Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS and Google/Bing redirect search results


  • This topic is locked This topic is locked
11 replies to this topic

#1 dawg3410

dawg3410

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 07 February 2012 - 02:59 PM

I'm just going to throw out as much info as I can think of. I run XP, ran defogger, then dds, but gmer crashes before the scan is complete. It gets to a certain point and crashes. The folder it gets hung up on is:

c:\documents and settings\myname\application data\mozilla\firefox\crash reports\pending (Ironic!)

Mainly this is just affecting searching right now, with a few pop ups, but it's getting worse so I need to get rid of this ASAP!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Dawg at 13:59:28 on 2012-02-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.424 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8112aaf3-53fb-44f9-9880-338f56d2c90c} - fonemike.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\documents and settings\dawg\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program

files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

files\yahoo!\common\yiesrvc.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{DF10F6AD-3196-49E2-B920-E3280C068B73} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli gohifodi.dll yelosuso.dll
Hosts: 94.63.147.14 www.google.com
Hosts: 94.63.147.15 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dawg\application data\mozilla\firefox\profiles\5i6wjk2q.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://dogbytesonline.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\dawg\application

data\mozilla\firefox\profiles\5i6wjk2q.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko

19.dll
FF - component: c:\documents and settings\dawg\application

data\mozilla\firefox\profiles\5i6wjk2q.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\dawg\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dawg\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dawg\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=U4KvsNoo&q=
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-28 64288]
R0 MFX;MFX; [x]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-12-28 28552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-19 266240]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-4-9 10384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-1-12 125672]
S0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [2007-7-19 52108]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
.
=============== Created Last 30 ================
.
2012-01-27 16:59:21 -------- d-----w- c:\documents and settings\dawg\application data\AnvSoft
2012-01-27 16:58:14 -------- d-----w- c:\program files\AnvSoft
2012-01-27 13:55:52 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-01-27 13:55:52 -------- d-----w- c:\program files\CamStudio 2.6b
2012-01-19 16:42:15 -------- d-----w- c:\windows\pss
2012-01-18 22:48:10 -------- d-----w- c:\program files\Magic Folders
2012-01-09 12:30:42 95864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-12 13:38:57 723294 ----a-w- c:\windows\unins001.exe
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 13:25:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 14:06:54.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 PM

Posted 08 February 2012 - 11:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Replace your hosts file first.

Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.
=*=

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.

Please post the logs and let me know what problem persists.

Edited by nasdaq, 08 February 2012 - 11:41 AM.


#3 dawg3410

dawg3410
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 08 February 2012 - 01:24 PM

Thank you nasdaq! The requested logs:

