Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Referred here after finding/cleaning Rootkit.Boot.Pihar.a


  • This topic is locked This topic is locked
27 replies to this topic

#1 zerpft

zerpft

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 02 February 2012 - 05:32 PM

I was referred here by another forum after finding Rootkit.Boot.Pihar.a with TdssKiller.
Orginal posting: http://www.bleepingcomputer.com/forums/topic435279.html/page__p__2576176__hl__intermitant__fromsearch__1#entry2576176

My orginal problem was that the system was intermitantly booting to a black screen after the Windows XP splash screen. The only way I could get it to complete bootup was to boot to safe mode and use Killbot to delete the prefetch catch. (I wasn't pleased about doing this but it was the only way to get the system to finish bootup) I didn't initally post here because scans with Spybot, Malwarebytes and ESet all turned up clean. They tried to resolve it through hardware means but nothing seemed to do the trick. I started running everyscan I could get my hands on. The first positive hit occured with Tdsskiller. I allowed it to cure the infected file and I no longer seem to have the issue of it booting to a black screen. After reading about Tdss it appears to be a downloader so I had concerns that I might still be infected. I ran Spybot, Eset, and Malwarebytes again but they found no issues. After requesting more assistance in the other forum they told me to post here.

They also asked me to follow the preparation guide and I did so as best as I could. Attempting to run dds (defogged) in both standard and safe mode caused my system to freeze forcing a hard powerdown after about (45) ticks marks. I will attach the log from gmer and the orginal tdsskiller log for your review.

System information
Dell Insprion laptop
Windows XP Home (sp3)
Used in an office environment by approx 3 users

Primary software used
Thunderbird, Excel 2003, Word 2003, IE 8 / Firefox (current)

Thanks in advance for an assistance you can provide.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 04 February 2012 - 01:29 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 07 February 2012 - 01:22 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 zerpft

zerpft
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 07 February 2012 - 11:20 AM

Sorry, yes I am still here I was away for the weekend. Thank you for your assistance.

Ran unhide.exe from your link and after a few minutes got a dialog box that said it finished. Upon rebooting my original problem seemed to have returned. The system turns black after the Windows XP splash screen (I do hear the windows chimes and hard drive running so I think windows is completing boot). This has not happened since Tdsskiller scan a few weeks ago. I was able to boot into safe mode and run OTL.exe with the switches you recommended.

Please see the log file OTL.txt below
...............................................
OTL logfile created on: 2/7/2012 11:41:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\perryd.MACK-W05\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 78.50% Memory free
2.98 Gb Paging File | 2.90 Gb Available in Paging File | 97.40% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 25.00 Gb Free Space | 44.74% Space Free | Partition Type: NTFS

Computer Name: MACK-W05 | User Name: perryd | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\perryd.MACK-W05\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\LsaWrApi.dll ()
MOD - C:\WINDOWS\system32\C1XStngs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (lxdw_device) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WebDriveService) -- C:\Program Files\WebDrive\wdService.exe (South River Technologies, LLC)
SRV - (lxeb_device) -- C:\WINDOWS\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (IDriveE Service) -- C:\Program Files\IDrive\IDriveE Service.exe (Pro Softnet Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (WebDriveFSD) -- C:\Program Files\WebDrive\wdfsd.sys ()
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (w70n51) Intel® -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys ()
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {1fa71664-b0ee-4759-a002-640e80c8f132} - SOFTWARE\Classes\CLSID\{1fa71664-b0ee-4759-a002-640e80c8f132}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/06 14:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/05 17:34:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/05 17:34:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/26 10:17:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/10/11 10:42:26 | 000,000,000 | ---D | M]

