Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent/Gen-FakeAlert[Local] and Possible Rootkit Infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 drews247

drews247

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 03 February 2012 - 08:21 PM

Hi,

Last night I was surfing the internet and all of the sudden one of those fake anti-virus softwares popped up. I immediately closed out of it, closed what I was doing and booted into safe mode. In safe mode I ran scans using Norton Endpoint, SuperAntiSpyware, Spybot Search & Destroy, and Malwarebytes. SuperAntispyware was the only thing that said my machine was not clean. It detected Trojan.Agent/Gen-FakeAlert[Local]. I have attached the SAS scan log below. SAS was able to remove the Trojan. Subsequent scans with those products were all clean. I am concerned that my computer is not completely safe and secure. DDS log is below and all requested logs are also attached. Thank you in advance.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Drew at 18:08:53 on 2012-02-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2014.407 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Drew\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [Google Update] "c:\users\drew\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\drew\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TpShocks] TpShocks.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EA82C7FD-A2DC-470F-B7F2-01A67C8B138C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EA82C7FD-A2DC-470F-B7F2-01A67C8B138C}\24C4235483 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{EA82C7FD-A2DC-470F-B7F2-01A67C8B138C}\938423E403 : DhcpNameServer = 192.168.1.1 71.250.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\drew\appdata\roaming\mozilla\firefox\profiles\pi3w0wwa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\drew\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\drew\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\drew\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\drew\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-8-3 25968]
R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-12-24 232472]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-9 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-7-4 13680]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2011-5-26 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2011-5-26 121856]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-9-19 93032]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-8-3 148840]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-2-8 1839776]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-7-4 130920]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-7-4 64952]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-8-3 292200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-3 45496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-24 83304]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-17 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1343400]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-24 1153368]
S4 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
.
=============== Created Last 30 ================
.
2012-02-01 00:56:00 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d4596603-e031-42dd-bfbf-77f63392247b}\offreg.dll
2012-01-31 23:11:36 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d4596603-e031-42dd-bfbf-77f63392247b}\mpengine.dll
2012-01-31 23:05:04 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 23:05:04 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 23:05:04 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 23:05:04 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 23:05:03 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 23:05:03 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 23:05:02 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-31 23:05:02 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 23:05:00 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 23:04:53 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-21 23:38:00 -------- d-----w- c:\program files\iPod
2012-01-21 23:37:59 -------- d-----w- c:\program files\iTunes
2012-01-13 03:47:18 -------- d-----w- c:\program files\Bonjour
2012-01-10 22:54:13 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 22:54:12 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-10 22:54:04 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 22:54:01 514560 ----a-w- c:\windows\system32\qdvd.dll
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 15:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 15:15:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE1"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaNvStor.sys halmacpi.dll intelppm.sys SYMTDI.SYS ACPI.sys iaStor.sys
c:\windows\system32\drivers\iaNvStor.sys Intel Corporation Intel® Turbo Memory Driver
c:\windows\system32\drivers\SYMTDI.SYS Symantec Corporation Symantec Security Drivers
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82E4452A] -> \Device\Harddisk0\DR0[0x879804C8]
3 CLASSPNP[0x893B359E] -> ntkrnlpa!IofCallDriver[0x82E4452A] -> \Device\RobsonImd-0[0x85B93028]
5 CLASSPNP[0x893B359E] -> ntkrnlpa!IofCallDriver[0x82E4452A] -> [0x85B90020]
7 ACPI[0x88C363D4] -> ntkrnlpa!IofCallDriver[0x82E4452A] -> \Device\Ide\IAAStorageDevice-0[0x8576F028]
kernel: MBR read successfully
_asm { ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; }
user != kernel MBR !!!
.
============= FINISH: 18:10:46.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 05 February 2012 - 11:49 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 drews247

drews247
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 05 February 2012 - 01:11 PM

Hi RPM,

Here are my logs. TDS Killer did not find anything. It did not give me the option to skip or cure. It just went back to the home screen. Did I mess something up? Thanks so much for your help.