11:44:32.0475 2124 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
11:44:33.0100 2124 ============================================================
11:44:33.0100 2124 Current date / time: 2012/02/08 11:44:33.0100
11:44:33.0100 2124 SystemInfo:
11:44:33.0100 2124
11:44:33.0100 2124 OS Version: 5.1.2600 ServicePack: 3.0
11:44:33.0100 2124 Product type: Workstation
11:44:33.0100 2124 ComputerName: HERSCHEL
11:44:33.0100 2124 UserName: Dawg
11:44:33.0100 2124 Windows directory: C:\WINDOWS
11:44:33.0100 2124 System windows directory: C:\WINDOWS
11:44:33.0100 2124 Processor architecture: Intel x86
11:44:33.0100 2124 Number of processors: 2
11:44:33.0100 2124 Page size: 0x1000
11:44:33.0100 2124 Boot type: Normal boot
11:44:33.0100 2124 ============================================================
11:44:34.0569 2124 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:44:34.0600 2124 \Device\Harddisk0\DR0:
11:44:34.0600 2124 MBR used
11:44:34.0600 2124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1C844A15
11:44:34.0725 2124 Initialize success
11:44:34.0725 2124 ============================================================
11:44:37.0835 0512 ============================================================
11:44:37.0835 0512 Scan started
11:44:37.0835 0512 Mode: Manual;
11:44:37.0835 0512 ============================================================
11:44:45.0507 0512 Abiosdsk - ok
11:44:45.0741 0512 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:44:45.0772 0512 abp480n5 - ok
11:44:45.0975 0512 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:44:45.0991 0512 ACPI - ok
11:44:46.0179 0512 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:44:46.0179 0512 ACPIEC - ok
11:44:46.0366 0512 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:44:46.0413 0512 adpu160m - ok
11:44:46.0632 0512 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:44:46.0710 0512 aec - ok
11:44:46.0897 0512 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:44:46.0976 0512 AFD - ok
11:44:47.0085 0512 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:44:47.0132 0512 agp440 - ok
11:44:47.0241 0512 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:44:47.0241 0512 agpCPQ - ok
11:44:47.0351 0512 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:44:47.0351 0512 Aha154x - ok
11:44:47.0397 0512 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:44:47.0397 0512 aic78u2 - ok
11:44:47.0429 0512 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:44:47.0444 0512 aic78xx - ok
11:44:47.0507 0512 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:44:47.0507 0512 AliIde - ok
11:44:47.0601 0512 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:44:47.0601 0512 alim1541 - ok
11:44:47.0726 0512 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:44:47.0741 0512 amdagp - ok
11:44:47.0897 0512 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:44:47.0897 0512 amsint - ok
11:44:47.0976 0512 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:44:47.0976 0512 asc - ok
11:44:47.0991 0512 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:44:48.0007 0512 asc3350p - ok
11:44:48.0022 0512 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:44:48.0022 0512 asc3550 - ok
11:44:48.0226 0512 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:44:48.0257 0512 AsyncMac - ok
11:44:48.0663 0512 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:44:48.0694 0512 atapi - ok
11:44:48.0944 0512 Atdisk - ok
11:44:49.0147 0512 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:44:49.0163 0512 Atmarpc - ok
11:44:49.0397 0512 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:44:49.0413 0512 audstub - ok
11:44:49.0710 0512 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
11:44:49.0882 0512 AVGIDSDriver - ok
11:44:50.0335 0512 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
11:44:50.0335 0512 AVGIDSEH - ok
11:44:50.0601 0512 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
11:44:50.0632 0512 AVGIDSFilter - ok
11:44:50.0913 0512 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
11:44:50.0944 0512 AVGIDSShim - ok
11:44:51.0569 0512 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:44:51.0569 0512 Avgldx86 - ok
11:44:51.0663 0512 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:44:51.0663 0512 Avgmfx86 - ok
11:44:51.0741 0512 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:44:51.0788 0512 Avgrkx86 - ok
11:44:51.0882 0512 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:44:51.0882 0512 Avgtdix - ok
11:44:51.0929 0512 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:44:51.0944 0512 Beep - ok
11:44:51.0991 0512 bvrp_pci - ok
11:44:52.0179 0512 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:44:52.0179 0512 cbidf - ok
11:44:52.0226 0512 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:44:52.0226 0512 cbidf2k - ok
11:44:52.0226 0512 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:44:52.0241 0512 cd20xrnt - ok