[2010/09/20 15:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\perryd.MACK-W05\Application Data\Mozilla\Extensions
[2010/09/20 15:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\perryd.MACK-W05\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/05 17:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\perryd.MACK-W05\Application Data\Mozilla\Firefox\Profiles\1q8duthi.default\extensions
[2010/04/28 15:37:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\perryd.MACK-W05\Application Data\Mozilla\Firefox\Profiles\1q8duthi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/12 10:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/05 17:34:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/05 17:34:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/05 17:34:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/26 16:14:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\..\Toolbar\WebBrowser: (Holidays Toolbar) - {3DD02F89-4590-4DD7-B14C-E2444F7D9915} - C:\Program Files\Holidays Toolbar\holidaystb.dll File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\perryd\Start Menu\Programs\Startup\Shortcut to SBS_LOGIN_SCRIPT.lnk = C:\Documents and Settings\perryd.MACK-W05\Desktop\SBS_LOGIN_SCRIPT.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mackdinette.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BAB2E09-5985-4B6C-81C5-0CF003B8CFA1}: DhcpNameServer = 10.2.0.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\system32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/29 22:32:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-507921405-2146961487-1343024091-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 16:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\perryd.MACK-W05\Application Data\Malwarebytes
[2012/02/03 16:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/03 16:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/03 16:38:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/03 16:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/31 11:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\perryd.MACK-W05\Desktop\gmer
[2012/01/30 16:39:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\perryd.MACK-W05\Desktop\dds.scr
[2012/01/26 16:35:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/26 16:22:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/07 12:12:34 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2011/06/07 12:09:15 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2011/06/07 12:09:15 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2011/06/07 12:09:14 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2011/06/07 12:09:14 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2011/06/07 12:09:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2011/06/07 12:09:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2011/06/07 12:09:13 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2011/06/07 12:09:13 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebih.exe
[2011/06/07 12:09:12 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2011/06/07 12:09:12 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2011/06/07 12:09:12 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoms.exe
[2011/06/07 12:09:12 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[2011/06/07 12:09:11 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcfg.exe

========== Files - Modified Within 30 Days ==========

[2012/02/07 11:38:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/07 11:36:21 | 000,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/07 11:36:21 | 000,027,960 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/02/06 09:37:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/02 13:59:24 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/02/02 13:59:24 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/01/31 11:17:05 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\perryd.MACK-W05\My Documents\MBRCheck.exe
[2012/01/30 16:39:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\perryd.MACK-W05\Desktop\dds.scr
[2012/01/27 12:03:48 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\perryd.MACK-W05\Local Settings\Application Data\PUTTY.RND
[2012/01/26 16:14:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/26 15:39:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 12:51:37 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\perryd.MACK-W05\Desktop\Order Control.URL

========== Files Created - No Company Name ==========

[2012/02/02 13:59:24 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/02/02 13:59:24 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/01/31 11:17:05 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\perryd.MACK-W05\My Documents\MBRCheck.exe
[2011/10/14 14:44:55 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/09/28 15:41:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/28 15:41:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/28 15:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/28 15:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/28 15:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/27 16:24:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/07 12:12:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2011/06/07 12:12:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2011/06/07 12:12:26 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2011/06/07 12:12:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2011/06/07 12:11:18 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEBoem.dll
[2011/06/07 12:11:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEBPMON.DLL
[2011/06/07 12:11:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEBFXPU.DLL
[2011/06/07 12:09:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2011/06/07 12:09:15 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2011/06/07 12:09:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2011/06/07 12:09:13 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2011/06/07 12:09:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2011/06/07 12:09:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2011/06/07 12:09:12 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2011/06/07 12:09:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2011/06/07 12:09:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2011/06/07 12:09:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2011/06/07 12:08:18 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2011/06/07 12:08:17 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2011/04/18 16:49:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\perryd.MACK-W05\Application Data\winscp.rnd
[2011/04/09 10:53:39 | 000,013,376 | -HS- | C] () -- C:\Documents and Settings\perryd.MACK-W05\Local Settings\Application Data\1050jcc8s4114qmjdm0v8mn8cwkp30y42rx25trg7ffoq
[2011/04/09 10:53:39 | 000,013,376 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1050jcc8s4114qmjdm0v8mn8cwkp30y42rx25trg7ffoq
[2011/01/07 16:19:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xfajebinu.dat
[2011/01/07 16:19:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gbufilaquva.bin
[2010/12/18 14:20:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/05 17:03:43 | 000,386,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/17 16:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/02/17 16:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/12/18 19:29:14 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/12/18 19:29:14 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/12/18 19:28:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\perryd.MACK-W05\Application Data\$_hpcst$.hpc
[2009/11/04 16:16:31 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/05 08:47:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\perryd.MACK-W05\Local Settings\Application Data\PUTTY.RND
[2009/02/09 10:16:15 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/09 10:16:15 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\97031F6499.sys
[2008/02/28 18:16:02 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/12/04 20:47:34 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/12/04 19:54:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/04 19:44:55 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/04 19:43:12 | 000,109,724 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2007/12/04 19:40:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/12/04 19:40:44 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2007/12/04 09:47:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OneClick.DLL
[2007/11/30 10:25:30 | 000,000,816 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/11/30 00:07:49 | 000,005,413 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/30 00:04:19 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2007/11/29 23:04:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2007/11/29 23:02:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/29 22:49:30 | 000,027,960 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/11/29 22:34:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/29 22:29:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/29 19:21:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/29 19:20:23 | 000,707,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/06/13 19:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2005/11/28 19:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/05 01:38:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PfMgrTool.exe
[2005/07/05 01:37:14 | 000,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2005/07/05 01:29:16 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ShellNav.dll
[2005/07/05 01:27:42 | 000,532,549 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2005/07/05 01:26:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/13 03:00:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/13 03:00:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/02/27 08:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 08:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 08:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/11/17 19:31:04 | 000,003,219 | ---- | C] () -- C:\WINDOWS\System32\mmc.ini