13:05:31.0501 3848 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:05:31.0798 3848 ============================================================
13:05:31.0798 3848 Current date / time: 2012/02/05 13:05:31.0798
13:05:31.0798 3848 SystemInfo:
13:05:31.0798 3848
13:05:31.0798 3848 OS Version: 6.1.7601 ServicePack: 1.0
13:05:31.0798 3848 Product type: Workstation
13:05:31.0798 3848 ComputerName: DREW-PC
13:05:31.0798 3848 UserName: Drew
13:05:31.0798 3848 Windows directory: C:\Windows
13:05:31.0798 3848 System windows directory: C:\Windows
13:05:31.0798 3848 Processor architecture: Intel x86
13:05:31.0798 3848 Number of processors: 2
13:05:31.0798 3848 Page size: 0x1000
13:05:31.0798 3848 Boot type: Normal boot
13:05:31.0798 3848 ============================================================
13:05:32.0203 3848 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:05:32.0219 3848 Drive \Device\Harddisk3\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:05:32.0219 3848 \Device\Harddisk1\DR1:
13:05:32.0219 3848 MBR used
13:05:32.0219 3848 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:05:32.0219 3848 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
13:05:32.0219 3848 \Device\Harddisk3\DR3:
13:05:32.0219 3848 MBR used
13:05:32.0219 3848 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
13:05:32.0234 3848 Initialize success
13:05:32.0234 3848 ============================================================
13:06:10.0612 6016 ============================================================
13:06:10.0612 6016 Scan started
13:06:10.0612 6016 Mode: Manual;
13:06:10.0612 6016 ============================================================
13:06:11.0095 6016 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:06:11.0111 6016 1394ohci - ok
13:06:11.0142 6016 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:06:11.0158 6016 ACPI - ok
13:06:11.0205 6016 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:06:11.0205 6016 AcpiPmi - ok
13:06:11.0236 6016 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
13:06:11.0251 6016 ADIHdAudAddService - ok
13:06:11.0314 6016 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:06:11.0314 6016 adp94xx - ok
13:06:11.0361 6016 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:06:11.0361 6016 adpahci - ok
13:06:11.0407 6016 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:06:11.0407 6016 adpu320 - ok
13:06:11.0454 6016 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:06:11.0470 6016 AFD - ok
13:06:11.0532 6016 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:06:11.0532 6016 agp440 - ok
13:06:11.0563 6016 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:06:11.0563 6016 aic78xx - ok
13:06:11.0610 6016 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:06:11.0610 6016 aliide - ok
13:06:11.0641 6016 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:06:11.0641 6016 amdagp - ok
13:06:11.0673 6016 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:06:11.0673 6016 amdide - ok
13:06:11.0704 6016 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:06:11.0704 6016 AmdK8 - ok
13:06:11.0735 6016 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:06:11.0735 6016 AmdPPM - ok
13:06:11.0766 6016 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:06:11.0782 6016 amdsata - ok
13:06:11.0813 6016 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:06:11.0813 6016 amdsbs - ok
13:06:11.0844 6016 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:06:11.0844 6016 amdxata - ok
13:06:11.0907 6016 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:06:11.0907 6016 AppID - ok
13:06:11.0953 6016 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:06:11.0969 6016 arc - ok
13:06:12.0016 6016 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:06:12.0016 6016 arcsas - ok
13:06:12.0047 6016 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:06:12.0047 6016 AsyncMac - ok
13:06:12.0078 6016 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:06:12.0078 6016 atapi - ok
13:06:12.0125 6016 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:06:12.0141 6016 b06bdrv - ok
13:06:12.0187 6016 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:06:12.0187 6016 b57nd60x - ok
13:06:12.0219 6016 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:06:12.0219 6016 Beep - ok
13:06:12.0250 6016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:06:12.0265 6016 blbdrive - ok
13:06:12.0297 6016 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:06:12.0297 6016 bowser - ok
13:06:12.0328 6016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:06:12.0328 6016 BrFiltLo - ok
13:06:12.0359 6016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:06:12.0359 6016 BrFiltUp - ok
13:06:12.0406 6016 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:06:12.0406 6016 BridgeMP - ok
13:06:12.0453 6016 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:06:12.0453 6016 Brserid - ok
13:06:12.0499 6016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:06:12.0499 6016 BrSerWdm - ok
13:06:12.0531 6016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:06:12.0531 6016 BrUsbMdm - ok
13:06:12.0562 6016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:06:12.0562 6016 BrUsbSer - ok
13:06:12.0624 6016 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:06:12.0624 6016 BthEnum - ok
13:06:12.0655 6016 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:06:12.0655 6016 BTHMODEM - ok
13:06:12.0702 6016 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:06:12.0702 6016 BthPan - ok
13:06:12.0765 6016 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:06:12.0780 6016 BTHPORT - ok
13:06:12.0827 6016 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:06:12.0827 6016 BTHUSB - ok
13:06:12.0843 6016 catchme - ok
13:06:12.0889 6016 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:06:12.0889 6016 cdfs - ok
13:06:12.0936 6016 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:06:12.0936 6016 cdrom - ok
13:06:12.0967 6016 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:06:12.0967 6016 circlass - ok
13:06:12.0999 6016 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:06:13.0014 6016 CLFS - ok
13:06:13.0045 6016 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:06:13.0045 6016 CmBatt - ok
13:06:13.0108 6016 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:06:13.0108 6016 cmdide - ok
13:06:13.0139 6016 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:06:13.0155 6016 CNG - ok
13:06:13.0186 6016 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:06:13.0186 6016 Compbatt - ok
13:06:13.0217 6016 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:06:13.0217 6016 CompositeBus - ok
13:06:13.0248 6016 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:06:13.0248 6016 crcdisk - ok
13:06:13.0295 6016 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:06:13.0311 6016 CSC - ok
13:06:13.0357 6016 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
13:06:13.0357 6016 CVirtA - ok
13:06:13.0389 6016 CVPNDRVA (34c345aaf390c12ae6e51b75198e8564) C:\Windows\system32\Drivers\CVPNDRVA.sys
13:06:13.0404 6016 CVPNDRVA - ok
13:06:13.0435 6016 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
13:06:13.0435 6016 dc3d - ok
13:06:13.0467 6016 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:06:13.0467 6016 DfsC - ok
13:06:13.0498 6016 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:06:13.0498 6016 discache - ok
13:06:13.0529 6016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:06:13.0545 6016 Disk - ok
13:06:13.0560 6016 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
13:06:13.0576 6016 DNE - ok
13:06:13.0607 6016 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
13:06:13.0607 6016 DozeHDD - ok
13:06:13.0654 6016 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:06:13.0654 6016 drmkaud - ok
13:06:13.0701 6016 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:06:13.0732 6016 DXGKrnl - ok
13:06:13.0763 6016 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
13:06:13.0763 6016 e1express - ok
13:06:13.0919 6016 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:06:13.0950 6016 ebdrv - ok
13:06:13.0966 6016 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:06:13.0981 6016 eeCtrl - ok
13:06:14.0044 6016 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:06:14.0059 6016 elxstor - ok
13:06:14.0091 6016 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:06:14.0091 6016 EraserUtilRebootDrv - ok
13:06:14.0137 6016 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:06:14.0137 6016 ErrDev - ok
13:06:14.0184 6016 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:06:14.0200 6016 exfat - ok
13:06:14.0231 6016 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:06:14.0231 6016 fastfat - ok
13:06:14.0278 6016 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:06:14.0278 6016 fdc - ok
13:06:14.0309 6016 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:06:14.0309 6016 FileInfo - ok
13:06:14.0340 6016 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:06:14.0340 6016 Filetrace - ok
13:06:14.0387 6016 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:06:14.0387 6016 flpydisk - ok
13:06:14.0418 6016 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:06:14.0418 6016 FltMgr - ok
13:06:14.0449 6016 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:06:14.0449 6016 FsDepends - ok
13:06:14.0481 6016 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:06:14.0481 6016 Fs_Rec - ok
13:06:14.0512 6016 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:06:14.0527 6016 fvevol - ok
13:06:14.0559 6016 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:06:14.0559 6016 gagp30kx - ok
13:06:14.0590 6016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:06:14.0590 6016 GEARAspiWDM - ok
13:06:14.0621 6016 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:06:14.0621 6016 hcw85cir - ok
13:06:14.0668 6016 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:06:14.0668 6016 HdAudAddService - ok
13:06:14.0699 6016 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:06:14.0699 6016 HDAudBus - ok
13:06:14.0746 6016 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:06:14.0746 6016 HidBatt - ok
13:06:14.0777 6016 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:06:14.0777 6016 HidBth - ok
13:06:14.0824 6016 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:06:14.0824 6016 HidIr - ok
13:06:14.0871 6016 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:06:14.0871 6016 HidUsb - ok
13:06:14.0917 6016 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:06:14.0917 6016 HpSAMD - ok
13:06:14.0980 6016 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:06:15.0011 6016 HSF_DPV - ok
13:06:15.0042 6016 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:06:15.0042 6016 HSXHWAZL - ok
13:06:15.0089 6016 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:06:15.0105 6016 HTTP - ok
13:06:15.0136 6016 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:06:15.0136 6016 hwpolicy - ok
13:06:15.0167 6016 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:06:15.0167 6016 i8042prt - ok
13:06:15.0214 6016 iaNvStor (d0310c79c5a9d42b96e37c5c510c6a5c) C:\Windows\system32\DRIVERS\iaNvStor.sys
13:06:15.0214 6016 iaNvStor - ok
13:06:15.0245 6016 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
13:06:15.0261 6016 iaStor - ok
13:06:15.0323 6016 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:06:15.0323 6016 iaStorV - ok
13:06:15.0354 6016 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:06:15.0354 6016 IBMPMDRV - ok