11:44:52.0272 0512 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:44:52.0272 0512 Cdaudio - ok
11:44:52.0335 0512 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:44:52.0351 0512 Cdfs - ok
11:44:52.0413 0512 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:44:52.0413 0512 Cdrom - ok
11:44:52.0522 0512 Changer - ok
11:44:52.0585 0512 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:44:52.0585 0512 CmdIde - ok
11:44:52.0694 0512 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:44:52.0694 0512 Cpqarray - ok
11:44:52.0757 0512 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:44:52.0773 0512 dac2w2k - ok
11:44:52.0773 0512 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:44:52.0788 0512 dac960nt - ok
11:44:52.0866 0512 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:44:52.0866 0512 Disk - ok
11:44:52.0976 0512 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:44:53.0023 0512 DLABOIOM - ok
11:44:53.0132 0512 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:44:53.0132 0512 DLACDBHM - ok
11:44:53.0148 0512 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:44:53.0163 0512 DLADResN - ok
11:44:53.0179 0512 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:44:53.0179 0512 DLAIFS_M - ok
11:44:53.0210 0512 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:44:53.0210 0512 DLAOPIOM - ok
11:44:53.0226 0512 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:44:53.0226 0512 DLAPoolM - ok
11:44:53.0257 0512 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:44:53.0257 0512 DLARTL_N - ok
11:44:53.0288 0512 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:44:53.0288 0512 DLAUDFAM - ok
11:44:53.0319 0512 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:44:53.0319 0512 DLAUDF_M - ok
11:44:53.0429 0512 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:44:53.0538 0512 dmboot - ok
11:44:53.0601 0512 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:44:53.0601 0512 dmio - ok
11:44:53.0616 0512 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:44:53.0616 0512 dmload - ok
11:44:53.0679 0512 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:44:53.0679 0512 DMusic - ok
11:44:53.0710 0512 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:44:53.0726 0512 dpti2o - ok
11:44:53.0804 0512 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:44:53.0819 0512 drmkaud - ok
11:44:53.0898 0512 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:44:53.0898 0512 DRVMCDB - ok
11:44:53.0929 0512 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:44:53.0944 0512 DRVNDDM - ok
11:44:54.0101 0512 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
11:44:54.0101 0512 DSproct - ok
11:44:54.0163 0512 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
11:44:54.0163 0512 dsunidrv - ok
11:44:54.0210 0512 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:44:54.0210 0512 E100B - ok
11:44:54.0257 0512 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:44:54.0257 0512 e1express - ok
11:44:54.0319 0512 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
11:44:54.0319 0512 ELacpi - ok
11:44:54.0366 0512 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
11:44:54.0366 0512 ELhid - ok
11:44:54.0398 0512 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
11:44:54.0413 0512 ELkbd - ok
11:44:54.0429 0512 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
11:44:54.0429 0512 ELmon - ok
11:44:54.0444 0512 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
11:44:54.0444 0512 ELmou - ok
11:44:54.0491 0512 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:44:54.0507 0512 Fastfat - ok
11:44:54.0585 0512 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:44:54.0585 0512 Fdc - ok
11:44:54.0710 0512 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:44:54.0710 0512 Fips - ok
11:44:54.0788 0512 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:44:54.0788 0512 Flpydisk - ok
11:44:54.0929 0512 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:44:54.0929 0512 FltMgr - ok
11:44:54.0976 0512 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:44:54.0976 0512 Fs_Rec - ok
11:44:55.0038 0512 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:44:55.0038 0512 Ftdisk - ok
11:44:55.0179 0512 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:44:55.0210 0512 GEARAspiWDM - ok
11:44:55.0398 0512 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:44:55.0413 0512 Gpc - ok
11:44:55.0804 0512 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:44:55.0835 0512 HDAudBus - ok
11:44:55.0976 0512 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:44:56.0038 0512 HidUsb - ok
11:44:56.0444 0512 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:44:56.0460 0512 hpn - ok
11:44:56.0835 0512 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:44:56.0944 0512 HSFHWBS2 - ok
11:44:57.0460 0512 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:44:58.0663 0512 HSF_DP - ok
