Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer still getting redirected in Firefox


  • This topic is locked This topic is locked
21 replies to this topic

#1 roadrash03

roadrash03

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 30 January 2012 - 12:59 AM

Hi everyone. I was recently posting on the "Am I infected? What do I do?" forums and have finally been sent here. So here is my situation. A few days ago, my anti virus protection software started detecting problems. Malwarebytes Anti-Malware detected "svchost.exe" as well as "exploit:Java/CVE-2011-3544.N" and "Exploit:Java/CVE-2011-3544.U". I have no clue what these mean. I have looked around but have had heard different things from different sites and people. From my understanding, the svchost.exe may not even be a problem because the exe helps run the computer but then again I believe it could be part of the virus trying to hide itself but I don't know. My second software is Microsoft Security Essentials. It detected "Trojan Dropper iWin32/sirefef.B". I ran the scans multiple times and had continued to try and remove the corrupt items. Everytime it asks me to restart, the computer comes back on but the corrupt items continue to pop up. Then when I started sometimes, I get a blue screen saying that it had shutdown do to possible danger to the computer. I was at the point where I would try to run anything on my computer, it asked me what I would like to run that program with. I have never had this happen before so I didn't know what was happening.

Broni was helping me in the other forum section. I was instructed to download the following programs:

Security Check
Farbar Service Scanner
MiniToolBox
Malwarebytes Anti-Malware
aswMBR


I ran all of them and posted the reports. I was then instructed to download TDSSKiller and run that. A few items were found so I removed them and posted the report. I jumped back and forth running aswMBR and other reports and posting them until I was finally instructed to download Temp File Cleaner and also ESET Online Scanner and run them and post results. I was then instructed to go to www.virustotal.com to scan "C:\Windows\assembly\GAC_32\Desktop.ini" but my computer couldn't find it. However, if I went to start and searched it there, I could find it. Not sure what was going on there but Broni figured it was gone. He figured that everything was clean by then however, I ran Malwarebytes Anti-Malware as well as aswMBR and they both found infections still remaining. I removed the one off of Malwarebytes. It was "svchost.exe" again. I also ran JavaRa as well to clean out the older Java but it failed at creating a report. I don't know what was wrong on it. I am not even sure if it even removed the older versions. I should also note that I am being redirected when I am searching through Google and click on a link. It doesn't take me to the link that I clicked on. It takes me somewhere else entirely.

To take a look at the conversation, process and reports between Broni and I, click here

So now he sent me here. I followed the Prep. Guide and followed it. I was able to do DDS so I will post the results below. However, since I have a 64-bit version of Windows, I could not do the GMER Log.


Here are my two reports:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Brett at 22:48:19 on 2012-01-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.4938 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\ZuneLauncher.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Brett\Downloads\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Brett\Downloads\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [StartCCC] "C:\Users\Brett\Downloads\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{82A2FC4C-22DF-48E0-A4FF-D22634D4E541} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Users\Brett\Downloads\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 94.63.240.133 www.google.com
Hosts: 94.63.240.134 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hmroox6g.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MotoHelper.exe;Motorola Helper;C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-9-14 6656]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files (x86)\WMZuneComm.exe [2010-9-24 306416]
.
=============== Created Last 30 ================
.
2012-01-30 04:21:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EAE8610-F536-4525-A27C-C9FB1F54AC38}\offreg.dll
2012-01-30 03:39:49 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-30 03:39:49 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-30 03:39:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-30 03:39:48 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-30 03:38:39 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-30 03:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-30 03:38:20 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-30 03:38:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-29 20:58:50 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EAE8610-F536-4525-A27C-C9FB1F54AC38}\mpengine.dll
2012-01-29 06:15:09 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-27 05:56:03 -------- d-----w- C:\Program Files (x86)\FB044
2012-01-27 05:55:31 -------- d-----w- C:\Program Files (x86)\LP
2012-01-27 05:55:04 -------- d-----we C:\Windows\system64
2012-01-22 06:18:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-07 04:04:34 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-01-07 04:04:34 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-01-07 02:29:44 -------- d-----w- C:\Windows\System32\SPReview
2012-01-07 02:29:01 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-07 02:28:03 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-01-07 02:28:03 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-01-07 02:26:59 94592 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2012-01-07 02:25:54 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-01-07 02:25:54 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-01-07 02:25:51 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-01-04 04:48:14 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-04 04:36:07 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2012-01-04 04:36:07 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2012-01-04 04:36:06 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2012-01-04 04:36:06 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2012-01-04 04:36:06 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2012-01-04 04:36:06 1118720 ----a-w- C:\Windows\System32\sbe.dll
2012-01-04 04:34:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-01-04 04:33:36 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-01-04 04:33:34 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-01-04 04:33:33 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
.
==================== Find3M ====================
.
2012-01-30 03:10:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 02:45:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-07 02:45:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-04 09:26:37 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-24 17:21:50 645872 ----a-w- C:\Program Files (x86)\UIX.renderapi.dll
2010-09-24 17:21:50 1526512 ----a-w- C:\Program Files (x86)\UIX.dll
2010-09-24 17:21:50 1284848 ----a-w- C:\Program Files (x86)\UIXcontrols.dll
2010-09-24 17:21:50 1243888 ----a-w- C:\Program Files (x86)\ZuneShell.dll
2010-09-24 17:21:50 1151728 ----a-w- C:\Program Files (x86)\ZuneDBApi.dll
2010-09-24 16:19:24 182784 ----a-w- C:\Program Files (x86)\l3codecp.acm
2010-09-24 15:49:20 856576 ----a-w- C:\Program Files (x86)\msvcp90.dll
2010-09-24 15:49:20 626688 ----a-w- C:\Program Files (x86)\msvcr90.dll
2010-09-24 15:49:20 245760 ----a-w- C:\Program Files (x86)\msvcm90.dll
2007-10-02 18:12:44 1642568 ----a-w- C:\Program Files (x86)\msidcrl40.dll
.
============= FINISH: 22:48:43.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 AM

Posted 30 January 2012 - 03:23 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 30 January 2012 - 08:37 PM