13:06:15.0385 6016 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:06:15.0385 6016 iirsp - ok
13:06:15.0417 6016 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:06:15.0417 6016 intelide - ok
13:06:15.0448 6016 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:06:15.0448 6016 intelppm - ok
13:06:15.0479 6016 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:06:15.0479 6016 IpFilterDriver - ok
13:06:15.0526 6016 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:06:15.0526 6016 IPMIDRV - ok
13:06:15.0557 6016 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:06:15.0573 6016 IPNAT - ok
13:06:15.0604 6016 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:06:15.0604 6016 IRENUM - ok
13:06:15.0635 6016 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:06:15.0635 6016 isapnp - ok
13:06:15.0682 6016 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:06:15.0682 6016 iScsiPrt - ok
13:06:15.0713 6016 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:06:15.0713 6016 kbdclass - ok
13:06:15.0744 6016 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:06:15.0744 6016 kbdhid - ok
13:06:15.0775 6016 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:06:15.0775 6016 KSecDD - ok
13:06:15.0807 6016 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:06:15.0807 6016 KSecPkg - ok
13:06:15.0838 6016 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
13:06:15.0853 6016 Lbd - ok
13:06:15.0885 6016 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
13:06:15.0885 6016 lenovo.smi - ok
13:06:15.0916 6016 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:06:15.0916 6016 LHidFilt - ok
13:06:15.0947 6016 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:06:15.0947 6016 lltdio - ok
13:06:15.0978 6016 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:06:15.0978 6016 LMouFilt - ok
13:06:16.0025 6016 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:06:16.0025 6016 LSI_FC - ok
13:06:16.0072 6016 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:06:16.0072 6016 LSI_SAS - ok
13:06:16.0103 6016 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:06:16.0119 6016 LSI_SAS2 - ok
13:06:16.0150 6016 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:06:16.0150 6016 LSI_SCSI - ok
13:06:16.0181 6016 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:06:16.0181 6016 luafv - ok
13:06:16.0228 6016 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
13:06:16.0228 6016 LVPr2Mon - ok
13:06:16.0306 6016 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
13:06:16.0306 6016 LVRS - ok
13:06:16.0477 6016 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
13:06:16.0524 6016 LVUVC - ok
13:06:16.0555 6016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:06:16.0555 6016 mdmxsdk - ok
13:06:16.0587 6016 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:06:16.0587 6016 megasas - ok
13:06:16.0633 6016 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:06:16.0633 6016 MegaSR - ok
13:06:16.0665 6016 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:06:16.0665 6016 Modem - ok
13:06:16.0711 6016 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:06:16.0711 6016 monitor - ok
13:06:16.0727 6016 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:06:16.0743 6016 mouclass - ok
13:06:16.0774 6016 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:06:16.0774 6016 mouhid - ok
13:06:16.0789 6016 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:06:16.0805 6016 mountmgr - ok
13:06:16.0836 6016 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:06:16.0836 6016 mpio - ok
13:06:16.0867 6016 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:06:16.0867 6016 mpsdrv - ok
13:06:16.0914 6016 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:06:16.0914 6016 MRxDAV - ok
13:06:16.0945 6016 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:06:16.0961 6016 mrxsmb - ok
13:06:16.0992 6016 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:06:16.0992 6016 mrxsmb10 - ok
13:06:17.0023 6016 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:06:17.0023 6016 mrxsmb20 - ok
13:06:17.0055 6016 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:06:17.0055 6016 msahci - ok
13:06:17.0148 6016 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:06:17.0148 6016 msdsm - ok
13:06:17.0179 6016 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:06:17.0179 6016 Msfs - ok
13:06:17.0211 6016 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:06:17.0211 6016 mshidkmdf - ok
13:06:17.0242 6016 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:06:17.0242 6016 msisadrv - ok
13:06:17.0289 6016 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:06:17.0289 6016 MSKSSRV - ok
13:06:17.0320 6016 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:06:17.0320 6016 MSPCLOCK - ok
13:06:17.0367 6016 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:06:17.0367 6016 MSPQM - ok
13:06:17.0398 6016 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:06:17.0398 6016 MsRPC - ok
13:06:17.0429 6016 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:06:17.0429 6016 mssmbios - ok
13:06:17.0460 6016 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:06:17.0460 6016 MSTEE - ok
13:06:17.0491 6016 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:06:17.0491 6016 MTConfig - ok
13:06:17.0523 6016 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:06:17.0523 6016 Mup - ok
13:06:17.0569 6016 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:06:17.0569 6016 NativeWifiP - ok
13:06:17.0632 6016 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120204.023\NAVENG.SYS
13:06:17.0632 6016 NAVENG - ok
13:06:17.0679 6016 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120204.023\NAVEX15.SYS
13:06:17.0694 6016 NAVEX15 - ok
13:06:17.0741 6016 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:06:17.0741 6016 NDIS - ok
13:06:17.0803 6016 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:06:17.0803 6016 NdisCap - ok
13:06:17.0835 6016 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:06:17.0835 6016 NdisTapi - ok
13:06:17.0850 6016 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:06:17.0866 6016 Ndisuio - ok
13:06:17.0881 6016 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:06:17.0897 6016 NdisWan - ok
13:06:17.0913 6016 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:06:17.0928 6016 NDProxy - ok
13:06:17.0944 6016 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:06:17.0959 6016 NetBIOS - ok
13:06:17.0991 6016 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:06:17.0991 6016 NetBT - ok
13:06:18.0147 6016 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:06:18.0193 6016 netw5v32 - ok
13:06:18.0443 6016 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
13:06:18.0661 6016 NETwLv32 - ok
13:06:18.0708 6016 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:06:18.0708 6016 nfrd960 - ok
13:06:18.0739 6016 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:06:18.0739 6016 Npfs - ok
13:06:18.0755 6016 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:06:18.0771 6016 nsiproxy - ok
13:06:18.0833 6016 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:06:18.0833 6016 Ntfs - ok
13:06:18.0864 6016 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:06:18.0864 6016 Null - ok
13:06:19.0223 6016 nvlddmkm (4a6688bf47940cdc1475772b235c6323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:06:19.0551 6016 nvlddmkm - ok
13:06:19.0597 6016 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:06:19.0597 6016 nvraid - ok
13:06:19.0660 6016 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:06:19.0660 6016 nvstor - ok
13:06:19.0722 6016 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:06:19.0722 6016 nv_agp - ok
13:06:19.0769 6016 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:06:19.0769 6016 ohci1394 - ok
13:06:19.0800 6016 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:06:19.0800 6016 Parport - ok
13:06:19.0831 6016 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:06:19.0831 6016 partmgr - ok
13:06:19.0863 6016 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:06:19.0863 6016 Parvdm - ok
13:06:19.0894 6016 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:06:19.0909 6016 pci - ok
13:06:19.0941 6016 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:06:19.0956 6016 pciide - ok
13:06:19.0987 6016 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:06:19.0987 6016 pcmcia - ok
13:06:20.0019 6016 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:06:20.0019 6016 pcw - ok
13:06:20.0065 6016 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:06:20.0081 6016 PEAUTH - ok
13:06:20.0143 6016 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
13:06:20.0143 6016 Point32 - ok
13:06:20.0190 6016 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:06:20.0190 6016 PptpMiniport - ok
13:06:20.0221 6016 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:06:20.0221 6016 Processor - ok
13:06:20.0253 6016 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
13:06:20.0253 6016 psadd - ok
13:06:20.0299 6016 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:06:20.0299 6016 Psched - ok
13:06:20.0377 6016 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:06:20.0393 6016 ql2300 - ok
13:06:20.0424 6016 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:06:20.0424 6016 ql40xx - ok
13:06:20.0471 6016 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:06:20.0471 6016 QWAVEdrv - ok
13:06:20.0502 6016 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:06:20.0502 6016 RasAcd - ok
13:06:20.0533 6016 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:06:20.0533 6016 RasAgileVpn - ok
13:06:20.0565 6016 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:06:20.0565 6016 Rasl2tp - ok
13:06:20.0596 6016 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:06:20.0596 6016 RasPppoe - ok
13:06:20.0627 6016 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:06:20.0627 6016 RasSstp - ok
13:06:20.0674 6016 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:06:20.0674 6016 rdbss - ok
13:06:20.0689 6016 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:06:20.0705 6016 rdpbus - ok
13:06:20.0721 6016 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:06:20.0721 6016 RDPCDD - ok
13:06:20.0767 6016 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:06:20.0783 6016 RDPDR - ok
13:06:20.0799 6016 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:06:20.0799 6016 RDPENCDD - ok
13:06:20.0830 6016 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:06:20.0830 6016 RDPREFMP - ok
13:06:20.0892 6016 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:06:20.0892 6016 RDPWD - ok
13:06:20.0923 6016 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:06:20.0923 6016 rdyboost - ok
13:06:20.0986 6016 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:06:20.0986 6016 RFCOMM - ok
13:06:21.0017 6016 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:06:21.0017 6016 rimmptsk - ok
13:06:21.0033 6016 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:06:21.0048 6016 rimsptsk - ok
13:06:21.0079 6016 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
13:06:21.0079 6016 RimUsb - ok
13:06:21.0111 6016 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
13:06:21.0111 6016 RimVSerPort - ok
13:06:21.0142 6016 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:06:21.0142 6016 rismxdp - ok
13:06:21.0157 6016 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
13:06:21.0173 6016 ROOTMODEM - ok