11:44:59.0195 0512 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:44:59.0273 0512 HTTP - ok
11:44:59.0491 0512 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:44:59.0507 0512 i2omgmt - ok
11:44:59.0570 0512 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:44:59.0570 0512 i2omp - ok
11:44:59.0663 0512 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:44:59.0679 0512 i8042prt - ok
11:44:59.0804 0512 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
11:44:59.0820 0512 iastor - ok
11:44:59.0991 0512 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:45:00.0023 0512 Imapi - ok
11:45:00.0085 0512 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:45:00.0101 0512 ini910u - ok
11:45:00.0148 0512 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:45:00.0148 0512 IntelIde - ok
11:45:00.0226 0512 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:45:00.0226 0512 intelppm - ok
11:45:00.0304 0512 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:45:00.0304 0512 Ip6Fw - ok
11:45:00.0382 0512 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:45:00.0382 0512 IpFilterDriver - ok
11:45:00.0460 0512 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:45:00.0476 0512 IpInIp - ok
11:45:00.0554 0512 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:45:00.0554 0512 IpNat - ok
11:45:00.0632 0512 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:45:00.0632 0512 IPSec - ok
11:45:00.0663 0512 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:45:00.0663 0512 IRENUM - ok
11:45:00.0726 0512 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:45:00.0726 0512 isapnp - ok
11:45:00.0757 0512 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:45:00.0757 0512 Kbdclass - ok
11:45:00.0788 0512 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:45:00.0788 0512 kbdhid - ok
11:45:00.0991 0512 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:45:01.0023 0512 kmixer - ok
11:45:01.0241 0512 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:45:01.0273 0512 KSecDD - ok
11:45:01.0648 0512 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
11:45:01.0695 0512 Lavasoft Kernexplorer - ok
11:45:02.0085 0512 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
11:45:02.0148 0512 Lbd - ok
11:45:02.0695 0512 LBeepKE (e254e5b2c5227ddbb47d045940a0a559) C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:45:02.0804 0512 LBeepKE - ok
11:45:03.0179 0512 lbrtfdc - ok
11:45:03.0413 0512 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:45:03.0429 0512 LHidFilt - ok
11:45:03.0460 0512 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:45:03.0460 0512 LMouFilt - ok
11:45:03.0648 0512 LUsbFilt (0b808ff2f17c8396fb2ae202f75aed37) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:45:03.0648 0512 LUsbFilt - ok
11:45:03.0866 0512 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:45:03.0898 0512 mdmxsdk - ok
11:45:04.0070 0512 MFX (40731ad42ada38e2e9ddd16f616f30dd) C:\WINDOWS\system32\drivers\MFX.sys
11:45:04.0116 0512 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\MFX.sys. md5: 40731ad42ada38e2e9ddd16f616f30dd
11:45:04.0116 0512 Suspicious file (Hidden): C:\WINDOWS\system32\drivers\MFX.sys. md5: 40731ad42ada38e2e9ddd16f616f30dd
11:45:04.0132 0512 MFX ( LockedFile.Multi.Generic ) - warning
11:45:04.0132 0512 MFX - detected LockedFile.Multi.Generic (1)
11:45:04.0366 0512 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11:45:04.0429 0512 MHNDRV - ok
11:45:04.0570 0512 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:45:04.0585 0512 mnmdd - ok
11:45:05.0116 0512 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:45:05.0132 0512 Modem - ok
11:45:05.0413 0512 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:45:05.0429 0512 MODEMCSA - ok
11:45:05.0679 0512 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:45:05.0695 0512 Mouclass - ok
11:45:05.0898 0512 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:45:05.0913 0512 mouhid - ok
11:45:06.0132 0512 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:45:06.0132 0512 MountMgr - ok
11:45:06.0304 0512 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:45:06.0320 0512 mraid35x - ok
11:45:06.0554 0512 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:45:06.0695 0512 MRxDAV - ok
11:45:07.0007 0512 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:45:07.0242 0512 MRxSmb - ok
11:45:07.0742 0512 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:45:07.0757 0512 Msfs - ok
11:45:07.0882 0512 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:45:07.0882 0512 MSKSSRV - ok
11:45:07.0992 0512 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:45:07.0992 0512 MSPCLOCK - ok
11:45:08.0085 0512 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:45:08.0085 0512 MSPQM - ok
11:45:08.0226 0512 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:45:08.0226 0512 mssmbios - ok
