:42.0418 0812 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:24:42.0419 0812 mssmbios - ok
14:24:42.0440 0812 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:24:42.0442 0812 MSTEE - ok
14:24:42.0481 0812 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:24:42.0482 0812 MTConfig - ok
14:24:42.0502 0812 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:24:42.0503 0812 Mup - ok
14:24:42.0564 0812 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:24:42.0567 0812 NativeWifiP - ok
14:24:42.0616 0812 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:24:42.0624 0812 NDIS - ok
14:24:42.0669 0812 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:24:42.0670 0812 NdisCap - ok
14:24:42.0712 0812 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:24:42.0713 0812 NdisTapi - ok
14:24:42.0744 0812 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:24:42.0745 0812 Ndisuio - ok
14:24:42.0812 0812 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:24:42.0814 0812 NdisWan - ok
14:24:42.0865 0812 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:24:42.0867 0812 NDProxy - ok
14:24:42.0923 0812 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:24:42.0924 0812 NetBIOS - ok
14:24:42.0971 0812 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:24:42.0973 0812 NetBT - ok
14:24:43.0055 0812 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:24:43.0057 0812 nfrd960 - ok
14:24:43.0109 0812 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:24:43.0110 0812 Npfs - ok
14:24:43.0152 0812 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:24:43.0153 0812 nsiproxy - ok
14:24:43.0206 0812 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:24:43.0239 0812 Ntfs - ok
14:24:43.0292 0812 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:24:43.0293 0812 Null - ok
14:24:43.0344 0812 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:24:43.0346 0812 nvraid - ok
14:24:43.0366 0812 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:24:43.0369 0812 nvstor - ok
14:24:43.0420 0812 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:24:43.0422 0812 nv_agp - ok
14:24:43.0472 0812 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:24:43.0474 0812 ohci1394 - ok
14:24:43.0542 0812 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:24:43.0543 0812 Parport - ok
14:24:43.0597 0812 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:24:43.0599 0812 partmgr - ok
14:24:43.0619 0812 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:24:43.0620 0812 Parvdm - ok
14:24:43.0674 0812 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:24:43.0676 0812 pci - ok
14:24:43.0741 0812 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:24:43.0743 0812 pciide - ok
14:24:43.0796 0812 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:24:43.0799 0812 pcmcia - ok
14:24:43.0850 0812 PCTCore (3e8ce6c67b292a4fdf65ed625e5f5e81) C:\Windows\system32\drivers\PCTCore.sys
14:24:43.0854 0812 PCTCore - ok
14:24:43.0908 0812 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
14:24:43.0913 0812 pctDS - ok
14:24:43.0957 0812 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
14:24:43.0965 0812 pctEFA - ok
14:24:43.0994 0812 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\Windows\system32\Drivers\PCTSD.sys
14:24:43.0997 0812 PCTSD - ok
14:24:44.0034 0812 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:24:44.0036 0812 pcw - ok
14:24:44.0066 0812 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:24:44.0073 0812 PEAUTH - ok
14:24:44.0164 0812 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:24:44.0166 0812 PptpMiniport - ok
14:24:44.0220 0812 prmvmouse (20a45d4fdfcc079265816e8f46acb1ae) C:\Windows\system32\DRIVERS\activmouse.sys
14:24:44.0221 0812 prmvmouse - ok
14:24:44.0229 0812 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:24:44.0231 0812 Processor - ok
14:24:44.0290 0812 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:24:44.0292 0812 Psched - ok
14:24:44.0344 0812 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:24:44.0372 0812 ql2300 - ok
14:24:44.0408 0812 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:24:44.0410 0812 ql40xx - ok
14:24:44.0426 0812 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:24:44.0428 0812 QWAVEdrv - ok
14:24:44.0466 0812 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:24:44.0467 0812 RasAcd - ok
14:24:44.0495 0812 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:24:44.0496 0812 RasAgileVpn - ok
14:24:44.0540 0812 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:24:44.0542 0812 Rasl2tp - ok
14:24:44.0600 0812 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:24:44.0602 0812 RasPppoe - ok
14:24:44.0657 0812 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:24:44.0659 0812 RasSstp - ok
14:24:44.0680 0812 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:24:44.0683 0812 rdbss - ok
14:24:44.0729 0812 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:24:44.0730 0812 rdpbus - ok
14:24:44.0795 0812 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:24:44.0796 0812 RDPCDD - ok
14:24:44.0847 0812 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:24:44.0849 0812 RDPDR - ok
14:24:44.0907 0812 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:24:44.0908 0812 RDPENCDD - ok
14:24:44.0920 0812 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:24:44.0921 0812 RDPREFMP - ok