13:06:21.0204 6016 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:06:21.0204 6016 rspndr - ok
13:06:21.0251 6016 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:06:21.0251 6016 s3cap - ok
13:06:21.0251 6016 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:06:21.0251 6016 SASDIFSV - ok
13:06:21.0267 6016 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:06:21.0267 6016 SASKUTIL - ok
13:06:21.0298 6016 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:06:21.0298 6016 sbp2port - ok
13:06:21.0345 6016 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:06:21.0345 6016 scfilter - ok
13:06:21.0376 6016 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
13:06:21.0376 6016 sdbus - ok
13:06:21.0407 6016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:06:21.0407 6016 secdrv - ok
13:06:21.0438 6016 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:06:21.0454 6016 Serenum - ok
13:06:21.0469 6016 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:06:21.0485 6016 Serial - ok
13:06:21.0532 6016 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:06:21.0532 6016 sermouse - ok
13:06:21.0579 6016 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:06:21.0579 6016 sffdisk - ok
13:06:21.0610 6016 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:06:21.0610 6016 sffp_mmc - ok
13:06:21.0641 6016 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:06:21.0641 6016 sffp_sd - ok
13:06:21.0688 6016 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:06:21.0688 6016 sfloppy - ok
13:06:21.0719 6016 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys
13:06:21.0719 6016 Shockprf - ok
13:06:21.0781 6016 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:06:21.0781 6016 sisagp - ok
13:06:21.0813 6016 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:06:21.0813 6016 SiSRaid2 - ok
13:06:21.0859 6016 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:06:21.0859 6016 SiSRaid4 - ok
13:06:21.0906 6016 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:06:21.0906 6016 Smb - ok
13:06:21.0953 6016 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:06:21.0969 6016 SPBBCDrv - ok
13:06:21.0984 6016 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:06:21.0984 6016 spldr - ok
13:06:22.0031 6016 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\Windows\system32\Drivers\SRTSP.SYS
13:06:22.0031 6016 SRTSP - ok
13:06:22.0078 6016 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\Windows\system32\Drivers\SRTSPL.SYS
13:06:22.0078 6016 SRTSPL - ok
13:06:22.0109 6016 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\Windows\system32\Drivers\SRTSPX.SYS
13:06:22.0109 6016 SRTSPX - ok
13:06:22.0156 6016 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:06:22.0156 6016 srv - ok
13:06:22.0203 6016 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:06:22.0218 6016 srv2 - ok
13:06:22.0265 6016 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:06:22.0265 6016 SrvHsfHDA - ok
13:06:22.0327 6016 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:06:22.0343 6016 SrvHsfV92 - ok
13:06:22.0405 6016 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:06:22.0405 6016 SrvHsfWinac - ok
13:06:22.0437 6016 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:06:22.0437 6016 srvnet - ok
13:06:22.0483 6016 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:06:22.0499 6016 stexstor - ok
13:06:22.0546 6016 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:06:22.0546 6016 StillCam - ok
13:06:22.0577 6016 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:06:22.0593 6016 storflt - ok
13:06:22.0655 6016 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:06:22.0655 6016 storvsc - ok
13:06:22.0686 6016 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:06:22.0686 6016 swenum - ok
13:06:22.0717 6016 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\Windows\system32\Drivers\SYMEVENT.SYS
13:06:22.0717 6016 SymEvent - ok
13:06:22.0749 6016 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
13:06:22.0749 6016 SYMREDRV - ok
13:06:22.0780 6016 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
13:06:22.0780 6016 SYMTDI - ok
13:06:22.0827 6016 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
13:06:22.0827 6016 SynTP - ok
13:06:22.0873 6016 SysPlant (666992d996c524812e713effd836d043) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
13:06:22.0873 6016 SysPlant - ok
13:06:22.0951 6016 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:06:22.0983 6016 Tcpip - ok
13:06:23.0061 6016 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:06:23.0076 6016 TCPIP6 - ok
13:06:23.0107 6016 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:06:23.0107 6016 tcpipreg - ok
13:06:23.0154 6016 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:06:23.0170 6016 TDPIPE - ok
13:06:23.0201 6016 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:06:23.0201 6016 TDTCP - ok
13:06:23.0232 6016 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:06:23.0232 6016 tdx - ok
13:06:23.0263 6016 Teefer2 (f63439ac8fa992bfa0c757eb644a1a0c) C:\Windows\system32\DRIVERS\teefer2.sys
13:06:23.0263 6016 Teefer2 - ok
13:06:23.0295 6016 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:06:23.0295 6016 TermDD - ok
13:06:23.0326 6016 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys
13:06:23.0326 6016 TPDIGIMN - ok
13:06:23.0357 6016 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:06:23.0373 6016 TPM - ok
13:06:23.0388 6016 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
13:06:23.0388 6016 TPPWRIF - ok
13:06:23.0435 6016 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:06:23.0451 6016 tssecsrv - ok
13:06:23.0466 6016 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:06:23.0466 6016 TsUsbFlt - ok
13:06:23.0497 6016 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:06:23.0497 6016 tunnel - ok
13:06:23.0544 6016 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:06:23.0544 6016 uagp35 - ok
13:06:23.0591 6016 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:06:23.0591 6016 udfs - ok
13:06:23.0653 6016 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:06:23.0653 6016 uliagpkx - ok
13:06:23.0685 6016 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:06:23.0685 6016 umbus - ok
13:06:23.0716 6016 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:06:23.0716 6016 UmPass - ok
13:06:23.0778 6016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:06:23.0778 6016 USBAAPL - ok
13:06:23.0809 6016 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:06:23.0809 6016 usbaudio - ok
13:06:23.0841 6016 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:06:23.0841 6016 usbccgp - ok
13:06:23.0903 6016 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:06:23.0903 6016 usbcir - ok
13:06:23.0934 6016 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
13:06:23.0934 6016 usbehci - ok
13:06:23.0965 6016 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:06:23.0981 6016 usbhub - ok
13:06:24.0043 6016 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:06:24.0043 6016 usbohci - ok
13:06:24.0059 6016 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:06:24.0075 6016 usbprint - ok
13:06:24.0090 6016 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:06:24.0090 6016 usbscan - ok
13:06:24.0121 6016 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:06:24.0137 6016 USBSTOR - ok
13:06:24.0153 6016 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:06:24.0153 6016 usbuhci - ok
13:06:24.0231 6016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:06:24.0246 6016 vdrvroot - ok
13:06:24.0277 6016 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:06:24.0277 6016 vga - ok
13:06:24.0309 6016 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:06:24.0309 6016 VgaSave - ok
13:06:24.0340 6016 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:06:24.0355 6016 vhdmp - ok
13:06:24.0387 6016 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:06:24.0387 6016 viaagp - ok
13:06:24.0433 6016 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:06:24.0433 6016 ViaC7 - ok
13:06:24.0465 6016 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:06:24.0465 6016 viaide - ok
13:06:24.0496 6016 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:06:24.0496 6016 vmbus - ok
13:06:24.0543 6016 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:06:24.0543 6016 VMBusHID - ok
13:06:24.0558 6016 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:06:24.0574 6016 volmgr - ok
13:06:24.0605 6016 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:06:24.0605 6016 volmgrx - ok
13:06:24.0652 6016 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:06:24.0652 6016 volsnap - ok
13:06:24.0730 6016 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:06:24.0730 6016 vsmraid - ok
13:06:24.0777 6016 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:06:24.0777 6016 vwifibus - ok
13:06:24.0808 6016 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:06:24.0808 6016 WacomPen - ok
13:06:24.0855 6016 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:06:24.0855 6016 WANARP - ok
13:06:24.0855 6016 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:06:24.0855 6016 Wanarpv6 - ok
13:06:24.0901 6016 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:06:24.0901 6016 Wd - ok
13:06:24.0948 6016 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:06:24.0964 6016 Wdf01000 - ok
13:06:24.0995 6016 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:06:24.0995 6016 WfpLwf - ok
13:06:25.0026 6016 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:06:25.0042 6016 WIMMount - ok
13:06:25.0089 6016 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:06:25.0104 6016 winachsf - ok
13:06:25.0151 6016 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:06:25.0151 6016 WinUsb - ok
13:06:25.0182 6016 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:06:25.0198 6016 WmiAcpi - ok
13:06:25.0229 6016 WPS (9748e527f0d71bc86a1fe45f294e368b) C:\Windows\system32\drivers\wpsdrvnt.sys
13:06:25.0229 6016 WPS - ok
13:06:25.0260 6016 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
13:06:25.0276 6016 WpsHelper - ok
13:06:25.0307 6016 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:06:25.0307 6016 ws2ifsl - ok
13:06:25.0338 6016 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:06:25.0338 6016 WudfPf - ok
13:06:25.0369 6016 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:06:25.0385 6016 WUDFRd - ok
13:06:25.0416 6016 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
13:06:25.0416 6016 XAudio - ok
13:06:25.0432 6016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:06:25.0463 6016 \Device\Harddisk1\DR1 - ok
13:06:25.0463 6016 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk3\DR3
13:06:25.0463 6016 \Device\Harddisk3\DR3 - ok
13:06:25.0479 6016 Boot (0x1200) (f8d8d6812e93b8c2ecda04c04c870f14) \Device\Harddisk1\DR1\Partition0
13:06:25.0479 6016 \Device\Harddisk1\DR1\Partition0 - ok
13:06:25.0479 6016 Boot (0x1200) (77d7e04756deedb604f1ebbb2b27e41d) \Device\Harddisk1\DR1\Partition1
13:06:25.0479 6016 \Device\Harddisk1\DR1\Partition1 - ok
13:06:25.0479 6016 Boot (0x1200) (2eccdc5ca8b26d2cd0ebce415403cc52) \Device\Harddisk3\DR3\Partition0
13:06:25.0479 6016 \Device\Harddisk3\DR3\Partition0 - ok
13:06:25.0479 6016 ============================================================
13:06:25.0479 6016 Scan finished
13:06:25.0479 6016 ============================================================
13:06:25.0494 5200 Detected object count: 0
13:06:25.0494 5200 Actual detected object count: 0