11:45:08.0288 0512 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:45:08.0429 0512 Mup - ok
11:45:08.0570 0512 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:45:08.0585 0512 NDIS - ok
11:45:08.0632 0512 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:45:08.0663 0512 NdisTapi - ok
11:45:08.0757 0512 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:45:08.0757 0512 Ndisuio - ok
11:45:08.0804 0512 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:45:08.0804 0512 NdisWan - ok
11:45:08.0882 0512 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:45:08.0898 0512 NDProxy - ok
11:45:08.0960 0512 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:45:08.0976 0512 NetBIOS - ok
11:45:08.0992 0512 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:45:08.0992 0512 NetBT - ok
11:45:09.0085 0512 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:45:09.0085 0512 Npfs - ok
11:45:09.0148 0512 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:45:09.0179 0512 Ntfs - ok
11:45:09.0195 0512 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:45:09.0195 0512 Null - ok
11:45:09.0429 0512 nv (94c9962a2d51115be99dbed20801edae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:45:09.0538 0512 nv - ok
11:45:09.0570 0512 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:45:09.0570 0512 NwlnkFlt - ok
11:45:09.0617 0512 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:45:09.0617 0512 NwlnkFwd - ok
11:45:09.0757 0512 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:45:09.0773 0512 Parport - ok
11:45:09.0851 0512 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:45:09.0851 0512 PartMgr - ok
11:45:09.0929 0512 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:45:09.0929 0512 ParVdm - ok
11:45:09.0976 0512 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
11:45:09.0976 0512 pavboot - ok
11:45:09.0992 0512 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:45:09.0992 0512 PCI - ok
11:45:10.0007 0512 PCIDump - ok
11:45:10.0023 0512 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:45:10.0038 0512 PCIIde - ok
11:45:10.0101 0512 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:45:10.0117 0512 Pcmcia - ok
11:45:10.0132 0512 PDCOMP - ok
11:45:10.0132 0512 PDFRAME - ok
11:45:10.0148 0512 PDRELI - ok
11:45:10.0163 0512 PDRFRAME - ok
11:45:10.0195 0512 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:45:10.0195 0512 perc2 - ok
11:45:10.0210 0512 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:45:10.0226 0512 perc2hib - ok
11:45:10.0288 0512 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:45:10.0288 0512 PptpMiniport - ok
11:45:10.0570 0512 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:45:10.0570 0512 PSched - ok
11:45:10.0585 0512 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:45:10.0585 0512 Ptilink - ok
11:45:10.0663 0512 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:45:10.0663 0512 PxHelp20 - ok
11:45:10.0710 0512 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:45:10.0710 0512 ql1080 - ok
11:45:10.0788 0512 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:45:10.0788 0512 Ql10wnt - ok
11:45:10.0820 0512 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:45:10.0820 0512 ql12160 - ok
11:45:10.0851 0512 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:45:10.0851 0512 ql1240 - ok
11:45:10.0898 0512 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:45:10.0913 0512 ql1280 - ok
11:45:11.0007 0512 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:45:11.0007 0512 RasAcd - ok
11:45:11.0101 0512 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:45:11.0101 0512 Rasl2tp - ok
11:45:11.0195 0512 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:45:11.0242 0512 RasPppoe - ok
11:45:12.0070 0512 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:45:12.0070 0512 Raspti - ok
11:45:12.0382 0512 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:45:12.0476 0512 Rdbss - ok
11:45:12.0523 0512 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:45:12.0523 0512 RDPCDD - ok
11:45:12.0570 0512 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:45:12.0570 0512 rdpdr - ok
11:45:12.0664 0512 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:45:12.0679 0512 RDPWD - ok
11:45:12.0726 0512 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:45:12.0742 0512 redbook - ok
11:45:12.0898 0512 SbieDrv (848c7a79dae9abccae1952ba561729f8) C:\Program Files\Sandboxie\SbieDrv.sys
11:45:12.0898 0512 SbieDrv - ok
11:45:12.0960 0512 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:45:12.0960 0512 Secdrv - ok
11:45:13.0023 0512 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:45:13.0039 0512 serenum - ok
11:45:13.0179 0512 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:45:13.0179 0512 Serial - ok
11:45:13.0226 0512 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:45:13.0242 0512 Sfloppy - ok
11:45:13.0289 0512 Simbad - ok