14:24:44.0975 0812 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:24:44.0977 0812 RDPWD - ok
14:24:45.0035 0812 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:24:45.0038 0812 rdyboost - ok
14:24:45.0098 0812 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
14:24:45.0100 0812 rimspci - ok
14:24:45.0156 0812 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\Windows\system32\DRIVERS\risdpe86.sys
14:24:45.0157 0812 risdpcie - ok
14:24:45.0173 0812 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys
14:24:45.0174 0812 rixdpcie - ok
14:24:45.0229 0812 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:24:45.0231 0812 rspndr - ok
14:24:45.0287 0812 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:24:45.0288 0812 s3cap - ok
14:24:45.0344 0812 SAVOnAccess (ae668d3f43fc90bc17f62e08ff82a446) C:\Windows\system32\DRIVERS\savonaccess.sys
14:24:45.0347 0812 SAVOnAccess - ok
14:24:45.0409 0812 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:24:45.0411 0812 sbp2port - ok
14:24:45.0432 0812 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:24:45.0433 0812 scfilter - ok
14:24:45.0528 0812 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
14:24:45.0530 0812 sdbus - ok
14:24:45.0548 0812 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\Windows\system32\DRIVERS\sdcfilter.sys
14:24:45.0549 0812 sdcfilter - ok
14:24:45.0623 0812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:24:45.0624 0812 secdrv - ok
14:24:45.0689 0812 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:24:45.0690 0812 Serenum - ok
14:24:45.0727 0812 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:24:45.0729 0812 Serial - ok
14:24:45.0783 0812 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:24:45.0785 0812 sermouse - ok
14:24:45.0842 0812 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:24:45.0844 0812 sffdisk - ok
14:24:45.0860 0812 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:24:45.0861 0812 sffp_mmc - ok
14:24:45.0909 0812 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:24:45.0910 0812 sffp_sd - ok
14:24:45.0924 0812 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:24:45.0926 0812 sfloppy - ok
14:24:45.0982 0812 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:24:45.0983 0812 sisagp - ok
14:24:46.0036 0812 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:24:46.0037 0812 SiSRaid2 - ok
14:24:46.0061 0812 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:24:46.0063 0812 SiSRaid4 - ok
14:24:46.0158 0812 SMARTMouseFilterx86 (1e8d2000b9352a7723910ff755700aa7) C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
14:24:46.0159 0812 SMARTMouseFilterx86 - ok
14:24:46.0219 0812 SMARTVHidMini2000x86 (a6a27763823516f53125dfab33e90ce5) C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
14:24:46.0219 0812 SMARTVHidMini2000x86 - ok
14:24:46.0239 0812 SMARTVTabletPCx86 (39c68585691920c625697d5a865cca95) C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
14:24:46.0240 0812 SMARTVTabletPCx86 - ok
14:24:46.0300 0812 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:24:46.0302 0812 Smb - ok
14:24:46.0435 0812 SNP2UVC (c2a90604b7f85cb4afad61f9edd05da8) C:\Windows\system32\DRIVERS\snp2uvc.sys
14:24:46.0477 0812 SNP2UVC - ok
14:24:46.0534 0812 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
14:24:46.0535 0812 SophosBootDriver - ok
14:24:46.0560 0812 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:24:46.0561 0812 spldr - ok
14:24:46.0615 0812 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:24:46.0620 0812 srv - ok
14:24:46.0661 0812 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:24:46.0666 0812 srv2 - ok
14:24:46.0712 0812 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:24:46.0715 0812 srvnet - ok
14:24:46.0749 0812 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:24:46.0751 0812 stexstor - ok
14:24:46.0848 0812 STHDA (8a8246f40792956e957f3e8d0c188963) C:\Windows\system32\DRIVERS\stwrt.sys
14:24:46.0854 0812 STHDA - ok
14:24:46.0909 0812 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:24:46.0911 0812 storflt - ok
14:24:46.0970 0812 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:24:46.0972 0812 storvsc - ok
14:24:46.0991 0812 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:24:46.0992 0812 swenum - ok
14:24:47.0115 0812 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
14:24:47.0126 0812 SynTP - ok
14:24:47.0195 0812 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:24:47.0225 0812 Tcpip - ok
14:24:47.0281 0812 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:24:47.0288 0812 TCPIP6 - ok
14:24:47.0338 0812 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:24:47.0340 0812 tcpipreg - ok
14:24:47.0406 0812 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:24:47.0408 0812 TDPIPE - ok
14:24:47.0424 0812 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:24:47.0425 0812 TDTCP - ok
14:24:47.0479 0812 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:24:47.0481 0812 tdx - ok
14:24:47.0525 0812 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:24:47.0526 0812 TermDD - ok
14:24:47.0587 0812 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
14:24:47.0589 0812 TPM - ok
14:24:47.0615 0812 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:24:47.0616 0812 tssecsrv - ok
14:24:47.0682 0812 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:24:47.0683 0812 TsUsbFlt - ok
14:24:47.0780 0812 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:24:47.0782 0812 tunnel - ok