COMBOFIX
ComboFix 12-02-05.02 - Drew 02/05/2012 12:27:03.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2014.241 [GMT -5:00]
Running from: c:\users\Drew\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 17:38 . 2012-02-05 17:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-05 17:38 . 2012-02-05 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 17:08 . 2012-02-05 17:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FE19DB3-E209-4DC6-A03D-0DCB5749C048}\offreg.dll
2012-02-03 23:25 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FE19DB3-E209-4DC6-A03D-0DCB5749C048}\mpengine.dll
2012-01-31 23:05 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 23:05 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 23:05 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 23:05 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 23:05 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 23:05 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 23:05 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-31 23:05 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 23:05 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 23:04 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-21 23:38 . 2012-01-21 23:38 -------- d-----w- c:\program files\iPod
2012-01-21 23:37 . 2012-01-21 23:38 -------- d-----w- c:\program files\iTunes
2012-01-13 03:47 . 2012-01-13 03:47 -------- d-----w- c:\program files\Bonjour
2012-01-13 03:18 . 2012-01-13 03:18 -------- d-----w- c:\program files\Apple Software Update
2012-01-10 22:54 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 22:54 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-10 22:54 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 22:54 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 05:21 . 2009-12-23 17:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2010-01-31 01:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 23:17 . 2011-12-08 23:18 485576 ----a-w- c:\users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-11-24 15:15 . 2011-05-19 05:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25 . 2011-12-13 22:47 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 23:53 . 2011-11-11 02:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\users\Drew\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-01-11 13224448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-06-02 1258856]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-02-08 115560]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-23 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-03 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-01 01:27 136176 ----atw- c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2010-07-21 21:52 1797008 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-05 1343400]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-06-02 25968]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-03 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-03 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-20 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-06-02 292200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11316257
*NewlyCreated* - 37572355
*NewlyCreated* - 81916085
*Deregistered* - 11316257
*Deregistered* - 37572355
*Deregistered* - 81916085
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3967998290-1135611248-1365206589-1000Core.job
- c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 01:27]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3967998290-1135611248-1365206589-1000UA.job
- c:\users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 01:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\pi3w0wwa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE1"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4808)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Completion time: 2012-02-05 12:49:52
ComboFix-quarantined-files.txt 2012-02-05 17:49
.
Pre-Run: 47,669,989,376 bytes free
Post-Run: 47,596,437,504 bytes free
.
- - End Of File - - 4D07E0BB226A7BA90117395E8A271DE3