ComboFix 12-01-30.02 - Brett 01/30/2012 19:23:58.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6956 [GMT -6:00]
Running from: c:\users\Brett\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 01:27 . 2012-01-31 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 06:08 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8F0F9A0-0EEC-4801-8D75-C42129D6C075}\mpengine.dll
2012-01-30 03:39 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-30 03:39 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-30 03:39 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-30 03:39 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-30 03:38 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-30 03:38 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-30 03:38 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-30 03:38 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-30 03:14 . 2012-01-30 03:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-30 03:09 . 2012-01-30 03:09 -------- d-----w- c:\windows\system32\Macromed
2012-01-29 06:15 . 2012-01-29 06:15 -------- d-----w- c:\program files (x86)\ESET
2012-01-27 05:56 . 2012-01-27 05:56 -------- d-----w- c:\program files (x86)\FB044
2012-01-27 05:55 . 2012-01-27 05:55 -------- d-----we c:\windows\system64
2012-01-22 06:18 . 2012-01-22 06:18 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-22 04:07 . 2012-01-22 04:07 -------- d-----w- c:\windows\Sun
2012-01-07 04:04 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-01-07 04:04 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-01-07 02:29 . 2012-01-07 02:29 -------- d-----w- c:\windows\system32\SPReview
2012-01-07 02:29 . 2012-01-07 02:29 -------- d-----w- c:\windows\system32\EventProviders
2012-01-07 02:28 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-07 02:28 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-01-07 02:26 . 2010-11-20 13:33 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2012-01-07 02:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-01-07 02:25 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-01-07 02:25 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-01-04 04:48 . 2012-01-04 04:48 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-04 04:36 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-01-04 04:36 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-01-04 04:36 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-01-04 04:36 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-01-04 04:36 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-01-04 04:36 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-01-04 04:34 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-01-04 04:33 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-04 04:33 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-04 04:33 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 03:10 . 2011-09-15 03:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 02:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-07 02:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-06 03:15 . 2010-05-20 00:38 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-05-19 05:17 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 21:24 . 2010-05-19 05:17 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 11:54 . 2010-08-29 23:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-09-24 17:21 . 2010-09-24 17:21 645872 ----a-w- c:\program files (x86)\UIX.renderapi.dll
2010-09-24 17:21 . 2010-09-24 17:21 1526512 ----a-w- c:\program files (x86)\UIX.dll
2010-09-24 17:21 . 2010-09-24 17:21 1284848 ----a-w- c:\program files (x86)\UIXcontrols.dll
2010-09-24 17:21 . 2010-09-24 17:21 1243888 ----a-w- c:\program files (x86)\ZuneShell.dll
2010-09-24 17:21 . 2010-09-24 17:21 1151728 ----a-w- c:\program files (x86)\ZuneDBApi.dll
2010-09-24 17:17 . 2010-09-24 17:17 27888 ----a-w- c:\program files (x86)\WMZuneTCP2UDP.dll
2010-09-24 17:17 . 2010-09-24 17:17 21232 ----a-w- c:\program files (x86)\WMZuneDTPTDNS.dll
2010-09-24 17:17 . 2010-09-24 17:17 18672 ----a-w- c:\program files (x86)\WMZuneCommProxyStub.dll
2010-09-24 17:17 . 2010-09-24 17:17 9456 ----a-w- c:\program files (x86)\ZuneWmduResources.dll
2010-09-24 17:17 . 2010-09-24 17:17 916208 ----a-w- c:\program files (x86)\ZuneQP.dll
2010-09-24 17:17 . 2010-09-24 17:17 896240 ----a-w- c:\program files (x86)\ZuneWmdu.dll
2010-09-24 17:17 . 2010-09-24 17:17 74480 ----a-w- c:\program files (x86)\ZuneShellExt.dll
2010-09-24 17:17 . 2010-09-24 17:17 683760 ----a-w- c:\program files (x86)\ZuneSH.dll
2010-09-24 17:17 . 2010-09-24 17:17 514288 ----a-w- c:\program files (x86)\ZuneSE.dll
2010-09-24 17:17 . 2010-09-24 17:17 507120 ----a-w- c:\program files (x86)\ZuneSP.dll
2010-09-24 17:17 . 2010-09-24 17:17 366320 ----a-w- c:\program files (x86)\ZuneSrcWrp.dll
2010-09-24 17:17 . 2010-09-24 17:17 306416 ----a-w- c:\program files (x86)\WMZuneComm.exe
2010-09-24 17:17 . 2010-09-24 17:17 195312 ----a-w- c:\program files (x86)\ZuneZMDB.Mobile.dll
2010-09-24 17:17 . 2010-09-24 17:17 17648 ----a-w- c:\program files (x86)\ZuneShare.exe
2010-09-24 17:17 . 2010-09-24 17:17 16873712 ----a-w- c:\program files (x86)\ZuneShellResources.dll
2010-09-24 17:17 . 2010-09-24 17:17 157936 ----a-w- c:\program files (x86)\ZuneZMDB.Library.dll
2010-09-24 17:17 . 2010-09-24 17:17 156912 ----a-w- c:\program files (x86)\ZuneZMDB.ZuneHD.dll
2010-09-24 17:17 . 2010-09-24 17:17 155888 ----a-w- c:\program files (x86)\ZuneSA.dll
2010-09-24 17:17 . 2010-09-24 17:17 152304 ----a-w- c:\program files (x86)\ZuneZMDB.Classic.dll
2010-09-24 17:17 . 2010-09-24 17:17 1404144 ----a-w- c:\program files (x86)\ZuneResources.dll
2010-09-24 17:17 . 2010-09-24 17:17 1388272 ----a-w- c:\program files (x86)\ZuneSetup.exe
2010-09-24 17:17 . 2010-09-24 17:17 1240304 ----a-w- c:\program files (x86)\ZuneService.dll
2010-09-24 17:17 . 2010-09-24 17:17 100080 ----a-w- c:\program files (x86)\ZuneTaskbar.dll
2010-09-24 17:17 . 2010-09-24 17:17 9971440 ----a-w- c:\program files (x86)\ZuneNativeLib.dll
2010-09-24 17:17 . 2010-09-24 17:17 855280 ----a-w- c:\program files (x86)\ZuneMBR.dll
2010-09-24 17:17 . 2010-09-24 17:17 8251120 ----a-w- c:\program files (x86)\ZuneNss.exe
2010-09-24 17:17 . 2010-09-24 17:17 72944 ----a-w- c:\program files (x86)\ZuneDXVA2.dll
2010-09-24 17:17 . 2010-09-24 17:17 707824 ----a-w- c:\program files (x86)\ZUNEMP4SDECD.dll
2010-09-24 17:17 . 2010-09-24 17:17 61680 ----a-w- c:\program files (x86)\ZuneCfg.dll
2010-09-24 17:17 . 2010-09-24 17:17 56560 ----a-w- c:\program files (x86)\ZuneConfig.exe
2010-09-24 17:17 . 2010-09-24 17:17 38640 ----a-w- c:\program files (x86)\ZuneEnc.exe
2010-09-24 17:17 . 2010-09-24 17:17 376560 ----a-w- c:\program files (x86)\ZuneEvr.dll
2010-09-24 17:17 . 2010-09-24 17:17 35568 ----a-w- c:\program files (x86)\UIXsup.dll
2010-09-24 17:17 . 2010-09-24 17:17 347888 ----a-w- c:\program files (x86)\ZuneNssci.dll
2010-09-24 17:17 . 2010-09-24 17:17 223472 ----a-w- c:\program files (x86)\Zune.exe
2010-09-24 17:17 . 2010-09-24 17:17 218864 ----a-w- c:\program files (x86)\ZuneHost.exe
2010-09-24 17:17 . 2010-09-24 17:17 212208 ----a-w- c:\program files (x86)\ZuneDB.dll
2010-09-24 17:17 . 2010-09-24 17:17 2109680 ----a-w- c:\program files (x86)\ZuneEncEng.dll
2010-09-24 17:17 . 2010-09-24 17:17 20720 ----a-w- c:\program files (x86)\ZunePS.dll
2010-09-24 17:17 . 2010-09-24 17:17 1744624 ----a-w- c:\program files (x86)\UIXrender.dll
2010-09-24 17:17 . 2010-09-24 17:17 163568 ----a-w- c:\program files (x86)\ZuneLauncher.exe
2010-09-24 17:17 . 2010-09-24 17:17 1464560 ----a-w- c:\program files (x86)\ZuneCore.dll
2010-09-24 17:17 . 2010-09-24 17:17 130800 ----a-w- c:\program files (x86)\ZunePresenter.dll
2010-09-24 17:17 . 2010-09-24 17:17 129264 ----a-w- c:\program files (x86)\ZuneEffects.dll
2010-09-24 17:17 . 2010-09-24 17:17 121072 ----a-w- c:\program files (x86)\ZuneAACDec.dll
2010-09-24 17:17 . 2010-09-24 17:17 1184496 ----a-w- c:\program files (x86)\ZuneH264Dec.dll
2010-09-24 17:17 . 2010-09-24 17:17 1161456 ----a-w- c:\program files (x86)\ZuneMde.dll
2010-09-24 17:17 . 2010-09-24 17:17 1084144 ----a-w- c:\program files (x86)\ZuneMarketplaceResources.dll
2010-09-24 16:19 . 2010-09-24 16:19 182784 ----a-w- c:\program files (x86)\l3codecp.acm
2010-09-24 15:49 . 2010-09-24 15:49 856576 ----a-w- c:\program files (x86)\msvcp90.dll
2010-09-24 15:49 . 2010-09-24 15:49 626688 ----a-w- c:\program files (x86)\msvcr90.dll
2010-09-24 15:49 . 2010-09-24 15:49 245760 ----a-w- c:\program files (x86)\msvcm90.dll
2007-10-02 18:12 . 2007-10-02 18:12 1642568 ----a-w- c:\program files (x86)\msidcrl40.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_01.13.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-19 05:40 . 2012-01-31 01:22 29444 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-31 01:22 33802 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-19 05:40 . 2012-01-31 01:22 29444 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-31 01:22 33802 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-19 05:00 . 2012-01-31 01:22 8416 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181718206-1115464263-796121684-1000_UserData.bin
+ 2010-05-19 05:00 . 2012-01-31 01:22 8416 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181718206-1115464263-796121684-1000_UserData.bin
+ 2012-01-31 01:28 . 2012-01-31 01:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-31 01:13 . 2012-01-31 01:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-01-31 01:12 457952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-31 01:28 457952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [2010-05-25 5475403]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-09 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\users\Brett\Downloads\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2010-5-19 116056]
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe [2010-9-23 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files (x86)\WMZuneComm.exe [2010-09-24 306416]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1446504]
"Zune Launcher"="c:\program files (x86)\ZuneLauncher.exe" [2010-09-24 163568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hmroox6g.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
.
**************************************************************************
.
Completion time: 2012-01-30 19:32:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 01:32
ComboFix2.txt 2012-01-31 01:18
.
Pre-Run: 33,607,938,048 bytes free
Post-Run: 33,518,252,032 bytes free
.
- - End Of File - - A75494AC7511F4D397488536AE48669E