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 384 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:f6b2762790fbc1d0393e2a2c43aac513

< End of report >

Edited by zerpft, 07 February 2012 - 12:27 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 07 February 2012 - 02:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 zerpft

zerpft
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 07 February 2012 - 04:23 PM

(I am writing from a different machine)

Downloaded Combofix from the second link in the list. After running it it asked me to update so I said ok. It than gave me a message "Combofix has expired Would you like to run in Reduced functionality mode" I clicked no and redownloaded it from the first link. From there it appeared to start running fine. It has now been on a screen that says "Scanning for infected files... However scan times may easily double" with a blinking cursor and no further information. It has been on that screen for approx an hour and twenty mins. I've refrained from clicking on anything but the hard drive light doesn't even seem to be flickering. Is this normal?

Edit: It has now been running for approx 2.5 hours still at the same place. We needed to close the office for the evening which meant I needed to shut the system down. It is completely locked I could not even click the start button. I had to do a hard shutdown. I am sorry for not being able to complete your instructions hopefully I didn't cause any further harm.

Edited by zerpft, 07 February 2012 - 05:32 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 08 February 2012 - 05:28 AM

Hello
stop it and run it like this


  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 zerpft

zerpft
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 08 February 2012 - 11:02 AM

That switch worked like a charm it was able to complete successfully.

Here on some notes from what I've noticed after running combofix.
  • Firefox now crashes as soon as I try to load it. It states the failure is due to modname: mozert19.dll
  • Internet explorer as soon as it loads brings up a Microsoft Office install box and is looking for files. I had to cancel it about three times before it would allow me to continue.

==================== combofix log below =====================

ComboFix 12-02-07.01 - perryd 02/08/2012 10:28:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.804 [GMT -5:00]
Running from: c:\documents and settings\perryd.MACK-W05\Desktop\ComboFix.exe
Command switches used :: /nombr
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-03 21:38 . 2012-02-03 21:38 -------- d-----w- c:\documents and settings\perryd.MACK-W05\Application Data\Malwarebytes
2012-02-03 21:38 . 2012-02-03 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-03 21:38 . 2012-02-03 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 21:38 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-02 18:59 . 2012-02-02 18:59 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 22:34 . 2011-12-05 22:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-26_21.15.37 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2011-06-21 07:06 1540096 ----a-w- c:\windows\system32\wdShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-09-06 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-06 7118848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
c:\documents and settings\perryd\Start Menu\Programs\Startup\
Shortcut to SBS_LOGIN_SCRIPT.lnk - c:\documents and settings\perryd.MACK-W05\Desktop\SBS_LOGIN_SCRIPT.bat [2009-8-31 189]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-30 05:00 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 06:33 188482 ----a-w- c:\windows\system32\LgNotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-02-06 16:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-06-29 17:13 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 10:20 122940 ----a-w- c:\windows\system32\dla\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-05-05 12:58 148280 ----a-w- c:\program files\Lexmark Pro200-S500 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark Pro200-S500 Series Fax Server]
2010-05-05 12:58 316072 ----a-w- c:\program files\Lexmark Pro200-S500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxebmon.exe]
2010-05-05 12:58 770728 ----a-w- c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-20 18:24 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-07-06 23:52 7118848 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-07-06 23:52 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2005-06-27 13:31 135168 ----a-w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-09-06 18:55 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-11-30 04:33 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZCfgSvc.exe]
2005-07-05 06:32 639040 ----a-w- c:\windows\system32\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\DOM\\Xm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
.
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 4:38 PM 652360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/14/2008 6:28 PM 24652]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [6/21/2011 2:07 AM 236248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 4:38 PM 20464]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [6/7/2011 12:12 PM 193192]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/18/2009 7:29 PM 36608]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S4 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [12/4/2007 8:47 PM 128464]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: google.com\www
TCP: DhcpNameServer = 10.2.0.2
FF - ProfilePath - c:\documents and settings\perryd.MACK-W05\Application Data\Mozilla\Firefox\Profiles\1q8duthi.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mozilla Firefox 8.0.1 (x86 en-US) - c:\program files\Mozilla Firefox\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-08 10:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\system32\LgNotify.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\WININET.dll
c:\windows\system32\wdResDll.dll
c:\windows\system32\wdUIResDll.dll
.
- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\WININET.dll
c:\windows\system32\wdShellExt.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdResDll.dll
c:\windows\system32\wdUIResDll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wdnp32.dll
.
Completion time: 2012-02-08 10:45:33
ComboFix-quarantined-files.txt 2012-02-08 15:45
ComboFix2.txt 2011-09-28 21:14
.
Pre-Run: 26,806,767,616 bytes free
Post-Run: 26,848,600,064 bytes free
.
- - End Of File - - 0880F489131CA7D4B163D1F8A08E0023

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 08 February 2012 - 05:28 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 zerpft

zerpft
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 09 February 2012 - 11:29 AM

It found one suspecious file.