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 05 February 2012 - 01:17 PM

Please do this next:

Posted Image Please download Listparts
  • Run the tool, click Scan and post the log (Result.txt) it makes.
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ListParts log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 drews247

drews247
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 05 February 2012 - 04:12 PM

Here you go. Let me know what's next.


ListParts by Farbar
Ran by Drew on 05-02-2012 at 13:50:06
Windows 7 (X86)
Running From: C:\Users\Drew\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 60%
Total physical RAM: 2014.28 MB
Available physical RAM: 801.97 MB
Total Pagefile: 4028.56 MB
Available Pagefile: 2667.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.32 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:45.19 GB) NTFS
4 Drive f: (My Book 160) (Fixed) (Total:149.05 GB) (Free:86.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 513 MB 0 B
Disk 1 Online 149 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 512 MB 31 KB

Disk: 0
Partition 1
Type : 1B (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 148 GB 101 MB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy Boot

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F My Book 160 NTFS Partition 149 GB Healthy



****** End Of Log ******


MBAM
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Drew :: DREW-PC [administrator]

2/5/2012 1:59:57 PM
mbam-log-2012-02-05 (13-59-57).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328449
Time elapsed: 1 hour(s), 20 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 05 February 2012 - 10:35 PM

How is your computer running now? Please do this next:

Posted Image Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A small window should open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.
Please include the following in your next post:
  • MBRCheck log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 drews247

drews247
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 05 February 2012 - 11:18 PM