No problems right now. Computer seems to be running ok but it felt normal before too but there were still problems like being redirected in google search. Also, am I able to turn my antivirus back on now?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 AM

Posted 30 January 2012 - 09:19 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 30 January 2012 - 09:24 PM

20:23:04.0425 2420 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
20:23:04.0924 2420 ============================================================
20:23:04.0924 2420 Current date / time: 2012/01/30 20:23:04.0924
20:23:04.0924 2420 SystemInfo:
20:23:04.0924 2420
20:23:04.0924 2420 OS Version: 6.1.7601 ServicePack: 1.0
20:23:04.0924 2420 Product type: Workstation
20:23:04.0924 2420 ComputerName: BRETT-PC
20:23:04.0924 2420 UserName: Brett
20:23:04.0924 2420 Windows directory: C:\Windows
20:23:04.0924 2420 System windows directory: C:\Windows
20:23:04.0924 2420 Running under WOW64
20:23:04.0924 2420 Processor architecture: Intel x64
20:23:04.0924 2420 Number of processors: 4
20:23:04.0924 2420 Page size: 0x1000
20:23:04.0924 2420 Boot type: Normal boot
20:23:04.0924 2420 ============================================================
20:23:06.0750 2420 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:23:06.0828 2420 \Device\Harddisk0\DR0:
20:23:06.0828 2420 MBR used
20:23:06.0828 2420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:23:06.0828 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:23:06.0828 2420 Initialize success
20:23:06.0828 2420 ============================================================
20:23:15.0938 3348 ============================================================
20:23:15.0938 3348 Scan started
20:23:15.0938 3348 Mode: Manual;
20:23:15.0938 3348 ============================================================
20:23:16.0359 3348 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:23:16.0390 3348 1394ohci - ok
20:23:16.0437 3348 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
20:23:16.0468 3348 61883 - ok
20:23:16.0578 3348 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:23:16.0593 3348 ACPI - ok
20:23:16.0609 3348 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:23:16.0624 3348 AcpiPmi - ok
20:23:16.0671 3348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:16.0687 3348 adp94xx - ok
20:23:16.0702 3348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:23:16.0718 3348 adpahci - ok
20:23:16.0765 3348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:23:16.0765 3348 adpu320 - ok
20:23:16.0780 3348 Afc - ok
20:23:16.0843 3348 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:23:16.0874 3348 AFD - ok
20:23:16.0890 3348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:23:16.0890 3348 agp440 - ok
20:23:16.0921 3348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:23:16.0921 3348 aliide - ok
20:23:16.0952 3348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:23:16.0952 3348 amdide - ok
20:23:16.0983 3348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:23:16.0999 3348 AmdK8 - ok
20:23:17.0202 3348 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:17.0311 3348 amdkmdag - ok
20:23:17.0326 3348 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
20:23:17.0342 3348 amdkmdap - ok
20:23:17.0389 3348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:23:17.0420 3348 AmdPPM - ok
20:23:17.0451 3348 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:23:17.0467 3348 amdsata - ok
20:23:17.0514 3348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:17.0514 3348 amdsbs - ok
20:23:17.0545 3348 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:23:17.0545 3348 amdxata - ok
20:23:17.0576 3348 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:23:17.0576 3348 AppID - ok
20:23:17.0638 3348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:23:17.0638 3348 arc - ok
20:23:17.0654 3348 archlp - ok
20:23:17.0670 3348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:23:17.0670 3348 arcsas - ok
20:23:17.0716 3348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:17.0716 3348 AsyncMac - ok
20:23:17.0732 3348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:23:17.0732 3348 atapi - ok
20:23:17.0810 3348 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
20:23:17.0810 3348 AtiHdmiService - ok
20:23:17.0904 3348 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
20:23:17.0919 3348 Avc - ok
20:23:17.0966 3348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:23:17.0982 3348 b06bdrv - ok
20:23:17.0997 3348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:23:18.0013 3348 b57nd60a - ok
20:23:18.0060 3348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:23:18.0060 3348 Beep - ok
20:23:18.0138 3348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:18.0153 3348 blbdrive - ok
20:23:18.0184 3348 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:23:18.0200 3348 bowser - ok
20:23:18.0200 3348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:18.0216 3348 BrFiltLo - ok
20:23:18.0216 3348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:18.0216 3348 BrFiltUp - ok
20:23:18.0231 3348 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:23:18.0231 3348 BridgeMP - ok
20:23:18.0262 3348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:23:18.0262 3348 Brserid - ok
20:23:18.0278 3348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:18.0278 3348 BrSerWdm - ok
20:23:18.0278 3348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:18.0294 3348 BrUsbMdm - ok
20:23:18.0294 3348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:18.0294 3348 BrUsbSer - ok
20:23:18.0340 3348 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
20:23:18.0356 3348 BTCFilterService - ok
20:23:18.0372 3348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:18.0372 3348 BTHMODEM - ok
20:23:18.0387 3348 catchme - ok
20:23:18.0418 3348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:23:18.0418 3348 cdfs - ok
20:23:18.0481 3348 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:23:18.0621 3348 cdrom - ok
20:23:18.0668 3348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:23:18.0684 3348 circlass - ok
20:23:18.0730 3348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:23:18.0730 3348 CLFS - ok
20:23:18.0762 3348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:18.0777 3348 CmBatt - ok
20:23:18.0808 3348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:23:18.0808 3348 cmdide - ok
20:23:18.0824 3348 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:23:18.0824 3348 CNG - ok
20:23:18.0855 3348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:23:18.0855 3348 Compbatt - ok
20:23:18.0871 3348 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:23:18.0886 3348 CompositeBus - ok
20:23:18.0902 3348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:18.0902 3348 crcdisk - ok
20:23:18.0964 3348 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:23:18.0980 3348 CSC - ok
20:23:19.0027 3348 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:23:19.0058 3348 DfsC - ok
20:23:19.0074 3348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:23:19.0074 3348 discache - ok
20:23:19.0089 3348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:23:19.0089 3348 Disk - ok
20:23:19.0136 3348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:23:19.0152 3348 drmkaud - ok
20:23:19.0198 3348 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:23:19.0214 3348 DXGKrnl - ok
20:23:19.0308 3348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:23:19.0354 3348 ebdrv - ok
20:23:19.0386 3348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:23:19.0386 3348 elxstor - ok
20:23:19.0401 3348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:23:19.0417 3348 ErrDev - ok
20:23:19.0464 3348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:23:19.0479 3348 exfat - ok
20:23:19.0495 3348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:23:19.0510 3348 fastfat - ok
20:23:19.0573 3348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:23:19.0588 3348 fdc - ok
20:23:19.0620 3348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:23:19.0620 3348 FileInfo - ok
20:23:19.0635 3348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:23:19.0666 3348 Filetrace - ok
20:23:19.0713 3348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:19.0729 3348 flpydisk - ok
20:23:19.0776 3348 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:23:19.0776 3348 FltMgr - ok
20:23:19.0807 3348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:23:19.0807 3348 FsDepends - ok
20:23:19.0822 3348 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:23:19.0822 3348 Fs_Rec - ok
20:23:19.0869 3348 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:23:19.0885 3348 fvevol - ok
20:23:19.0900 3348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:19.0900 3348 gagp30kx - ok
20:23:19.0932 3348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:23:19.0947 3348 hcw85cir - ok
20:23:19.0978 3348 hcwhdpvr (9010fa16badfde702e8dfeb26e19e0e9) C:\Windows\system32\DRIVERS\hcwhdpvr.sys
20:23:20.0025 3348 hcwhdpvr - ok
20:23:20.0072 3348 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:23:20.0103 3348 HdAudAddService - ok
20:23:20.0166 3348 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:23:20.0181 3348 HDAudBus - ok
20:23:20.0212 3348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:20.0228 3348 HidBatt - ok
20:23:20.0259 3348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:23:20.0259 3348 HidBth - ok