-------- Tdsskiller log below -------------
11:19:50.0650 3800 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
11:19:50.0891 3800 ============================================================
11:19:50.0891 3800 Current date / time: 2012/02/09 11:19:50.0891
11:19:50.0891 3800 SystemInfo:
11:19:50.0891 3800
11:19:50.0891 3800 OS Version: 5.1.2600 ServicePack: 3.0
11:19:50.0891 3800 Product type: Workstation
11:19:50.0891 3800 ComputerName: MACK-W05
11:19:50.0891 3800 UserName: perryd
11:19:50.0891 3800 Windows directory: C:\WINDOWS
11:19:50.0891 3800 System windows directory: C:\WINDOWS
11:19:50.0891 3800 Processor architecture: Intel x86
11:19:50.0891 3800 Number of processors: 1
11:19:50.0891 3800 Page size: 0x1000
11:19:50.0891 3800 Boot type: Normal boot
11:19:50.0891 3800 ============================================================
11:19:54.0175 3800 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:19:54.0175 3800 \Device\Harddisk0\DR0:
11:19:54.0175 3800 MBR used
11:19:54.0175 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
11:19:54.0236 3800 Initialize success
11:19:54.0236 3800 ============================================================
11:21:43.0282 2924 ============================================================
11:21:43.0282 2924 Scan started
11:21:43.0282 2924 Mode: Manual; TDLFS;
11:21:43.0282 2924 ============================================================
11:21:44.0154 2924 Abiosdsk - ok
11:21:44.0194 2924 abp480n5 - ok
11:21:44.0304 2924 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:21:44.0314 2924 ACPI - ok
11:21:44.0404 2924 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:21:44.0404 2924 ACPIEC - ok
11:21:44.0464 2924 adpu160m - ok
11:21:44.0564 2924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:21:44.0574 2924 aec - ok
11:21:44.0674 2924 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:21:44.0674 2924 AegisP - ok
11:21:44.0754 2924 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:21:44.0754 2924 AFD - ok
11:21:44.0795 2924 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:21:44.0795 2924 agp440 - ok
11:21:44.0825 2924 Aha154x - ok
11:21:44.0855 2924 aic78u2 - ok
11:21:44.0875 2924 aic78xx - ok
11:21:44.0925 2924 AliIde - ok
11:21:44.0955 2924 amsint - ok
11:21:45.0045 2924 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:21:45.0055 2924 ApfiltrService - ok
11:21:45.0145 2924 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
11:21:45.0145 2924 APPDRV - ok
11:21:45.0255 2924 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:21:45.0255 2924 Arp1394 - ok
11:21:45.0285 2924 asc - ok
11:21:45.0315 2924 asc3350p - ok
11:21:45.0335 2924 asc3550 - ok
11:21:45.0405 2924 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
11:21:45.0405 2924 ASCTRM - ok
11:21:45.0516 2924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:21:45.0516 2924 AsyncMac - ok
11:21:45.0566 2924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:21:45.0576 2924 atapi - ok
11:21:45.0616 2924 Atdisk - ok
11:21:45.0676 2924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:21:45.0686 2924 Atmarpc - ok
11:21:45.0796 2924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:21:45.0806 2924 audstub - ok
11:21:45.0886 2924 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:21:45.0886 2924 bcm4sbxp - ok
11:21:45.0976 2924 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
11:21:46.0036 2924 BCMModem - ok
11:21:46.0187 2924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:21:46.0187 2924 Beep - ok
11:21:46.0437 2924 catchme - ok
11:21:46.0477 2924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:21:46.0477 2924 cbidf2k - ok
11:21:46.0537 2924 cd20xrnt - ok
11:21:46.0577 2924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:21:46.0587 2924 Cdaudio - ok
11:21:46.0687 2924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:21:46.0687 2924 Cdfs - ok
11:21:46.0717 2924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:21:46.0717 2924 Cdrom - ok
11:21:46.0817 2924 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
11:21:46.0817 2924 cercsr6 - ok
11:21:46.0898 2924 Changer - ok
11:21:46.0958 2924 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:21:46.0958 2924 CmBatt - ok
11:21:46.0988 2924 CmdIde - ok
11:21:47.0018 2924 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:21:47.0018 2924 Compbatt - ok
11:21:47.0078 2924 Cpqarray - ok
11:21:47.0118 2924 dac2w2k - ok
11:21:47.0148 2924 dac960nt - ok
11:21:47.0208 2924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:21:47.0208 2924 Disk - ok
11:21:47.0278 2924 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:21:47.0278 2924 DLABOIOM - ok
11:21:47.0308 2924 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:21:47.0308 2924 DLACDBHM - ok
11:21:47.0388 2924 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:21:47.0388 2924 DLADResN - ok
11:21:47.0428 2924 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:21:47.0428 2924 DLAIFS_M - ok
11:21:47.0468 2924 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:21:47.0478 2924 DLAOPIOM - ok