11:45:13.0367 0512 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:45:13.0367 0512 sisagp - ok
11:45:13.0492 0512 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:45:13.0492 0512 Sparrow - ok
11:45:13.0554 0512 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:45:13.0570 0512 splitter - ok
11:45:13.0601 0512 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:45:13.0601 0512 sr - ok
11:45:13.0648 0512 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:45:13.0664 0512 Srv - ok
11:45:13.0757 0512 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
11:45:13.0820 0512 STHDA - ok
11:45:13.0867 0512 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:45:13.0882 0512 StillCam - ok
11:45:13.0945 0512 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:45:13.0960 0512 swenum - ok
11:45:14.0101 0512 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:45:14.0101 0512 swmidi - ok
11:45:14.0179 0512 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:45:14.0179 0512 symc810 - ok
11:45:14.0289 0512 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:45:14.0289 0512 symc8xx - ok
11:45:14.0351 0512 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:45:14.0351 0512 sym_hi - ok
11:45:14.0367 0512 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:45:14.0367 0512 sym_u3 - ok
11:45:14.0492 0512 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:45:14.0492 0512 sysaudio - ok
11:45:14.0585 0512 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:45:14.0601 0512 Tcpip - ok
11:45:14.0695 0512 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:45:14.0695 0512 TDPIPE - ok
11:45:14.0773 0512 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:45:14.0773 0512 TDTCP - ok
11:45:14.0867 0512 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:45:14.0867 0512 TermDD - ok
11:45:14.0929 0512 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:45:14.0929 0512 TosIde - ok
11:45:14.0992 0512 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:45:15.0007 0512 Udfs - ok
11:45:15.0117 0512 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:45:15.0117 0512 ultra - ok
11:45:15.0242 0512 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:45:15.0257 0512 Update - ok
11:45:15.0351 0512 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:45:15.0367 0512 USBAAPL - ok
11:45:15.0460 0512 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:45:15.0460 0512 usbccgp - ok
11:45:15.0539 0512 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:45:15.0539 0512 usbehci - ok
11:45:15.0570 0512 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:45:15.0585 0512 usbhub - ok
11:45:15.0617 0512 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:45:15.0617 0512 usbprint - ok
11:45:15.0632 0512 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:45:15.0648 0512 usbscan - ok
11:45:15.0695 0512 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:45:15.0695 0512 USBSTOR - ok
11:45:15.0710 0512 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:45:15.0710 0512 usbuhci - ok
11:45:15.0742 0512 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:45:15.0757 0512 VgaSave - ok
11:45:15.0851 0512 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:45:15.0851 0512 viaagp - ok
11:45:15.0914 0512 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:45:15.0914 0512 ViaIde - ok
11:45:16.0273 0512 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:45:16.0289 0512 VolSnap - ok
11:45:16.0320 0512 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:45:16.0335 0512 Wanarp - ok
11:45:16.0351 0512 wanatw - ok
11:45:16.0460 0512 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:45:16.0476 0512 Wdf01000 - ok
11:45:16.0492 0512 WDICA - ok
11:45:16.0554 0512 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:45:16.0554 0512 wdmaud - ok
11:45:16.0632 0512 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:45:16.0648 0512 winachsf - ok
11:45:16.0726 0512 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:45:16.0773 0512 WudfPf - ok
11:45:16.0898 0512 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:45:16.0898 0512 WudfRd - ok
11:45:17.0023 0512 XMS1563K (cd567228733a94b19a7c25f5912ca631) C:\WINDOWS\system32\drivers\XMS1563K.sys
11:45:17.0054 0512 XMS1563K - ok
11:45:17.0085 0512 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
11:45:17.0117 0512 \Device\Harddisk0\DR0 - ok
11:45:17.0148 0512 Boot (0x1200) (21f281f53ad4bb2f2a96ebbbe4cbf329) \Device\Harddisk0\DR0\Partition0
11:45:17.0148 0512 \Device\Harddisk0\DR0\Partition0 - ok
11:45:17.0148 0512 ============================================================
11:45:17.0148 0512 Scan finished
11:45:17.0148 0512 ============================================================
11:45:17.0164 2000 Detected object count: 1
11:45:17.0164 2000 Actual detected object count: 1
11:45:23.0054 2000 MFX ( LockedFile.Multi.Generic ) - skipped by user
11:45:23.0054 2000 MFX ( LockedFile.Multi.Generic ) - User select action: Skip