My computer seems to be running fine, just a little slow. I am just concerned whether or not it has been compromised.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 6459CTO
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 206):
0x82E48000 \SystemRoot\system32\ntkrnlpa.exe
0x82E11000 \SystemRoot\system32\halmacpi.dll
0x80BB9000 \SystemRoot\system32\kdcom.dll
0x88A18000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x88A9D000 \SystemRoot\system32\PSHED.dll
0x88AAE000 \SystemRoot\system32\BOOTVID.dll
0x88AB6000 \SystemRoot\system32\CLFS.SYS
0x88AF8000 \SystemRoot\system32\CI.dll
0x88C2E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88C9F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88CAD000 \SystemRoot\system32\drivers\ACPI.sys
0x88CF5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x88CFE000 \SystemRoot\system32\drivers\msisadrv.sys
0x88D06000 \SystemRoot\system32\drivers\pci.sys
0x88D30000 \SystemRoot\system32\drivers\vdrvroot.sys
0x88D3B000 \SystemRoot\System32\drivers\partmgr.sys
0x88D4C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88D54000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88D5F000 \SystemRoot\system32\drivers\volmgr.sys
0x88D6F000 \SystemRoot\System32\drivers\volmgrx.sys
0x88DBA000 \SystemRoot\system32\drivers\intelide.sys
0x88DC1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x88DCF000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88C00000 \SystemRoot\System32\drivers\mountmgr.sys
0x88BA3000 \SystemRoot\system32\drivers\vmbus.sys
0x88C16000 \SystemRoot\system32\drivers\winhv.sys
0x88E03000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
0x88E4E000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x88F28000 \SystemRoot\system32\drivers\atapi.sys
0x88F31000 \SystemRoot\system32\drivers\ataport.SYS
0x88F54000 \SystemRoot\system32\drivers\msahci.sys
0x88F5E000 \SystemRoot\system32\drivers\amdxata.sys
0x88F67000 \SystemRoot\system32\drivers\fltmgr.sys
0x88F9B000 \SystemRoot\system32\drivers\fileinfo.sys
0x88FAC000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x89006000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89135000 \SystemRoot\System32\Drivers\msrpc.sys
0x89160000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89173000 \SystemRoot\System32\Drivers\cng.sys
0x891D0000 \SystemRoot\System32\drivers\pcw.sys
0x891DE000 \SystemRoot\System32\DRIVERS\DozeHDD.sys
0x891E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8922F000 \SystemRoot\system32\drivers\ndis.sys
0x892E6000 \SystemRoot\system32\drivers\NETIO.SYS
0x89324000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89413000 \SystemRoot\System32\drivers\tcpip.sys
0x8955D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8958E000 \SystemRoot\system32\drivers\vmstorfl.sys
0x89597000 \SystemRoot\system32\drivers\volsnap.sys
0x895D6000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x895DF000 \SystemRoot\System32\Drivers\spldr.sys
0x89349000 \SystemRoot\System32\drivers\rdyboost.sys
0x89376000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x895E7000 \SystemRoot\System32\Drivers\mup.sys
0x895F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89396000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89400000 \SystemRoot\system32\DRIVERS\disk.sys
0x893C8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8E2EF000 \SystemRoot\system32\drivers\cdrom.sys
0x8E30E000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x8F5AE000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8F5E7000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x8F5F1000 \SystemRoot\System32\Drivers\Null.SYS
0x8F5F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F400000 \SystemRoot\System32\drivers\vga.sys
0x8F40C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E359000 \SystemRoot\System32\drivers\watchdog.sys
0x8E366000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E36E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E376000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8E37E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E389000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E397000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E3AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E3BA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8E3E7000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
0x88FBB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x98631000 \SystemRoot\system32\drivers\afd.sys
0x9868B000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x98694000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9869B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x986BA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x986C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x986DB000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x986E2000 \SystemRoot\system32\drivers\termdd.sys
0x986F3000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9875D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x9877F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x98785000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x987C6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x987D0000 \SystemRoot\system32\drivers\mssmbios.sys
0x987DA000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x99803000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x99861000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9987F000 \SystemRoot\System32\drivers\discache.sys
0x9988B000 \SystemRoot\system32\drivers\csc.sys
0x998EF000 \SystemRoot\System32\Drivers\dfsc.sys
0x99907000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x99915000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x99936000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9A609000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9AF68000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x99948000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9AF6A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9AFA3000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x9AFDB000 \SystemRoot\system32\drivers\usbuhci.sys
0x9A209000 \SystemRoot\system32\drivers\USBPORT.SYS
0x9A254000 \SystemRoot\system32\drivers\usbehci.sys
0x9A263000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9B03F000 \SystemRoot\system32\DRIVERS\NETwLv32.sys
0x9B69E000 \SystemRoot\system32\drivers\1394ohci.sys
0x9B6CB000 \SystemRoot\system32\drivers\sdbus.sys
0x9B6E4000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x9B6F5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x9B709000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x9B75B000 \SystemRoot\system32\drivers\i8042prt.sys
0x9B773000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9B780000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9B7BB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9B7BD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9B7CA000 \SystemRoot\system32\DRIVERS\serial.sys
0x9B7E4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9B000000 \SystemRoot\system32\DRIVERS\parport.sys
0x9B018000 \SystemRoot\system32\drivers\tpm.sys
0x9B024000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9B028000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x9B02F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9B035000 \SystemRoot\system32\drivers\wmiacpi.sys
0x9B7EE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x9A282000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x9A2A1000 \SystemRoot\System32\Drivers\RootMdm.sys
0x9A2A9000 \SystemRoot\system32\drivers\modem.sys
0x9A2B6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9A2C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9A2E0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9A2EB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9A30D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9A325000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9A33C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9A353000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x9A35A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9A364000 \SystemRoot\system32\DRIVERS\psadd.sys
0x9A36A000 \SystemRoot\system32\DRIVERS\teefer2.sys
0x9B7FB000 \SystemRoot\system32\drivers\swenum.sys
0x9A38C000 \SystemRoot\system32\drivers\ks.sys
0x9A3C0000 \SystemRoot\system32\drivers\umbus.sys
0x9A427000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9A46B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9A47C000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x9A4DF000 \SystemRoot\system32\drivers\portcls.sys
0x9A50E000 \SystemRoot\system32\drivers\drmk.sys
0x9A527000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9C637000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9C73A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x9C600000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9C617000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9C622000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9C7EE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9C7F5000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x9A564000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9A56F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x9A577000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9A585000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9A590000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9A5A7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9A5B3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9A5C0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82960000 \SystemRoot\System32\win32k.sys
0x9A5D1000 \SystemRoot\System32\drivers\Dxapi.sys
0x82BC0000 \SystemRoot\System32\TSDDD.dll
0x82800000 \SystemRoot\System32\cdd.dll
0x82820000 \SystemRoot\System32\ATMFD.DLL
0x9A400000 \SystemRoot\system32\drivers\luafv.sys
0x9A5E6000 \SystemRoot\system32\drivers\WudfPf.sys
0x9A3CE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA6039000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA607F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA608F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA60A2000 \SystemRoot\system32\drivers\HTTP.sys
0xA6127000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA6140000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA6152000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6175000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA61B0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA61CB000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA9021000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA90B1000 \??\C:\Windows\system32\drivers\WpsHelper.sys
0xA90D9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA90DD000 \SystemRoot\system32\drivers\peauth.sys
0xA9174000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA917E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA919F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA91AC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE019000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE069000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE0BB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAE0DC000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAE170000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAE179000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xAE196000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8F42D000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120205.009\NAVEX15.SYS
0xAE1A1000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120205.009\NAVENG.SYS
0x77550000 \Windows\System32\ntdll.dll
0x47A80000 \Windows\System32\smss.exe
0x77790000 \Windows\System32\apisetschema.dll