20:23:20.0290 3348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:23:20.0290 3348 HidIr - ok
20:23:20.0337 3348 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:23:20.0353 3348 HidUsb - ok
20:23:20.0400 3348 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:23:20.0400 3348 HpSAMD - ok
20:23:20.0462 3348 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:23:20.0524 3348 HTTP - ok
20:23:20.0571 3348 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:23:20.0571 3348 hwpolicy - ok
20:23:20.0649 3348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:23:20.0680 3348 i8042prt - ok
20:23:20.0727 3348 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:23:20.0743 3348 iaStorV - ok
20:23:20.0774 3348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:23:20.0774 3348 iirsp - ok
20:23:20.0805 3348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:23:20.0805 3348 intelide - ok
20:23:20.0836 3348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:23:20.0852 3348 intelppm - ok
20:23:20.0899 3348 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:23:20.0914 3348 IpFilterDriver - ok
20:23:20.0930 3348 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:23:20.0946 3348 IPMIDRV - ok
20:23:20.0961 3348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:23:20.0961 3348 IPNAT - ok
20:23:20.0977 3348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:23:20.0992 3348 IRENUM - ok
20:23:21.0008 3348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:23:21.0008 3348 isapnp - ok
20:23:21.0024 3348 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:23:21.0024 3348 iScsiPrt - ok
20:23:21.0039 3348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:23:21.0039 3348 kbdclass - ok
20:23:21.0055 3348 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:23:21.0086 3348 kbdhid - ok
20:23:21.0133 3348 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:23:21.0133 3348 KSecDD - ok
20:23:21.0164 3348 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:23:21.0164 3348 KSecPkg - ok
20:23:21.0226 3348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:23:21.0242 3348 ksthunk - ok
20:23:21.0289 3348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:23:21.0304 3348 lltdio - ok
20:23:21.0336 3348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:21.0336 3348 LSI_FC - ok
20:23:21.0367 3348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:21.0367 3348 LSI_SAS - ok
20:23:21.0398 3348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:21.0414 3348 LSI_SAS2 - ok
20:23:21.0429 3348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:21.0429 3348 LSI_SCSI - ok
20:23:21.0460 3348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:23:21.0492 3348 luafv - ok
20:23:21.0507 3348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:23:21.0507 3348 megasas - ok
20:23:21.0523 3348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:21.0523 3348 MegaSR - ok
20:23:21.0585 3348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:23:21.0601 3348 Modem - ok
20:23:21.0663 3348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:23:21.0694 3348 monitor - ok
20:23:21.0726 3348 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
20:23:21.0741 3348 motandroidusb - ok
20:23:21.0835 3348 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
20:23:21.0866 3348 MotoSwitchService - ok
20:23:21.0882 3348 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
20:23:21.0882 3348 Motousbnet - ok
20:23:21.0913 3348 motport (6cbc0f4005593c96c9aecad39f0690fc) C:\Windows\system32\DRIVERS\motport.sys
20:23:21.0960 3348 motport - ok
20:23:21.0991 3348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:23:21.0991 3348 mouclass - ok
20:23:22.0022 3348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:23:22.0038 3348 mouhid - ok
20:23:22.0053 3348 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:23:22.0053 3348 mountmgr - ok
20:23:22.0100 3348 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
20:23:22.0100 3348 MpFilter - ok
20:23:22.0131 3348 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:23:22.0147 3348 mpio - ok
20:23:22.0178 3348 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:23:22.0178 3348 MpNWMon - ok
20:23:22.0194 3348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:23:22.0225 3348 mpsdrv - ok
20:23:22.0272 3348 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:23:22.0303 3348 MRxDAV - ok
20:23:22.0334 3348 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:22.0365 3348 mrxsmb - ok
20:23:22.0381 3348 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:22.0396 3348 mrxsmb10 - ok
20:23:22.0428 3348 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:22.0428 3348 mrxsmb20 - ok
20:23:22.0459 3348 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:23:22.0459 3348 msahci - ok
20:23:22.0490 3348 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:23:22.0490 3348 msdsm - ok
20:23:22.0552 3348 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
20:23:22.0568 3348 MSDV - ok
20:23:22.0584 3348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:23:22.0584 3348 Msfs - ok
20:23:22.0599 3348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:23:22.0615 3348 mshidkmdf - ok
20:23:22.0662 3348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:23:22.0662 3348 msisadrv - ok
20:23:22.0708 3348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:23:22.0740 3348 MSKSSRV - ok
20:23:22.0755 3348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:22.0771 3348 MSPCLOCK - ok
20:23:22.0771 3348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:23:22.0786 3348 MSPQM - ok
20:23:22.0864 3348 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:23:22.0864 3348 MsRPC - ok
20:23:22.0896 3348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:23:22.0896 3348 mssmbios - ok
20:23:22.0927 3348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:23:22.0942 3348 MSTEE - ok
20:23:22.0958 3348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:22.0989 3348 MTConfig - ok
20:23:23.0020 3348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:23:23.0020 3348 Mup - ok
20:23:23.0098 3348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:23:23.0130 3348 NativeWifiP - ok
20:23:23.0239 3348 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:23:23.0254 3348 NDIS - ok
20:23:23.0286 3348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:23.0301 3348 NdisCap - ok
20:23:23.0364 3348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:23.0379 3348 NdisTapi - ok
20:23:23.0426 3348 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:23.0442 3348 Ndisuio - ok
20:23:23.0488 3348 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:23.0520 3348 NdisWan - ok
20:23:23.0551 3348 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:23:23.0582 3348 NDProxy - ok
20:23:23.0598 3348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:23:23.0598 3348 NetBIOS - ok
20:23:23.0644 3348 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:23:23.0676 3348 NetBT - ok
20:23:23.0738 3348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:23.0738 3348 nfrd960 - ok
20:23:23.0785 3348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:23:23.0816 3348 Npfs - ok
20:23:23.0832 3348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:23:23.0863 3348 nsiproxy - ok
20:23:23.0910 3348 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:23:23.0925 3348 Ntfs - ok
20:23:23.0956 3348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:23:23.0956 3348 Null - ok
20:23:24.0019 3348 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:23:24.0019 3348 nvraid - ok
20:23:24.0034 3348 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:23:24.0050 3348 nvstor - ok
20:23:24.0066 3348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:23:24.0081 3348 nv_agp - ok
20:23:24.0175 3348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:23:24.0206 3348 ohci1394 - ok
20:23:24.0253 3348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:23:24.0253 3348 Parport - ok
20:23:24.0268 3348 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:23:24.0268 3348 partmgr - ok
20:23:24.0284 3348 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:23:24.0300 3348 pci - ok
20:23:24.0315 3348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:23:24.0315 3348 pciide - ok
20:23:24.0346 3348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:24.0346 3348 pcmcia - ok
20:23:24.0424 3348 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
20:23:24.0424 3348 pcouffin - ok
20:23:24.0440 3348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:23:24.0440 3348 pcw - ok
20:23:24.0456 3348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:23:24.0471 3348 PEAUTH - ok
20:23:24.0518 3348 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:23:24.0518 3348 PptpMiniport - ok
20:23:24.0549 3348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:23:24.0565 3348 Processor - ok
20:23:24.0612 3348 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:23:24.0612 3348 Psched - ok
20:23:24.0658 3348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:23:24.0674 3348 ql2300 - ok
20:23:24.0690 3348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:23:24.0690 3348 ql40xx - ok
20:23:24.0736 3348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:23:24.0736 3348 QWAVEdrv - ok
20:23:24.0752 3348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:23:24.0768 3348 RasAcd - ok