11:21:47.0498 2924 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:21:47.0498 2924 DLAPoolM - ok
11:21:47.0528 2924 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:21:47.0528 2924 DLARTL_N - ok
11:21:47.0559 2924 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:21:47.0569 2924 DLAUDFAM - ok
11:21:47.0589 2924 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:21:47.0599 2924 DLAUDF_M - ok
11:21:47.0699 2924 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:21:47.0749 2924 dmboot - ok
11:21:47.0829 2924 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:21:47.0839 2924 dmio - ok
11:21:47.0909 2924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:21:47.0909 2924 dmload - ok
11:21:47.0979 2924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:21:47.0979 2924 DMusic - ok
11:21:48.0089 2924 dpti2o - ok
11:21:48.0129 2924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:21:48.0129 2924 drmkaud - ok
11:21:48.0209 2924 drvmcdb (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:21:48.0219 2924 drvmcdb - ok
11:21:48.0250 2924 drvnddm (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:21:48.0250 2924 drvnddm - ok
11:21:48.0380 2924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:21:48.0390 2924 Fastfat - ok
11:21:48.0490 2924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:21:48.0490 2924 Fdc - ok
11:21:48.0580 2924 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:21:48.0580 2924 Fips - ok
11:21:48.0640 2924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:21:48.0640 2924 Flpydisk - ok
11:21:48.0670 2924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:21:48.0670 2924 FltMgr - ok
11:21:48.0820 2924 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
11:21:48.0820 2924 FreshIO - ok
11:21:48.0930 2924 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
11:21:48.0930 2924 FsUsbExDisk - ok
11:21:48.0981 2924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:21:48.0991 2924 Fs_Rec - ok
11:21:49.0081 2924 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:21:49.0091 2924 Ftdisk - ok
11:21:49.0161 2924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:21:49.0161 2924 Gpc - ok
11:21:49.0201 2924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:21:49.0211 2924 HidUsb - ok
11:21:49.0261 2924 hpn - ok
11:21:49.0351 2924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:21:49.0371 2924 HTTP - ok
11:21:49.0391 2924 i2omgmt - ok
11:21:49.0421 2924 i2omp - ok
11:21:49.0491 2924 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:21:49.0491 2924 i8042prt - ok
11:21:49.0561 2924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:21:49.0561 2924 Imapi - ok
11:21:49.0611 2924 ini910u - ok
11:21:49.0662 2924 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:21:49.0662 2924 IntelIde - ok
11:21:49.0702 2924 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:21:49.0702 2924 intelppm - ok
11:21:49.0762 2924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:21:49.0762 2924 Ip6Fw - ok
11:21:49.0842 2924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:21:49.0852 2924 IpFilterDriver - ok
11:21:49.0932 2924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:21:49.0932 2924 IpInIp - ok
11:21:50.0012 2924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:21:50.0022 2924 IpNat - ok
11:21:50.0062 2924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:21:50.0062 2924 IPSec - ok
11:21:50.0142 2924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:21:50.0142 2924 IRENUM - ok
11:21:50.0172 2924 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:21:50.0182 2924 isapnp - ok
11:21:50.0252 2924 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:21:50.0252 2924 Kbdclass - ok
11:21:50.0363 2924 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:21:50.0363 2924 kbdhid - ok
11:21:50.0403 2924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:21:50.0413 2924 kmixer - ok
11:21:50.0513 2924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:21:50.0513 2924 KSecDD - ok
11:21:50.0613 2924 lbrtfdc - ok
11:21:50.0833 2924 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:21:50.0833 2924 MBAMProtector - ok
11:21:50.0913 2924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:21:50.0913 2924 mnmdd - ok
11:21:51.0003 2924 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:21:51.0013 2924 Modem - ok
11:21:51.0054 2924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:21:51.0054 2924 Mouclass - ok
11:21:51.0134 2924 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:21:51.0134 2924 mouhid - ok
11:21:51.0164 2924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:21:51.0164 2924 MountMgr - ok
11:21:51.0184 2924 mraid35x - ok
11:21:51.0224 2924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:21:51.0234 2924 MRxDAV - ok
11:21:51.0344 2924 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:21:51.0374 2924 MRxSmb - ok
11:21:51.0404 2924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:21:51.0404 2924 Msfs - ok