Processes (total 93):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
512 csrss.exe
580 csrss.exe
588 C:\Windows\System32\wininit.exe
636 C:\Windows\System32\winlogon.exe
684 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
700 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\ibmpmsvc.exe
904 C:\Windows\System32\nvvsvc.exe
944 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\nvvsvc.exe
1492 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1536 C:\Windows\System32\svchost.exe
1620 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1628 C:\Windows\System32\wlanext.exe
1640 C:\Windows\System32\conhost.exe
1880 C:\Windows\System32\spoolsv.exe
1920 C:\Windows\System32\svchost.exe
456 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
476 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
672 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
472 C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
2056 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
2084 C:\Windows\System32\AEADISRV.EXE
2112 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2188 C:\Program Files\Bonjour\mDNSResponder.exe
2244 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
2280 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
2348 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2368 C:\Windows\System32\svchost.exe
2396 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2672 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
2864 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2976 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
3072 C:\Windows\System32\drivers\XAudio.exe
3112 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3144 C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
3248 unsecapp.exe
3328 WmiPrvSE.exe
1440 C:\Windows\System32\svchost.exe
2796 WUDFHost.exe
236 C:\Windows\System32\svchost.exe
2068 C:\Program Files\Lenovo\System Update\SUService.exe
3340 C:\Windows\System32\svchost.exe
3496 C:\Program Files\Windows Media Player\wmpnetwk.exe
3656 C:\Windows\System32\SearchIndexer.exe
3976 C:\Windows\System32\taskhost.exe
1240 C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
1408 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
3048 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
2272 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
3852 C:\Windows\System32\dwm.exe
1504 C:\Windows\explorer.exe
3468 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
4220 C:\Windows\System32\rundll32.exe
4232 C:\Program Files\Analog Devices\Core\smax4pnp.exe
4240 C:\Windows\System32\TpShocks.exe
4248 C:\Program Files\Microsoft IntelliType Pro\itype.exe
4256 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
4292 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
4332 C:\Program Files\iTunes\iTunesHelper.exe
4344 C:\Users\Drew\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
4356 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4424 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4972 C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
5128 C:\Program Files\iPod\bin\iPodService.exe
5532 C:\Windows\System32\svchost.exe
3368 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
5848 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
5616 C:\Windows\System32\svchost.exe
5964 C:\Program Files\Mozilla Firefox\firefox.exe
1524 C:\Windows\System32\audiodg.exe
3988 C:\Windows\System32\taskeng.exe
5388 C:\Windows\System32\taskeng.exe
4064 taskeng.exe
7568 C:\Program Files\Internet Explorer\iexplore.exe
7624 C:\Program Files\Internet Explorer\iexplore.exe
7988 taskhost.exe
8036 C:\Windows\System32\wsqmcons.exe
8088 C:\Windows\System32\SearchFilterHost.exe
8156 C:\Program Files\Internet Explorer\iexplore.exe
6196 C:\Windows\System32\SearchProtocolHost.exe
776 C:\Users\Drew\Desktop\MBRCheck.exe
2940 C:\Windows\System32\conhost.exe
3684 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\F: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: HITACHIHTS722016K9SA00, Rev: DCDZC75A
PhysicalDrive3 Model Number: WD1600JB External, Rev: 0107

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
149 GB \\.\PhysicalDrive3 RE: Unknown MBR code
SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 06 February 2012 - 03:10 PM

Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 drews247

drews247
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 06 February 2012 - 07:50 PM

Hi,

The ESET scan did not find anything. Should I have checked off "Scan Arhives?"

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 06 February 2012 - 10:31 PM

No, that wasn't necessary. Your logs are looking good. You were definitely infected with a rouge AV program, but I'm not finding any lingering issues. All I have left for you is some very important cleanup:

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
  • TDSSKiller
  • ListParts
  • MBRCheck
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Edited by RPMcMurphy, 06 February 2012 - 10:32 PM.
Spelling error

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 drews247

drews247
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 06 February 2012 - 11:48 PM

Hi,

I was not able to uninstall combofix. When I got back from the gym I saw a Symantec Endpoint Message saying that combofix.exe was detected as a Trojan.adh.2, and that it was cleaned by deletion. This was just a false positive, right? Also, is there anything else I need to do to uninstall/remove combofix?

Do I need to use defrogger and re-enable disc emulation? I don't think I have any progams that utilize it, but I thought I'd ask anyways.

Thanks so much for your help.

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 07 February 2012 - 10:55 AM

Yes, I'm sure that was a false positive. Download a new copy of ComboFix from one of these links and save it to your desktop - Don't run it though!

Link 1
Link 2

Now download the ComboFix uninstaller from HERE and run that.

Let me know if that goes OK for you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 drews247

drews247
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 07 February 2012 - 05:30 PM

A dialogue box popped up that said "Done," but after I saw that I saw a box from Windows saying that the program (the one for uninstalling combofix) may not have been installed correctly. Is there anyway I can tell if everything (including the uninstall of combofix, was done correctly?

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 07 February 2012 - 10:14 PM

This will take care of anything that was left behind:

Posted Image Please download OTM
  • Save it to your desktop.
  • Double-click OTM.exe to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 drews247

drews247
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 08 February 2012 - 06:48 PM

Last night Endpoint deleted another combofix.exe file. Is there anything else I need to do with that?

During the OTM cleaning it had trouble removing something. I didn't see what because when I clicked on the icon it asked me to reboot, which I did.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users