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dawg :: HERSCHEL [administrator]

2/8/2012 12:41:34 PM
mbam-log-2012-02-08 (12-41-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234462
Time elapsed: 37 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 12:37:52
-----------------------------
12:37:52.621 OS Version: Windows 5.1.2600 Service Pack 3
12:37:52.621 Number of processors: 2 586 0x407
12:37:52.621 ComputerName: HERSCHEL UserName: Dawg
12:37:56.996 Initialize success
12:38:15.105 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:38:15.105 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
12:38:15.136 Disk 0 MBR read successfully
12:38:15.136 Disk 0 MBR scan
12:38:15.136 Disk 0 unknown MBR code
12:38:15.136 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
12:38:15.152 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233609 MB offset 96390
12:38:15.168 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 478528155
12:38:15.168 Disk 0 scanning sectors +488263545
12:38:15.215 Disk 0 scanning C:\WINDOWS\system32\drivers
12:38:26.480 File: C:\WINDOWS\system32\drivers\MFX.sys **HIDDEN**
12:38:26.480 Service scanning
12:38:28.433 Modules scanning
12:38:37.605 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
12:38:39.308 Disk 0 trace - called modules:
12:38:39.340 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:38:39.340 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8735aab8]
12:38:39.340 3 CLASSPNP.SYS[f75d2fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87355030]
12:38:39.340 Scan finished successfully
12:38:48.371 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dawg\Desktop\MBR.dat"
12:38:48.387 The log file has been saved successfully to "C:\Documents and Settings\Dawg\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   577bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 PM