20:23:24.0814 3348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:23:24.0814 3348 RasAgileVpn - ok
20:23:24.0892 3348 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:23:24.0924 3348 Rasl2tp - ok
20:23:24.0955 3348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:23:24.0955 3348 RasPppoe - ok
20:23:25.0017 3348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:23:25.0033 3348 RasSstp - ok
20:23:25.0095 3348 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:23:25.0126 3348 rdbss - ok
20:23:25.0142 3348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:23:25.0158 3348 rdpbus - ok
20:23:25.0158 3348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:23:25.0173 3348 RDPCDD - ok
20:23:25.0220 3348 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:23:25.0236 3348 RDPDR - ok
20:23:25.0267 3348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:23:25.0282 3348 RDPENCDD - ok
20:23:25.0298 3348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:23:25.0298 3348 RDPREFMP - ok
20:23:25.0392 3348 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:23:25.0423 3348 RdpVideoMiniport - ok
20:23:25.0438 3348 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:23:25.0470 3348 RDPWD - ok
20:23:25.0516 3348 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:23:25.0516 3348 rdyboost - ok
20:23:25.0579 3348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:23:25.0610 3348 rspndr - ok
20:23:25.0657 3348 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:23:25.0688 3348 RTL8167 - ok
20:23:25.0719 3348 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:23:25.0735 3348 s3cap - ok
20:23:25.0766 3348 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:23:25.0766 3348 sbp2port - ok
20:23:25.0782 3348 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:23:25.0797 3348 scfilter - ok
20:23:25.0828 3348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:23:25.0844 3348 secdrv - ok
20:23:25.0860 3348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:23:25.0860 3348 Serenum - ok
20:23:25.0875 3348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:23:25.0891 3348 Serial - ok
20:23:25.0969 3348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:23:25.0984 3348 sermouse - ok
20:23:26.0031 3348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:23:26.0062 3348 sffdisk - ok
20:23:26.0078 3348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:23:26.0094 3348 sffp_mmc - ok
20:23:26.0094 3348 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:23:26.0109 3348 sffp_sd - ok
20:23:26.0125 3348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:23:26.0140 3348 sfloppy - ok
20:23:26.0172 3348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:23:26.0172 3348 SiSRaid2 - ok
20:23:26.0203 3348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:23:26.0203 3348 SiSRaid4 - ok
20:23:26.0250 3348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:23:26.0281 3348 Smb - ok
20:23:26.0296 3348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:23:26.0296 3348 spldr - ok
20:23:26.0359 3348 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:23:26.0390 3348 srv - ok
20:23:26.0406 3348 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:23:26.0421 3348 srv2 - ok
20:23:26.0437 3348 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:23:26.0452 3348 srvnet - ok
20:23:26.0499 3348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:23:26.0499 3348 stexstor - ok
20:23:26.0562 3348 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:23:26.0562 3348 storflt - ok
20:23:26.0593 3348 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:23:26.0593 3348 storvsc - ok
20:23:26.0624 3348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:23:26.0624 3348 swenum - ok
20:23:26.0686 3348 Synth3dVsc - ok
20:23:26.0780 3348 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:23:26.0796 3348 Tcpip - ok
20:23:26.0811 3348 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:23:26.0827 3348 TCPIP6 - ok
20:23:26.0858 3348 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:23:26.0874 3348 tcpipreg - ok
20:23:26.0920 3348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:23:26.0936 3348 TDPIPE - ok
20:23:26.0952 3348 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:23:26.0967 3348 TDTCP - ok
20:23:27.0030 3348 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:23:27.0076 3348 tdx - ok
20:23:27.0092 3348 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:23:27.0092 3348 TermDD - ok
20:23:27.0123 3348 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:23:27.0139 3348 tssecsrv - ok
20:23:27.0217 3348 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:23:27.0248 3348 TsUsbFlt - ok
20:23:27.0248 3348 tsusbhub - ok
20:23:27.0310 3348 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:23:27.0342 3348 tunnel - ok
20:23:27.0357 3348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:23:27.0357 3348 uagp35 - ok
20:23:27.0420 3348 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:23:27.0451 3348 udfs - ok
20:23:27.0482 3348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:23:27.0482 3348 uliagpkx - ok
20:23:27.0513 3348 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:23:27.0529 3348 umbus - ok
20:23:27.0529 3348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:23:27.0544 3348 UmPass - ok
20:23:27.0591 3348 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:23:27.0622 3348 usbaudio - ok
20:23:27.0669 3348 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:23:27.0685 3348 usbccgp - ok
20:23:27.0716 3348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:23:27.0747 3348 usbcir - ok
20:23:27.0778 3348 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:23:27.0778 3348 usbehci - ok
20:23:27.0810 3348 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:23:27.0825 3348 usbhub - ok
20:23:27.0841 3348 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:23:27.0841 3348 usbohci - ok
20:23:27.0872 3348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:23:27.0872 3348 usbprint - ok
20:23:27.0919 3348 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:23:27.0934 3348 usbscan - ok
20:23:27.0966 3348 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
20:23:27.0981 3348 USBSTOR - ok
20:23:27.0997 3348 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:23:27.0997 3348 usbuhci - ok
20:23:28.0028 3348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:23:28.0028 3348 vdrvroot - ok
20:23:28.0059 3348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:23:28.0059 3348 vga - ok
20:23:28.0090 3348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:23:28.0090 3348 VgaSave - ok
20:23:28.0122 3348 VGPU - ok
20:23:28.0153 3348 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:23:28.0153 3348 vhdmp - ok
20:23:28.0184 3348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:23:28.0184 3348 viaide - ok
20:23:28.0246 3348 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:23:28.0262 3348 vmbus - ok
20:23:28.0278 3348 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:23:28.0309 3348 VMBusHID - ok
20:23:28.0340 3348 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:23:28.0340 3348 volmgr - ok
20:23:28.0371 3348 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:23:28.0387 3348 volmgrx - ok
20:23:28.0402 3348 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:23:28.0418 3348 volsnap - ok
20:23:28.0449 3348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:23:28.0449 3348 vsmraid - ok
20:23:28.0465 3348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:23:28.0480 3348 vwifibus - ok
20:23:28.0496 3348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:23:28.0512 3348 WacomPen - ok
20:23:28.0574 3348 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:23:28.0605 3348 WANARP - ok
20:23:28.0605 3348 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:23:28.0605 3348 Wanarpv6 - ok
20:23:28.0652 3348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:23:28.0652 3348 Wd - ok
20:23:28.0683 3348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:23:28.0683 3348 Wdf01000 - ok
20:23:28.0746 3348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:23:28.0777 3348 WfpLwf - ok
20:23:28.0792 3348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:23:28.0792 3348 WIMMount - ok
20:23:28.0839 3348 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:23:28.0855 3348 WinUsb - ok
20:23:28.0902 3348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:23:28.0917 3348 WmiAcpi - ok
20:23:28.0964 3348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:23:28.0964 3348 ws2ifsl - ok
20:23:28.0995 3348 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:23:29.0011 3348 WudfPf - ok
20:23:29.0042 3348 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:23:29.0058 3348 WUDFRd - ok
20:23:29.0104 3348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:23:29.0167 3348 \Device\Harddisk0\DR0 - ok
20:23:29.0167 3348 Boot (0x1200) (946efc3083a327fae2fdbf422230885f) \Device\Harddisk0\DR0\Partition0
20:23:29.0167 3348 \Device\Harddisk0\DR0\Partition0 - ok
20:23:29.0182 3348 Boot (0x1200) (4c82af2e650149f005a597dadd4cce6f) \Device\Harddisk0\DR0\Partition1
20:23:29.0182 3348 \Device\Harddisk0\DR0\Partition1 - ok
20:23:29.0182 3348 ============================================================
20:23:29.0182 3348 Scan finished
20:23:29.0182 3348 ============================================================
20:23:29.0198 3280 Detected object count: 0
20:23:29.0198 3280 Actual detected object count: 0

