Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Help


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jessmoon

Jessmoon

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 10 February 2012 - 07:45 PM

Hi,
I have run Super Anti-Spyware, Malware Bytes & AVG anti-virus, however I still can't find what the problem is. I am running Windows 7 and it will only run in safe mode it freezes up and won't load in regular and when I'm online my browser gets hijacked. i followed the instructions on the preparation guide so here are my logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Jess at 18:06:18 on 2012-02-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.4689 [GMT -6:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\hamachi-2.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msconfig.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - C:\Program Files (x86)\iMacros\imacros.dll
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\Jess\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files (x86)\iMacros\imacros.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0B69C736-F438-4317-8EAD-06EF35C7C0A8} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
EB-X64: {0483894E-2422-45E0-8384-021AFF1AF3CD} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Windows\hamachi-2.exe -s --> C:\Windows\hamachi-2.exe -s [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-14 13336]
S2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe [2010-12-14 359952]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-12-14 155456]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-12-14 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
.
=============== Created Last 30 ================
.
2012-02-11 00:06:14 607260 ------r- C:\Program Files\dds.scr
2012-02-11 00:04:11 -------- d-----w- C:\Windows\pss
2012-02-09 01:03:10 8656400 ----a-w- C:\Program Files\RootkitBuster_v5_1050.exe
2012-02-09 00:41:04 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-02-08 23:15:31 -------- d-----w- C:\Users\Jess\AppData\Roaming\Malwarebytes
2012-02-08 23:15:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-08 23:14:40 9502424 ----a-w- C:\Program Files\mbam--setup-1.60.1.1000.exe
2012-02-08 18:46:58 -------- d-----w- C:\Users\Jess\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 18:46:35 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-08 18:46:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-08 18:46:13 12903112 ----a-w- C:\Program Files\SUPERAntiSpyware.exe
2012-02-08 13:40:48 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-02-07 19:18:30 2343816 ----a-w- C:\Windows\hamachi-2.exe
2012-02-07 19:18:30 1987976 ----a-w- C:\Windows\hamachi-2-ui.exe
2012-02-06 20:12:11 -------- d--h--w- C:\$AVG
2012-02-06 20:09:30 -------- d-----w- C:\Users\Jess\AppData\Roaming\AVG2012
2012-02-06 20:08:34 -------- d--h--w- C:\ProgramData\Common Files
2012-02-06 20:08:19 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-02-06 20:07:49 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-02-06 20:07:49 -------- d-----w- C:\ProgramData\AVG2012
2012-02-06 20:06:55 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-06 20:04:47 -------- d-----w- C:\ProgramData\MFAData
2012-02-04 20:39:23 -------- d-----w- C:\ProgramData\Blueberry
2012-02-04 20:37:56 -------- d-----w- C:\Users\Jess\AppData\Roaming\Blueberry
2012-02-04 20:37:26 5632 ----a-w- C:\Windows\System32\bbchlp.dll
2012-02-04 20:37:26 4608 ----a-w- C:\Windows\System32\drivers\bbcap.sys
2012-02-04 20:37:26 37376 ----a-w- C:\Windows\System32\bbcap.dll
2012-02-04 20:37:12 -------- d-----w- C:\Users\Jess\AppData\Roaming\LogSys
2012-02-04 20:37:10 -------- d-----w- C:\ProgramData\LogSys
2012-02-04 20:37:05 -------- d-----w- C:\Program Files (x86)\Common Files\Blueberry Software
2012-02-04 16:47:51 -------- d-----w- C:\Users\Jess\AppData\Local\gctmp
2012-02-04 16:47:50 -------- d-----w- C:\Users\Jess\AppData\Local\Xenocode
2012-02-04 04:27:52 667648 ----a-w- C:\Windows\SysWow64\vp8vfw.dll
2012-02-03 22:59:58 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2012-02-03 22:42:06 -------- d-----w- C:\Users\Jess\AppData\Roaming\Solveig Multimedia
2012-01-30 21:05:25 -------- d-----w- C:\Users\Jess\AppData\Roaming\pymclevel
2012-01-30 18:22:10 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-01-30 17:38:24 -------- d-----w- C:\Users\Jess\AppData\Local\Linkury
2012-01-30 17:38:24 -------- d-----w- C:\Program Files (x86)\Linkury
2012-01-30 17:36:30 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2012-01-30 17:36:26 -------- d-----w- C:\Users\Jess\AppData\Roaming\Genieo
2012-01-30 17:36:15 -------- d-----w- C:\ProgramData\WeCareReminder
2012-01-30 17:36:09 -------- d-----w- C:\Program Files (x86)\EpicPlay
2012-01-30 17:06:49 -------- d-----w- C:\Users\Jess\AppData\Roaming\Babylon
2012-01-30 17:06:49 -------- d-----w- C:\Users\Jess\AppData\Local\Babylon
2012-01-30 17:06:49 -------- d-----w- C:\ProgramData\Babylon
2012-01-30 00:57:20 -------- d-----w- C:\Program Files (x86)\Steam
2012-01-28 15:22:44 -------- d-----w- C:\Users\Jess\AppData\Local\LogMeIn Hamachi
2012-01-28 15:16:13 1435251 ----a-w- C:\Users\Jess\Minecraft_Server.exe
2012-01-28 15:03:38 270142 ----a-w- C:\Users\Jess\Minecraft.exe
2012-01-28 09:00:37 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-27 23:17:57 -------- d-----w- C:\Users\Jess\jagexcache
2012-01-27 22:14:49 -------- d-----w- C:\Users\Jess\AppData\Local\Google
2012-01-27 22:14:41 -------- d-----w- C:\Users\Jess\AppData\Local\Deployment