Posted 09 February 2012 - 09:09 AM

Lets check the validity of this file.
C:\WINDOWS\System32\DLA\DLADResN.SYS

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\WINDOWS\System32\DLA\DLADResN.SYS
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

Are you able to download and run the MalwareBytes tool?

Please post the log for my review.

===

I would also like to see the results of this scan.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#5 dawg3410

dawg3410
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 09 February 2012 - 12:02 PM

Thank you again nasdaq. Here is the mbam log I posted yesterday:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dawg :: HERSCHEL [administrator]

2/8/2012 12:41:34 PM
mbam-log-2012-02-08 (12-41-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234462
Time elapsed: 37 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

====
here are the others:

http://virusscan.jotti.org/en-gb/scanresult/a51393a38fdecfd607884796b2a76c30a9b1a533

====

ComboFix 12-02-09.02 - Dawg 02/09/2012 10:52:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.624 [GMT -5:00]
Running from: c:\documents and settings\Dawg\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\d8e0b6c9
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Dawg\WINDOWS
c:\windows\kb913800.exe
c:\windows\system32\12380.exe
c:\windows\system32\12916.exe
c:\windows\system32\14233.exe
c:\windows\system32\14364.exe
c:\windows\system32\1594.exe
c:\windows\system32\16988.exe
c:\windows\system32\21119.exe
c:\windows\system32\22437.exe
c:\windows\system32\22651.exe
c:\windows\system32\28010.exe
c:\windows\system32\29012.exe
c:\windows\system32\29986.exe
c:\windows\system32\3014.exe
c:\windows\system32\3439.exe
c:\windows\system32\4074.exe
c:\windows\system32\4647.exe
c:\windows\system32\4837.exe
c:\windows\system32\5225.exe
c:\windows\system32\7134.exe
c:\windows\system32\7420.exe
c:\windows\system32\8195.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-01-27 16:59 . 2012-01-27 16:59 -------- d-----w- c:\documents and settings\Dawg\Application Data\AnvSoft
2012-01-27 16:58 . 2012-01-27 16:58 -------- d-----w- c:\program files\AnvSoft
2012-01-27 13:55 . 2012-01-27 13:55 -------- d-----w- c:\program files\CamStudio 2.6b
2012-01-27 13:55 . 2010-10-24 05:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-01-18 22:48 . 2012-01-19 17:17 -------- d-----w- c:\program files\Magic Folders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 13:38 . 2011-12-12 13:41 723294 ----a-w- c:\windows\unins001.exe
2011-12-10 20:24 . 2010-02-24 17:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2005-08-16 08:18 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 13:25 . 2011-05-26 12:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2005-08-16 08:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2005-08-16 08:18 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2005-08-16 08:18 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2005-08-16 08:18 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-03 12:59 . 2011-10-01 12:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 405736]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-31 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\ITOOL30\\iftp32.exe"=
"c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Dawg\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dawg\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Documents and Settings\\Dawg\\Desktop\\Portal\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14763:TCP"= 14763:TCP:BitComet 14763 TCP
"14763:UDP"= 14763:UDP:BitComet 14763 UDP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/28/2010 3:07 PM 64288]
R0 MFX;MFX; [x]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/28/2010 12:05 PM 28552]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/19/2009 8:39 AM 266240]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [4/9/2009 12:03 PM 10384]
S0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [7/19/2007 12:13 PM 52108]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2010-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316617874-152061979-378130564-1005Core.job
- c:\documents and settings\Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 18:47]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1316617874-152061979-378130564-1005UA.job
- c:\documents and settings\Dawg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 18:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Dawg\Application Data\Mozilla\Firefox\Profiles\5i6wjk2q.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://dogbytesonline.com/
FF - prefs.js: network.proxy.type - 4
FF - user.js: keyword.URL - hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=U4KvsNoo&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8112aaf3-53fb-44f9-9880-338f56d2c90c} - fonemike.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 11:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\drivers\MFX.sys 50892 bytes executable
C:\SYZ_DAT
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1548)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\stsystra.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-02-09 11:56:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 16:56
.
Pre-Run: 96,033,484,800 bytes free
Post-Run: 97,745,522,688 bytes free
.
- - End Of File - - E8833FC72B1A9B0B550B813002CD41AB

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 PM

Posted 09 February 2012 - 02:07 PM

Looking good.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#7 dawg3410

dawg3410
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 09 February 2012 - 02:15 PM

Ok here we go:

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date Spybot installed!
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy
Java™ 6 Update 23
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (10.0.)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#8 dawg3410

dawg3410
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 09 February 2012 - 02:24 PM

Update: Google searches are now normal and not redirected. The only minor issues that persist are rather strange. My mouse buttons are hyper sensitive, as in a single click often results in a double click, trouble hilighting text, clicking links often doesn't work on the first try, etc. This problem has occurred before and been solved by malware scanning and removal. Now, however, the problem remains. Very weird, as it isn't my actual mouse settings..those have been checked repeatedly.

The other thing I've noticed is popups where there have never been popups before. For example, going to the second page of search results or clicking links that have never had popups. Often the popups are full size, blank windows going nowhere. Very strange.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 PM

Posted 10 February 2012 - 09:27 AM

Your mouse driver may have been corrupted.
Open the Control panel > look at the mouse properties and reset them. It may help.

I would reinstall the mouse.

It's possible also that it's going bad. A replacement may be necessary.

It the mouse has a roller ball make sure it's clean.
===

The other thing I've noticed is popups where there have never been popups before. For example, going to the second page of search results or clicking links that have never had popups. Often the popups are full size, blank windows going nowhere. Very strange.

If this persists after fixing the mouse let me know.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23


===

Remove this old version of Adobe Flash Player 9 using the Add/Remove Programs list.

===

Keep me posted.

#10 dawg3410

dawg3410
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 11 February 2012 - 02:30 PM

I think everything is running pretty well now. The popups are still around on occasion, but not causing a problem. Thank you again for your help nasdaq!

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 PM

Posted 11 February 2012 - 02:47 PM

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit Enter
*/*

If still getting some redirection execute this.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

Please keep me posted.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 PM

Posted 18 February 2012 - 10:23 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users