#6 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 30 January 2012 - 09:26 PM

It looks like it didn't find anything yet the last time I ran aswMBR, it found a threat. Of course, I ran it after my last topic but before this one. I am not sure if it is still there because I haven't ran anything until you tell me too. Should I run that and see if it still exists?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 AM

Posted 30 January 2012 - 09:41 PM

I want to see what it finds


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 30 January 2012 - 10:03 PM

Yep, it found it again.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-29 22:07:27
-----------------------------
22:07:27.851 OS Version: Windows x64 6.1.7601 Service Pack 1
22:07:27.851 Number of processors: 4 586 0x403
22:07:27.851 ComputerName: BRETT-PC UserName: Brett
22:07:28.709 Initialize success
22:07:34.762 AVAST engine defs: 12012900
22:07:37.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
22:07:37.664 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
22:07:37.695 Disk 0 MBR read successfully
22:07:37.695 Disk 0 MBR scan
22:07:37.711 Disk 0 Windows 7 default MBR code
22:07:37.711 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:07:37.742 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:07:37.773 Service scanning
22:07:42.921 Modules scanning
22:07:42.921 Disk 0 trace - called modules:
22:07:42.952 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:07:42.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b0b060]
22:07:42.968 3 CLASSPNP.SYS[fffff8800199643f] -> nt!IofCallDriver -> [0xfffffa800785f580]
22:07:43.202 5 ACPI.sys[fffff88000e2f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007863060]
22:07:44.013 AVAST engine scan C:\Windows
22:07:47.086 AVAST engine scan C:\Windows\system32
22:12:00.946 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
22:14:03.016 AVAST engine scan C:\Windows\system32\drivers
22:14:31.533 AVAST engine scan C:\Users\Brett
22:25:06.189 AVAST engine scan C:\ProgramData
22:25:38.808 Scan finished successfully
22:26:28.978 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
22:26:28.978 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 00:12:45
-----------------------------
00:12:45.741 OS Version: Windows x64 6.1.7601 Service Pack 1
00:12:45.741 Number of processors: 4 586 0x403
00:12:45.741 ComputerName: BRETT-PC UserName: Brett
00:12:46.771 Initialize success
00:12:50.359 AVAST engine defs: 12012900
00:13:33.165 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
00:13:33.165 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
00:13:33.197 Disk 0 MBR read successfully
00:13:33.197 Disk 0 MBR scan
00:13:33.197 Disk 0 Windows 7 default MBR code
00:13:33.212 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:13:33.243 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
00:13:33.275 Service scanning
00:13:37.315 Modules scanning
00:13:37.315 Disk 0 trace - called modules:
00:13:37.331 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
00:13:37.331 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b0b060]
00:13:37.331 3 CLASSPNP.SYS[fffff8800199643f] -> nt!IofCallDriver -> [0xfffffa800785f580]
00:13:37.331 5 ACPI.sys[fffff88000e2f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007863060]
00:13:39.249 AVAST engine scan C:\Windows
00:14:31.478 AVAST engine scan C:\Windows\system32
00:17:36.822 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
00:18:41.828 AVAST engine scan C:\Windows\system32\drivers
00:18:56.850 AVAST engine scan C:\Users\Brett
00:27:49.108 AVAST engine scan C:\ProgramData
00:28:23.537 Scan finished successfully
00:28:38.029 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
00:28:38.045 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 20:45:34
-----------------------------
20:45:34.655 OS Version: Windows x64 6.1.7601 Service Pack 1
20:45:34.655 Number of processors: 4 586 0x403
20:45:34.655 ComputerName: BRETT-PC UserName: Brett
20:45:35.763 Initialize success
20:48:18.613 AVAST engine defs: 12013000
20:48:37.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
20:48:37.131 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
20:48:37.146 Disk 0 MBR read successfully
20:48:37.146 Disk 0 MBR scan
20:48:37.162 Disk 0 Windows 7 default MBR code
20:48:37.162 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:48:37.193 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:48:37.209 Service scanning
20:48:38.332 Modules scanning
20:48:38.332 Disk 0 trace - called modules:
20:48:38.347 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:48:38.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b0f060]
20:48:38.363 3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> [0xfffffa800785f580]
20:48:38.379 5 ACPI.sys[fffff88000fb07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007863060]
20:48:39.143 AVAST engine scan C:\Windows
20:48:44.010 AVAST engine scan C:\Windows\system32
20:51:24.456 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
20:52:42.082 AVAST engine scan C:\Windows\system32\drivers
20:52:57.901 AVAST engine scan C:\Users\Brett
21:02:09.892 AVAST engine scan C:\ProgramData
21:02:44.352 Scan finished successfully
21:03:06.520 Disk 0 MBR has been saved successfully to "C:\Users\Brett\Desktop\MBR.dat"
21:03:06.520 The log file has been saved successfully to "C:\Users\Brett\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 AM