2012-01-27 22:14:41 -------- d-----w- C:\Users\Jess\AppData\Local\Apps
2012-01-27 22:04:57 118784 ----a-w- C:\Windows\SysWow64\msstdfmt.dll
2012-01-27 22:04:57 -------- d-----w- C:\ProgramData\iOpus-i-M
2012-01-27 22:04:56 56696 ----a-w- C:\Windows\SysWow64\imsys.dll
2012-01-27 22:04:56 241016 ----a-w- C:\Windows\SysWow64\imatl.dll
2012-01-27 22:04:56 224016 ----a-w- C:\Windows\SysWow64\tabctl32.ocx
2012-01-27 22:04:56 1081616 ----a-w- C:\Windows\SysWow64\mscomctl.ocx
2012-01-27 22:04:55 -------- d-----w- C:\Program Files (x86)\iMacros
2012-01-27 22:04:42 3600120 ----a-w- C:\Users\Jess\imacros-for-internet-explorer.exe
2012-01-27 09:17:43 -------- d-----w- C:\Windows\SysWow64\Wat
2012-01-27 09:17:43 -------- d-----w- C:\Windows\System32\Wat
2012-01-26 09:17:39 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-01-26 09:17:39 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-01-26 09:08:38 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-01-26 09:08:38 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-01-26 09:08:38 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-01-26 09:08:38 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-01-26 09:08:38 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-01-26 09:08:38 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-01-26 09:08:38 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-01-26 09:08:38 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-01-26 09:08:37 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-01-26 09:08:37 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-01-26 09:00:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-01-26 09:00:46 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-01-26 01:49:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-26 01:46:59 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-26 01:46:59 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-26 01:46:58 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-01-26 01:46:58 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-01-26 01:46:56 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-01-26 01:46:55 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-01-26 01:46:55 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-01-26 01:46:54 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-26 01:46:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-28 15:07:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:06:30.07 ===============
Here's the GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-10 18:45:02
Windows 6.1.7600
Running: g5rufgfm.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\b[1].gif 43 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\playground[1].png 7207 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\preferences[1] 195 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\proudmember[1].js 414 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\QADBg5%252526_salt%25253D3748323186%252526cb%25253D1328918036861757%252526i%25253D140464%252526r%25253D0%252C7f1bdcf0-5442-11e1-b0cc-78e7d1611536%252C1328918037493[1] 1057 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\imp[1] 1494 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\inc_itemsforsale_ajax[2].asp 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\topic_top_one;ppos=atf;kw=;tile=1;sz=300x250,336x280;ord=4942622939590103[1] 674 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\housedivided[1].jpg 15525 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\wAArLO%252526_salt%25253D3918881780%252526cb%25253D1328918044249924%252526i%25253D140464%252526r%25253D0%252C836ff9da-5442-11e1-a4d3-78e7d1624298%252C1328918044755[1] 1049 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\rooms_calsearch[1].asp 56044 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot 23001 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\mdreamfront[1].jpg 10582 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\www-embed_core_module-vfl56O3N5[1].js 83341 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\www-refresh-vflhoEQve[1].png 35455 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\QuotaService[2].RecordEvent 44 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\api[1].txt 105 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\KonaGet[1].js 1418 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\KonaGet[2].js 26421 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\launch[3].htm 25628 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\icon_fireplace[1].png 5860 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\icon_hottub2[1].png 7358 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\icon_hottub[1].png 8696 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\ads[1].htm 11725 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\AuthenticationService[2].Authenticate 44 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\4310[1].js 2166 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\valentine2012sb[1].png 30758 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\ViewportInfoService[1].GetViewportInfo 40562 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\facebook-icon[1].png 5794 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\favicon[1].ico 1150 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\csc_ymailminty-en-US-core[1].js 35889 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\0AKsP294HTD-nvJgucYTaGfQcKutQXcIrRfyR5jdjY8[1].eot 24829 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\oakwoodfront[1].jpg 39984 