14:24:47.0803 0812 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:24:47.0805 0812 uagp35 - ok
14:24:47.0860 0812 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:24:47.0863 0812 udfs - ok
14:24:47.0927 0812 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:24:47.0929 0812 uliagpkx - ok
14:24:48.0031 0812 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:24:48.0033 0812 umbus - ok
14:24:48.0053 0812 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:24:48.0054 0812 UmPass - ok
14:24:48.0117 0812 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:24:48.0119 0812 USBAAPL - ok
14:24:48.0216 0812 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:24:48.0218 0812 usbccgp - ok
14:24:48.0275 0812 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:24:48.0277 0812 usbcir - ok
14:24:48.0292 0812 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
14:24:48.0293 0812 usbehci - ok
14:24:48.0345 0812 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:24:48.0348 0812 usbhub - ok
14:24:48.0404 0812 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:24:48.0405 0812 usbohci - ok
14:24:48.0423 0812 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:24:48.0424 0812 usbprint - ok
14:24:48.0467 0812 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:24:48.0469 0812 usbscan - ok
14:24:48.0528 0812 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:24:48.0529 0812 USBSTOR - ok
14:24:48.0549 0812 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:24:48.0551 0812 usbuhci - ok
14:24:48.0602 0812 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
14:24:48.0604 0812 usbvideo - ok
14:24:48.0664 0812 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:24:48.0665 0812 vdrvroot - ok
14:24:48.0714 0812 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:24:48.0715 0812 vga - ok
14:24:48.0729 0812 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:24:48.0730 0812 VgaSave - ok
14:24:48.0786 0812 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:24:48.0789 0812 vhdmp - ok
14:24:48.0840 0812 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:24:48.0842 0812 viaagp - ok
14:24:48.0865 0812 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:24:48.0866 0812 ViaC7 - ok
14:24:48.0912 0812 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:24:48.0914 0812 viaide - ok
14:24:48.0963 0812 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:24:48.0966 0812 vmbus - ok
14:24:48.0986 0812 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:24:48.0987 0812 VMBusHID - ok
14:24:49.0031 0812 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:24:49.0033 0812 volmgr - ok
14:24:49.0139 0812 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:24:49.0143 0812 volmgrx - ok
14:24:49.0168 0812 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:24:49.0171 0812 volsnap - ok
14:24:49.0230 0812 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:24:49.0233 0812 vsmraid - ok
14:24:49.0289 0812 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:24:49.0290 0812 vwifibus - ok
14:24:49.0337 0812 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:24:49.0339 0812 vwififlt - ok
14:24:49.0351 0812 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:24:49.0353 0812 WacomPen - ok
14:24:49.0399 0812 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:24:49.0401 0812 WANARP - ok
14:24:49.0405 0812 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:24:49.0406 0812 Wanarpv6 - ok
14:24:49.0453 0812 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:24:49.0454 0812 Wd - ok
14:24:49.0480 0812 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:24:49.0485 0812 Wdf01000 - ok
14:24:49.0576 0812 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:24:49.0577 0812 WfpLwf - ok
14:24:49.0586 0812 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:24:49.0587 0812 WIMMount - ok
14:24:49.0649 0812 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:24:49.0650 0812 WinUsb - ok
14:24:49.0708 0812 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:24:49.0708 0812 WmiAcpi - ok
14:24:49.0739 0812 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:24:49.0740 0812 ws2ifsl - ok
14:24:49.0791 0812 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:24:49.0794 0812 WudfPf - ok
14:24:49.0869 0812 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:24:49.0872 0812 WUDFRd - ok
14:24:49.0965 0812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:24:50.0019 0812 \Device\Harddisk0\DR0 - ok
14:24:50.0022 0812 Boot (0x1200) (055454404b40b5d8769f1dc3419b7b7c) \Device\Harddisk0\DR0\Partition0
14:24:50.0023 0812 \Device\Harddisk0\DR0\Partition0 - ok
14:24:50.0030 0812 Boot (0x1200) (de7f578a9d0eade14e4f6b9ae1eff0dc) \Device\Harddisk0\DR0\Partition1
14:24:50.0031 0812 \Device\Harddisk0\DR0\Partition1 - ok
14:24:50.0031 0812 ============================================================
14:24:50.0031 0812 Scan finished
14:24:50.0031 0812 ============================================================
14:24:50.0039 1036 Detected object count: 1
14:24:50.0039 1036 Actual detected object count: 1
14:25:13.0521 1036 C:\Windows\system32\drivers\csc.sys - copied to quarantine
14:25:13.0605 1036 Backup copy found, using it..
14:25:13.0614 1036 C:\Windows\system32\drivers\csc.sys - will be cured on reboot
14:25:15.0974 1036 CSC ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:25:19.0283 1992 Deinitialize success