Posted 30 January 2012 - 10:07 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Windows\assembly\GAC_32\Desktop.ini


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 30 January 2012 - 10:29 PM

ComboFix 12-01-30.02 - Brett 01/30/2012 21:14:45.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.5016 [GMT -6:00]
Running from: c:\users\Brett\Desktop\ComboFix.exe
Command switches used :: c:\users\Brett\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 03:17 . 2012-01-31 03:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 02:01 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92D1CA04-A80D-4EB8-AA06-39F83BEECBF0}\mpengine.dll
2012-01-30 03:39 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-30 03:39 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-30 03:39 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-30 03:39 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-30 03:38 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-30 03:38 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-30 03:38 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-30 03:38 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-30 03:14 . 2012-01-30 03:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-30 03:09 . 2012-01-30 03:09 -------- d-----w- c:\windows\system32\Macromed
2012-01-29 06:15 . 2012-01-29 06:15 -------- d-----w- c:\program files (x86)\ESET
2012-01-27 05:56 . 2012-01-27 05:56 -------- d-----w- c:\program files (x86)\FB044
2012-01-27 05:55 . 2012-01-27 05:55 -------- d-----we c:\windows\system64
2012-01-22 06:18 . 2012-01-22 06:18 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-22 04:07 . 2012-01-22 04:07 -------- d-----w- c:\windows\Sun
2012-01-07 04:04 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-01-07 04:04 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-01-07 02:29 . 2012-01-07 02:29 -------- d-----w- c:\windows\system32\SPReview
2012-01-07 02:29 . 2012-01-07 02:29 -------- d-----w- c:\windows\system32\EventProviders
2012-01-07 02:28 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-07 02:28 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-01-07 02:26 . 2010-11-20 13:33 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2012-01-07 02:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-01-07 02:25 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-01-07 02:25 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-01-04 04:48 . 2012-01-04 04:48 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-04 04:36 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-01-04 04:36 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-01-04 04:36 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-01-04 04:36 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-01-04 04:36 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-01-04 04:36 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-01-04 04:34 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-01-04 04:33 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-04 04:33 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-04 04:33 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 03:10 . 2011-09-15 03:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 02:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-07 02:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-06 03:15 . 2010-05-20 00:38 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-05-19 05:17 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 21:24 . 2010-05-19 05:17 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 11:54 . 2010-08-29 23:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-09-24 17:21 . 2010-09-24 17:21 645872 ----a-w- c:\program files (x86)\UIX.renderapi.dll
2010-09-24 17:21 . 2010-09-24 17:21 1526512 ----a-w- c:\program files (x86)\UIX.dll
2010-09-24 17:21 . 2010-09-24 17:21 1284848 ----a-w- c:\program files (x86)\UIXcontrols.dll
2010-09-24 17:21 . 2010-09-24 17:21 1243888 ----a-w- c:\program files (x86)\ZuneShell.dll
2010-09-24 17:21 . 2010-09-24 17:21 1151728 ----a-w- c:\program files (x86)\ZuneDBApi.dll
2010-09-24 17:17 . 2010-09-24 17:17 27888 ----a-w- c:\program files (x86)\WMZuneTCP2UDP.dll
2010-09-24 17:17 . 2010-09-24 17:17 21232 ----a-w- c:\program files (x86)\WMZuneDTPTDNS.dll
2010-09-24 17:17 . 2010-09-24 17:17 18672 ----a-w- c:\program files (x86)\WMZuneCommProxyStub.dll
2010-09-24 17:17 . 2010-09-24 17:17 9456 ----a-w- c:\program files (x86)\ZuneWmduResources.dll
2010-09-24 17:17 . 2010-09-24 17:17 916208 ----a-w- c:\program files (x86)\ZuneQP.dll
2010-09-24 17:17 . 2010-09-24 17:17 896240 ----a-w- c:\program files (x86)\ZuneWmdu.dll
2010-09-24 17:17 . 2010-09-24 17:17 74480 ----a-w- c:\program files (x86)\ZuneShellExt.dll
2010-09-24 17:17 . 2010-09-24 17:17 683760 ----a-w- c:\program files (x86)\ZuneSH.dll
2010-09-24 17:17 . 2010-09-24 17:17 514288 ----a-w- c:\program files (x86)\ZuneSE.dll
2010-09-24 17:17 . 2010-09-24 17:17 507120 ----a-w- c:\program files (x86)\ZuneSP.dll
2010-09-24 17:17 . 2010-09-24 17:17 366320 ----a-w- c:\program files (x86)\ZuneSrcWrp.dll
2010-09-24 17:17 . 2010-09-24 17:17 306416 ----a-w- c:\program files (x86)\WMZuneComm.exe
2010-09-24 17:17 . 2010-09-24 17:17 195312 ----a-w- c:\program files (x86)\ZuneZMDB.Mobile.dll
2010-09-24 17:17 . 2010-09-24 17:17 17648 ----a-w- c:\program files (x86)\ZuneShare.exe
2010-09-24 17:17 . 2010-09-24 17:17 16873712 ----a-w- c:\program files (x86)\ZuneShellResources.dll
2010-09-24 17:17 . 2010-09-24 17:17 157936 ----a-w- c:\program files (x86)\ZuneZMDB.Library.dll
2010-09-24 17:17 . 2010-09-24 17:17 156912 ----a-w- c:\program files (x86)\ZuneZMDB.ZuneHD.dll
2010-09-24 17:17 . 2010-09-24 17:17 155888 ----a-w- c:\program files (x86)\ZuneSA.dll
2010-09-24 17:17 . 2010-09-24 17:17 152304 ----a-w- c:\program files (x86)\ZuneZMDB.Classic.dll
2010-09-24 17:17 . 2010-09-24 17:17 1404144 ----a-w- c:\program files (x86)\ZuneResources.dll
2010-09-24 17:17 . 2010-09-24 17:17 1388272 ----a-w- c:\program files (x86)\ZuneSetup.exe
2010-09-24 17:17 . 2010-09-24 17:17 1240304 ----a-w- c:\program files (x86)\ZuneService.dll
2010-09-24 17:17 . 2010-09-24 17:17 100080 ----a-w- c:\program files (x86)\ZuneTaskbar.dll
2010-09-24 17:17 . 2010-09-24 17:17 9971440 ----a-w- c:\program files (x86)\ZuneNativeLib.dll
2010-09-24 17:17 . 2010-09-24 17:17 855280 ----a-w- c:\program files (x86)\ZuneMBR.dll
2010-09-24 17:17 . 2010-09-24 17:17 8251120 ----a-w- c:\program files (x86)\ZuneNss.exe
2010-09-24 17:17 . 2010-09-24 17:17 72944 ----a-w- c:\program files (x86)\ZuneDXVA2.dll
2010-09-24 17:17 . 2010-09-24 17:17 707824 ----a-w- c:\program files (x86)\ZUNEMP4SDECD.dll
2010-09-24 17:17 . 2010-09-24 17:17 61680 ----a-w- c:\program files (x86)\ZuneCfg.dll
2010-09-24 17:17 . 2010-09-24 17:17 56560 ----a-w- c:\program files (x86)\ZuneConfig.exe
2010-09-24 17:17 . 2010-09-24 17:17 38640 ----a-w- c:\program files (x86)\ZuneEnc.exe
2010-09-24 17:17 . 2010-09-24 17:17 376560 ----a-w- c:\program files (x86)\ZuneEvr.dll
2010-09-24 17:17 . 2010-09-24 17:17 35568 ----a-w- c:\program files (x86)\UIXsup.dll
2010-09-24 17:17 . 2010-09-24 17:17 347888 ----a-w- c:\program files (x86)\ZuneNssci.dll
2010-09-24 17:17 . 2010-09-24 17:17 223472 ----a-w- c:\program files (x86)\Zune.exe
2010-09-24 17:17 . 2010-09-24 17:17 218864 ----a-w- c:\program files (x86)\ZuneHost.exe
2010-09-24 17:17 . 2010-09-24 17:17 212208 ----a-w- c:\program files (x86)\ZuneDB.dll
2010-09-24 17:17 . 2010-09-24 17:17 2109680 ----a-w- c:\program files (x86)\ZuneEncEng.dll
2010-09-24 17:17 . 2010-09-24 17:17 20720 ----a-w- c:\program files (x86)\ZunePS.dll
2010-09-24 17:17 . 2010-09-24 17:17 1744624 ----a-w- c:\program files (x86)\UIXrender.dll
2010-09-24 17:17 . 2010-09-24 17:17 163568 ----a-w- c:\program files (x86)\ZuneLauncher.exe
2010-09-24 17:17 . 2010-09-24 17:17 1464560 ----a-w- c:\program files (x86)\ZuneCore.dll
2010-09-24 17:17 . 2010-09-24 17:17 130800 ----a-w- c:\program files (x86)\ZunePresenter.dll
2010-09-24 17:17 . 2010-09-24 17:17 129264 ----a-w- c:\program files (x86)\ZuneEffects.dll
2010-09-24 17:17 . 2010-09-24 17:17 121072 ----a-w- c:\program files (x86)\ZuneAACDec.dll
2010-09-24 17:17 . 2010-09-24 17:17 1184496 ----a-w- c:\program files (x86)\ZuneH264Dec.dll
2010-09-24 17:17 . 2010-09-24 17:17 1161456 ----a-w- c:\program files (x86)\ZuneMde.dll
2010-09-24 17:17 . 2010-09-24 17:17 1084144 ----a-w- c:\program files (x86)\ZuneMarketplaceResources.dll
2010-09-24 16:19 . 2010-09-24 16:19 182784 ----a-w- c:\program files (x86)\l3codecp.acm
2010-09-24 15:49 . 2010-09-24 15:49 856576 ----a-w- c:\program files (x86)\msvcp90.dll
2010-09-24 15:49 . 2010-09-24 15:49 626688 ----a-w- c:\program files (x86)\msvcr90.dll
2010-09-24 15:49 . 2010-09-24 15:49 245760 ----a-w- c:\program files (x86)\msvcm90.dll
2007-10-02 18:12 . 2007-10-02 18:12 1642568 ----a-w- c:\program files (x86)\msidcrl40.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_01.13.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-19 05:40 . 2012-01-31 01:36 29682 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-31 01:36 33834 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-19 05:40 . 2012-01-31 01:36 29682 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-31 01:36 33834 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-19 05:00 . 2012-01-31 01:36 8582 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181718206-1115464263-796121684-1000_UserData.bin
+ 2010-05-19 05:00 . 2012-01-31 01:36 8582 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181718206-1115464263-796121684-1000_UserData.bin
+ 2012-01-31 03:18 . 2012-01-31 03:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-31 01:13 . 2012-01-31 01:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-01-31 01:12 457952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-31 03:17 457952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [2010-05-25 5475403]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-09 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\users\Brett\Downloads\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2010-5-19 116056]
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe [2010-9-23 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files (x86)\WMZuneComm.exe [2010-09-24 306416]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MotoHelper.exe;Motorola Helper;c:\program files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1446504]
"Zune Launcher"="c:\program files (x86)\ZuneLauncher.exe" [2010-09-24 163568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hmroox6g.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\SysWOW64\schtasks.exe
.
**************************************************************************
.
Completion time: 2012-01-30 21:22:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 03:22
ComboFix2.txt 2012-01-31 01:33
ComboFix3.txt 2012-01-31 01:18
.
Pre-Run: 33,499,000,832 bytes free
Post-Run: 33,528,905,728 bytes free
.
- - End Of File - - 6F9B114898A71A2F3B55C2BBBCF4B793