11:21:51.0484 2924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:21:51.0484 2924 MSKSSRV - ok
11:21:51.0524 2924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:21:51.0524 2924 MSPCLOCK - ok
11:21:51.0624 2924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:21:51.0634 2924 MSPQM - ok
11:21:51.0755 2924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:21:51.0765 2924 mssmbios - ok
11:21:51.0835 2924 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:21:51.0835 2924 Mup - ok
11:21:51.0915 2924 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
11:21:51.0925 2924 MxlW2k - ok
11:21:51.0965 2924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:21:51.0965 2924 NDIS - ok
11:21:51.0995 2924 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:21:51.0995 2924 NdisTapi - ok
11:21:52.0075 2924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:21:52.0085 2924 Ndisuio - ok
11:21:52.0125 2924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:21:52.0125 2924 NdisWan - ok
11:21:52.0185 2924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:21:52.0185 2924 NDProxy - ok
11:21:52.0245 2924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:21:52.0245 2924 NetBIOS - ok
11:21:52.0285 2924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:21:52.0295 2924 NetBT - ok
11:21:52.0456 2924 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:21:52.0466 2924 NIC1394 - ok
11:21:52.0526 2924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:21:52.0536 2924 Npfs - ok
11:21:52.0626 2924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:21:52.0666 2924 Ntfs - ok
11:21:52.0726 2924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:21:52.0726 2924 Null - ok
11:21:53.0016 2924 nv (ecef9af156aafe2819a16230ad8968b7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:21:53.0227 2924 nv - ok
11:21:53.0377 2924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:21:53.0377 2924 NwlnkFlt - ok
11:21:53.0407 2924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:21:53.0407 2924 NwlnkFwd - ok
11:21:53.0487 2924 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:21:53.0497 2924 ohci1394 - ok
11:21:53.0567 2924 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
11:21:53.0567 2924 OMCI - ok
11:21:53.0617 2924 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:21:53.0627 2924 Parport - ok
11:21:53.0657 2924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:21:53.0657 2924 PartMgr - ok
11:21:53.0717 2924 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:21:53.0717 2924 ParVdm - ok
11:21:53.0818 2924 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:21:53.0828 2924 pccsmcfd - ok
11:21:53.0848 2924 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:21:53.0858 2924 PCI - ok
11:21:53.0878 2924 PCIDump - ok
11:21:53.0928 2924 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:21:53.0928 2924 PCIIde - ok
11:21:53.0958 2924 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:21:53.0958 2924 Pcmcia - ok
11:21:53.0988 2924 PDCOMP - ok
11:21:54.0018 2924 PDFRAME - ok
11:21:54.0048 2924 PDRELI - ok
11:21:54.0068 2924 PDRFRAME - ok
11:21:54.0098 2924 perc2 - ok
11:21:54.0128 2924 perc2hib - ok
11:21:54.0268 2924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:21:54.0268 2924 PptpMiniport - ok
11:21:54.0308 2924 PROCEXP151 - ok
11:21:54.0368 2924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:21:54.0378 2924 PSched - ok
11:21:54.0458 2924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:21:54.0468 2924 Ptilink - ok
11:21:54.0569 2924 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:21:54.0569 2924 PxHelp20 - ok
11:21:54.0639 2924 ql1080 - ok
11:21:54.0679 2924 Ql10wnt - ok
11:21:54.0719 2924 ql12160 - ok
11:21:54.0779 2924 ql1240 - ok
11:21:54.0819 2924 ql1280 - ok
11:21:54.0879 2924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:21:54.0879 2924 RasAcd - ok
11:21:54.0989 2924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:21:54.0999 2924 Rasl2tp - ok
11:21:55.0079 2924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:21:55.0089 2924 RasPppoe - ok
11:21:55.0149 2924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:21:55.0149 2924 Raspti - ok
11:21:55.0260 2924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:21:55.0260 2924 Rdbss - ok
11:21:55.0300 2924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:21:55.0300 2924 RDPCDD - ok
11:21:55.0380 2924 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:21:55.0380 2924 RDPWD - ok
11:21:55.0440 2924 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:21:55.0440 2924 redbook - ok
11:21:55.0500 2924 RimUsb - ok
11:21:55.0570 2924 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:21:55.0580 2924 RimVSerPort - ok
11:21:55.0640 2924 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:21:55.0650 2924 ROOTMODEM - ok
11:21:55.0800 2924 s24trans (423ae506c8d55bba9e429eeeec035a40) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:21:55.0810 2924 s24trans - ok