combofix log:

ComboFix 12-01-30.02 - mlmarlin 01/30/2012 16:48:29.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1903.1165 [GMT -7:00]
Running from: c:\users\mlmarlin\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB39807$
c:\windows\WindowsUpdate.log
.
---- Previous Run -------
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\mlmarlin\AppData\Local\gpt.exe
c:\users\mlmarlin\AppData\Local\kxa.exe
c:\windows\$NtUninstallKB39807$\1356215955
c:\windows\$NtUninstallKB39807$\1680211802\@
c:\windows\$NtUninstallKB39807$\1680211802\bckfg.tmp
c:\windows\$NtUninstallKB39807$\1680211802\cfg.ini
c:\windows\$NtUninstallKB39807$\1680211802\Desktop.ini
c:\windows\$NtUninstallKB39807$\1680211802\keywords
c:\windows\$NtUninstallKB39807$\1680211802\kwrd.dll
c:\windows\$NtUninstallKB39807$\1680211802\L\xadqgnnk
c:\windows\$NtUninstallKB39807$\1680211802\lsflt7.ver
c:\windows\$NtUninstallKB39807$\1680211802\U\00000001.@
c:\windows\$NtUninstallKB39807$\1680211802\U\00000002.@
c:\windows\$NtUninstallKB39807$\1680211802\U\00000004.@
c:\windows\$NtUninstallKB39807$\1680211802\U\80000000.@
c:\windows\$NtUninstallKB39807$\1680211802\U\80000004.@
c:\windows\$NtUninstallKB39807$\1680211802\U\80000032.@
c:\windows\$NtUninstallKB39807$\1680211802\version
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-30 23:59 . 2012-01-31 00:01 -------- d-----w- c:\users\mlmarlin\AppData\Local\temp
2012-01-30 23:59 . 2012-01-30 23:59 -------- d-----w- c:\users\EPISD\AppData\Local\temp
2012-01-30 23:59 . 2012-01-30 23:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-30 23:45 . 2010-11-20 10:06 46080 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2012-01-30 22:31 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-30 21:25 . 2012-01-30 21:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-28 20:33 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-28 20:33 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-28 20:33 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-28 20:33 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-28 20:33 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-28 20:33 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-28 20:33 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-28 20:33 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-28 20:33 . 2012-01-28 20:33 -------- d-----w- c:\programdata\AVAST Software
2012-01-28 20:33 . 2012-01-28 20:33 -------- d-----w- c:\program files\AVAST Software
2012-01-06 16:03 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB3C0EB1-816B-46B7-9CAB-6740C9D1D869}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 00:00 . 2011-03-30 01:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-31 00:00 . 2011-03-24 02:59 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-30 21:28 . 2011-02-24 17:27 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-12-26 17:47 . 2011-08-16 02:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25 . 2011-12-15 06:32 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26 . 2011-12-15 06:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-23 16:31 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-23 16:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-23 16:31 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-23 16:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-20 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-20 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-20 170520]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-08-23 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DagentUI"="c:\program files\Altiris\Dagent\dagentui.exe" [2010-03-22 554320]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-24 273544]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-03-06 563736]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-26 5893488]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-26 1678704]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-03-23 1088800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Monitor LE.lnk - c:\program files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe [2011-5-13 271640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoPropertiesMyDocuments"= 1 (0x1)
"ConfirmFileDelete"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 18:10 18744 ------w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI5C88~1\Datamngr\datamngr.dll c:\progra~1\WI5C88~1\Datamngr\IEBHO.dll c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2178318050-4127157590-4182578819-12233\Scripts\Logon\0\0]
"Script"=teachcut.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-02-23 23928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-24 1343400]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-02-23 22536]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-02-24 122360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\Dagent\dagent.exe [2010-03-22 1254736]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-08-23 103992]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-28 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-03-06 635416]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-12-12 38912]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-02-24 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-02-24 97520]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-02-24 1541360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 246272]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2011-01-26 11632]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2011-01-26 14704]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2011-01-26 21872]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 00:25]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 00:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.episd.org
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-10 - (no file)
Toolbar-!{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
SafeBoot-24343888.sys
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4836)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\pcAnywhere\awhost32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec\pcAnywhere\AWHPROBE.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\System32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-30 17:06:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 00:06
.
- - End Of File - - 923BBD62FD6E08512ADE57F3141A3346