I didn't come across any problems and like usual, nothing seems really wrong. I just hope that there isn't anything lingering still like last time. Broni and I thought we had got rid of that infected piece in aswMBR but it was still lingering after when I had ran the scan again. Maybe this time it will be gone for good. I haven't tested anything special yet. Just waiting on further instructions.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 AM

Posted 30 January 2012 - 11:20 PM

Hello

now is a good time to check things out and let me know if there is anything else wronge

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.3.2

and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 31 January 2012 - 12:07 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brett :: BRETT-PC [administrator]

1/30/2012 10:45:15 PM
mbam-log-2012-01-30 (22-45-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181390
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Brett\Desktop\FSS.exe (Trojan.AutoIT) -> Quarantined and deleted successfully.
C:\Users\Brett\Desktop\MiniToolBox.exe (Trojan.AutoIT) -> Quarantined and deleted successfully.

(end)



When I ran HijackThis, a message popped up: "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may Not be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts and press Enter. Find the line(s) HijackThis reports and deletes them. Save the file as 'hosts.' (with quotes), and reboot. For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose "Run as administrator'.

Just ran it again as administrator, here is the report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:12 PM, on 1/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Users\Brett\Downloads\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files (x86)\WinTV\Ir.exe
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia Extreme 2\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 7757 bytes




The two files that showed up in the malwarebytes antimalware were two programs that I was instructed by Broni to install to try and help me fix my problem. Not sure if anything was wrong with them but I went ahead and removed them anyway. I don't feel anything being disruptive still. I am hoping it stays this way. Let me know if you see anything. Thanks.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 AM

Posted 31 January 2012 - 12:48 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
      O4 - Global Startup: AutoStart IR.lnk = C:\Program Files (x86)\WinTV\Ir.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 roadrash03

roadrash03
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 31 January 2012 - 01:09 AM

That's awesome dude. I was actually wondering the other day how to stop Vidalia from opening on every start up. It was getting kind of annoying and I don't even use it as much anymore. Thanks for that.

When I went to do the Eset Online scanner, I have already used it before. So when I ran the scan, a message came up. It read: Cannot get update. Is proxy configured?

What should I do?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:38 AM

Posted 31 January 2012 - 01:14 AM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users