11:21:55.0971 2924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:21:55.0971 2924 Secdrv - ok
11:21:56.0031 2924 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:21:56.0031 2924 Serial - ok
11:21:56.0151 2924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:21:56.0161 2924 Sfloppy - ok
11:21:56.0201 2924 Simbad - ok
11:21:56.0231 2924 Sparrow - ok
11:21:56.0291 2924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:21:56.0291 2924 splitter - ok
11:21:56.0341 2924 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:21:56.0341 2924 sr - ok
11:21:56.0451 2924 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
11:21:56.0461 2924 Srv - ok
11:21:56.0561 2924 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
11:21:56.0561 2924 sscdbus - ok
11:21:56.0672 2924 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
11:21:56.0672 2924 sscdmdfl - ok
11:21:56.0762 2924 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
11:21:56.0782 2924 sscdmdm - ok
11:21:56.0872 2924 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
11:21:56.0882 2924 STAC97 - ok
11:21:56.0962 2924 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:21:56.0962 2924 StillCam - ok
11:21:57.0032 2924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:21:57.0032 2924 swenum - ok
11:21:57.0082 2924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:21:57.0092 2924 swmidi - ok
11:21:57.0142 2924 symc810 - ok
11:21:57.0162 2924 symc8xx - ok
11:21:57.0192 2924 sym_hi - ok
11:21:57.0212 2924 sym_u3 - ok
11:21:57.0252 2924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:21:57.0252 2924 sysaudio - ok
11:21:57.0363 2924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:21:57.0383 2924 Tcpip - ok
11:21:57.0423 2924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:21:57.0423 2924 TDPIPE - ok
11:21:57.0463 2924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:21:57.0463 2924 TDTCP - ok
11:21:57.0503 2924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:21:57.0513 2924 TermDD - ok
11:21:57.0573 2924 TosIde - ok
11:21:57.0653 2924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:21:57.0653 2924 Udfs - ok
11:21:57.0683 2924 UIUSys - ok
11:21:57.0703 2924 ultra - ok
11:21:57.0773 2924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:21:57.0783 2924 Update - ok
11:21:57.0853 2924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:21:57.0853 2924 usbccgp - ok
11:21:57.0933 2924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:21:57.0943 2924 usbehci - ok
11:21:58.0014 2924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:21:58.0014 2924 usbhub - ok
11:21:58.0084 2924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:21:58.0094 2924 usbprint - ok
11:21:58.0184 2924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:21:58.0184 2924 usbscan - ok
11:21:58.0234 2924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:21:58.0244 2924 USBSTOR - ok
11:21:58.0284 2924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:21:58.0284 2924 usbuhci - ok
11:21:58.0314 2924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:21:58.0314 2924 VgaSave - ok
11:21:58.0344 2924 ViaIde - ok
11:21:58.0474 2924 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:21:58.0474 2924 VolSnap - ok
11:21:58.0594 2924 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
11:21:58.0644 2924 w70n51 - ok
11:21:58.0715 2924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:21:58.0715 2924 Wanarp - ok
11:21:58.0785 2924 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
11:21:58.0795 2924 wanatw - ok
11:21:58.0825 2924 WDICA - ok
11:21:58.0905 2924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:21:58.0905 2924 wdmaud - ok
11:21:59.0065 2924 WebDriveFSD (bbd59b47c1b050e348cd55f3e257b1b9) C:\Program Files\WebDrive\wdfsd.sys
11:21:59.0065 2924 WebDriveFSD - ok
11:21:59.0396 2924 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:21:59.0396 2924 WpdUsb - ok
11:21:59.0536 2924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:21:59.0536 2924 WS2IFSL - ok
11:21:59.0636 2924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:21:59.0636 2924 WudfPf - ok
11:21:59.0676 2924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:21:59.0686 2924 WudfRd - ok
11:21:59.0786 2924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:22:00.0066 2924 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:22:00.0066 2924 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:22:00.0077 2924 Boot (0x1200) (fba573c3a1422e61c094906dac2a1d06) \Device\Harddisk0\DR0\Partition0
11:22:00.0077 2924 \Device\Harddisk0\DR0\Partition0 - ok
11:22:00.0097 2924 ============================================================
11:22:00.0097 2924 Scan finished
11:22:00.0097 2924 ============================================================
11:22:00.0137 1724 Detected object count: 1
11:22:00.0137 1724 Actual detected object count: 1
11:24:02.0412 1724 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:24:02.0412 1724 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:24:06.0298 3804 Deinitialize success