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 30 January 2012 - 07:50 PM

Hello,
Your logs look alot better. I see some leftover avast services running we need to run the uninstaller for it.


1.

Uninstall Avast!


You should be able to remove Avast! products via Start > Control Panel > Add or Remove Programs.
If you need instructions on how to do so, please consult: How To Remove An Installed Program From Your Computer

The following removal utility can be used to uninstall the program if the uninstall via Add/remove does not work:

  • Download aswClear.exe on to your desktop.
  • Start Windows in Safe Mode.
  • Run aswClear.exe.
  • If you installed Avast! in a different folder than the default, browse for it.
    (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE.
  • Restart your computer.
Avast! should now be removed from your PC.


Original instructions can be found here:
http://www.avast.com/eng/faq-install-uninstall-avast.html



2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


3.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

4.Please run DDS again and Post the DDS.txt.



Things to include in your next reply::
MBAM log
Eset log
DDS.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 u2kid22

u2kid22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 31 January 2012 - 12:00 AM

Here are the three requested logs. The computer seams to be working normally at this time. What next?

mbam log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.01

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
mlmarlin :: CNU1020G8Q [administrator]

1/30/2012 8:12:40 PM
mbam-log-2012-01-30 (20-12-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220945
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\mlmarlin\AppData\Local\vef.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

esetscan log:
C:\Program Files\Windows Savevid Toolbar\del_DM_DLL_15.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_DM_DLL_29.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_DM_DLL_65.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_DM_DLL_7.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_DM_EXE_40.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_DM_EXE_87.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_DM_EXE_98.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_IEBHO_4.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_IEBHO_54.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\del_IEBHO_71.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files\Windows Savevid Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\mlmarlin\AppData\Local\gpt.exe.vir a variant of Win32/Kryptik.YEZ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\mlmarlin\AppData\Local\kxa.exe.vir a variant of Win32/Kryptik.YPT trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.01.2012_14.24.04\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined


dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by mlmarlin at 21:54:27 on 2012-01-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1903.1274 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Outdated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Outdated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rpcnet.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.episd.org
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DagentUI] c:\program files\altiris\dagent\dagentui.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
mRun: [ActivControl] c:\program files\activ software\activdriver\ActivControl2.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DATAMNGR] c:\progra~1\wi5c88~1\datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\pixela\mediabrowser le\MBCameraMonitor.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)
uPolicies-explorer: NoPropertiesMyDocuments = 1 (0x1)
uPolicies-explorer: ConfirmFileDelete = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{73F313AC-4043-4DF6-8DFF-7E059FC2BFC2} : DhcpNameServer = 10.254.8.5 10.254.8.6
TCP: Interfaces\{B8B4C4C5-877F-40D1-A81D-205AC8F9559D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8B4C4C5-877F-40D1-A81D-205AC8F9559D}\2375942554732333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B8B4C4C5-877F-40D1-A81D-205AC8F9559D}\5405943544 : DhcpNameServer = 10.254.8.7 10.254.8.4
Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: c:\progra~1\wi5c88~1\datamngr\datamngr.dll c:\progra~1\wi5c88~1\datamngr\iebho.dll c:\progra~1\sophos\sophos~1\sophos_detoured.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mlmarlin\appdata\roaming\mozilla\firefox\profiles\uadr0i6d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\windows savevid toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mlmarlin\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-2-23 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-2-23 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-2-23 38912]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2009-5-5 55936]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-23 224424]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2009-10-5 6144]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2011-1-25 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2011-1-25 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2011-1-25 21872]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2011-2-24 122360]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-2-23 81920]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2010-3-22 1254736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2010-8-23 103992]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-21 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-9-27 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-10-1 280120]
S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2011-2-24 635416]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-2-24 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-2-24 97520]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-2-24 1541360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-2-23 2320920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-21 246272]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-2-23 23928]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-24 1343400]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-2-23 22536]
.
=============== Created Last 30 ================
.
2012-01-31 03:24:28 -------- d-----w- c:\program files\ESET
2012-01-31 03:12:04 -------- d-----w- c:\users\mlmarlin\appdata\roaming\Malwarebytes
2012-01-31 03:12:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-31 03:12:00 -------- d-----w- c:\programdata\Malwarebytes
2012-01-31 03:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-31 00:01:29 -------- d-----w- C:\$RECYCLE.BIN
2012-01-30 23:59:41 -------- d-----w- c:\users\mlmarlin\appdata\local\temp
2012-01-30 23:45:09 46080 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2012-01-30 23:25:13 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-30 23:25:13 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-30 23:25:12 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-30 23:25:11 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-30 22:31:26 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-30 22:25:45 98816 ----a-w- c:\windows\sed.exe
2012-01-30 22:25:45 518144 ----a-w- c:\windows\SWREG.exe
2012-01-30 22:25:45 256000 ----a-w- c:\windows\PEV.exe
2012-01-30 22:25:45 208896 ----a-w- c:\windows\MBR.exe
2012-01-30 21:25:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-28 20:33:03 -------- d-----w- c:\programdata\AVAST Software
2012-01-28 20:33:03 -------- d-----w- c:\program files\AVAST Software
2012-01-08 22:09:29 -------- d-----w- c:\users\mlmarlin\appdata\local\{92DE7B2C-009A-4A0F-8297-C736EB3BC458}
2012-01-08 22:09:18 -------- d-----w- c:\users\mlmarlin\appdata\local\{CA82AA26-B3E3-4A47-94A2-FDC69169A7E2}
2012-01-06 16:03:56 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fb3c0eb1-816b-46b7-9cab-6740c9d1d869}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-31 03:06:14 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-01-31 03:06:12 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-01-30 21:28:33 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-12-26 17:47:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:54:53.92 ===============

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 31 January 2012 - 06:09 PM

Hello, u2kid22.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.




One of the most common questions found when cleaning malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 02 February 2012 - 06:34 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:52 PM

Posted 04 February 2012 - 11:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users