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 09 February 2012 - 11:34 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 zerpft

zerpft
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 09 February 2012 - 05:34 PM

Ran, updated, and scanned successfully.

----- aswMBR log below -----
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-09 16:26:09
-----------------------------
16:26:09.580 OS Version: Windows 5.1.2600 Service Pack 3
16:26:09.580 Number of processors: 1 586 0x905
16:26:09.580 ComputerName: MACK-W05 UserName: perryd
16:26:11.553 Initialize success
16:28:29.160 AVAST engine defs: 12020903
16:30:47.770 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:30:47.770 Disk 0 Vendor: FUJITSU_MHV2060AH 000000A0 Size: 57231MB BusType: 3
16:30:47.840 Disk 0 MBR read successfully
16:30:47.840 Disk 0 MBR scan
16:30:47.870 Disk 0 Windows XP default MBR code
16:30:47.870 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
16:30:47.880 Disk 0 scanning sectors +117210240
16:30:47.940 Disk 0 scanning C:\WINDOWS\system32\drivers
16:31:04.304 Service scanning
16:31:05.896 Modules scanning
16:31:14.218 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
16:31:15.770 Disk 0 trace - called modules:
16:31:15.800 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:31:16.131 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a152ab8]
16:31:16.131 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a18d030]
16:31:16.691 AVAST engine scan C:\WINDOWS
16:31:33.165 AVAST engine scan C:\WINDOWS\system32
16:35:31.458 AVAST engine scan C:\WINDOWS\system32\drivers
16:35:53.920 AVAST engine scan C:\Documents and Settings\perryd.MACK-W05
16:40:36.016 AVAST engine scan C:\Documents and Settings\All Users
16:43:09.466 Scan finished successfully
16:59:44.557 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\perryd.MACK-W05\Desktop\MBR.dat"
16:59:44.557 The log file has been saved successfully to "C:\Documents and Settings\perryd.MACK-W05\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 09 February 2012 - 09:20 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 zerpft

zerpft
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 10 February 2012 - 12:14 PM

Here is the log you've requested

-------- Log file below -------

ABBYY FineReader 6.0 Sprint
ACDSee for PENTAX 3.0
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.3
Adobe Reader 9.2
AiO_Scan_CDA
Allway Sync version 11.6.1
ALPS Touch Pad Driver
America Online (Choose which version to remove)
Anim-FX
BCM V.92 56K Modem
Bejeweled 2 Deluxe
BlackBerry Device Software Updater
Boulevard 2009
Broadcom 440x 10/100 Integrated Controller
Broderbund Media Manager
C-Major Audio
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CVS Photo Editor Plus
Dell Digital Jukebox Driver
Dell ResourceCD
DivX Setup
DOM
Easy Thumbnails (Remove only)
EnterpriseNPI
ESET Online Scanner v3
FreshDiagnose
GIMP 2.6.7
GnuWin32: Wget-1.11.4-1
GoToAssist 8.0.0.480
GPL Ghostscript 8.64
HijackThis 1.98.2
Holidays Toolbar
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart and Officejet 7.0.A Corporate Edition
IDrive version 2.0.8 December 04 2007
Intel® PROSet
Learn2 Player (Uninstall Only)
Lexmark Printable Web
Lexmark Pro200-S500 Series
Lexmark Toolbar
Lexmark Tools for Office
Malwarebytes Anti-Malware version 1.60.1.1000
Mary Kay® Career Cars Screen Saver
Merge Version 2.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft Office XP Media Content
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft Windows NT Resource Kit 4.0 Support Tools
Microsoft Works
Mozilla Firefox 8.0.1 (x86 en-US)
Mozilla Thunderbird 10.0 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
PC Connectivity Solution
PDF Image Extraction Wizard 3.5
PowerDVD 5.3
Python 2.6.6
QFolder
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SamsungConnectivityCableDriver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Sonic Update Manager
Special Internet Offers
Spybot - Search & Destroy
The Print Shop
The Print Shop 20
Try Corel Snapfire muvee autoProducer add on
UltraVNC 1.0.6.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
WebDrive
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winmail Opener 1.4
WinRAR archiver
WinSCP 4.3.2
XQDC X-Setup Pro 9.2.100

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 PM

Posted 10 February 2012 - 03:02 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1.3
Adobe Reader 9.2
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users