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\oklahomalodge[1].gif 6316 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\whisperingoaks[1].png 8717 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\image11_small[1].jpg 3732 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\image8_small[1].jpg 2028 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\jessica_spradley[1] 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3263IWOG\yql[1] 196 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\lodgingstyleone[1].css 409 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\redir[1].htm 216 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\dsugar[1].jpg 186027 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\4bedB2[1].jpg 3130 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\4bedB[1].jpg 4166 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\5[1].jpg 36086 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\facebookcabin[1].png 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\FAQ[1].png 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\www-embed-refresh-vflTZTZrE[1].css 132829 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\yql[1] 468 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\jessica_spradley[1] 433 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\b[1].gif 43 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\brekhomalodge[1].png 11964 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\newheader1[1].png 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\newmiddle[1].png 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\30[1].gif 1623 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\3bedB[1].jpg 3533 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\get[1].png 287 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\hckojgeb5.ver.5.app.64p33climcphh.ver.18.app.66c1j6ph68ohn.ver.25.app.66c9i6pj32d33.ver.13.app.68ohh6com6c1h.ver.8.app.6ae32cgp68pb6.ver.19.app.6cdj26sq3cdb6.ver[1].8 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\pixel-vfl3z5WfW[1].gif 43 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\thumbs_d[1].jpg 10944 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\peoplegroup[1].png 46229 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\photocontest[1].js 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\silver_spur[1].jpg 13720 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\SpryCollapsiblePanel[1].css 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\SpryDOMUtils[1].js 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\a[1].jpg 20894 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\BBL-background[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\i,ax[1].60;;ppos=atf;kw=;tile=2;sz=300x250,336x280;ctx=2_78_m;ctx=2_428_m;ctx=2_44_l;net=ns;cmw=owl;contx=cesoanti;an=60;bu=541;br=4600;dc=d;btg=;ord=7237329869591717 674 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\icon_internet1[1].png 7801 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\icon_internet2[1].png 6860 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\amazingracecabin[1].jpg 18443 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\api[3].txt 105 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\summary[1].asp 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\mobilesite[1].png 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\ksugar[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\like[6].htm 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\index[1].js 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\index[1].php 14913 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\watch_as3-vflzupnQw[1].swf 233670 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\bungalow[1].htm 16069 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\four[1].js 11535 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\dref=http%253A%252F%252Fl.yimg.com%252Fd%252Flib%252Fdarla%252F2-2-5%252Fhtml%252Fext-render-secure[1].html 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\checkintime[1].js 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\checkrates[1].png 10317 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SJV7SV8\cabins-details[1].png 2296 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\fortsillhotels_com[1].htm 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\2bedB[1].jpg 3479 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\sprite[1].png 3745 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\SpryCollapsiblePanel[1].js 13072 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\jessica_spradley[2] 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\get[1].png 739 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\ads[6].htm 11500 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\vsugar[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\BUNGALOWDSC00295_small[1].jpg 2226 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\QuotaService[2].RecordEvent 44 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\dref=http%253A%252F%252Fl.yimg.com%252Fd%252Flib%252Fdarla%252F2-2-5%252Fhtml%252Fext-render-secure[1].html 1053 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\dref=http%253A%252F%252Fl.yimg.com%252Fd%252Flib%252Fdarla%252F2-2-5%252Fhtml%252Fext-render-secure[2].html 1053 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\lilbear_back[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\lilbear_bedroom1[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\lilbear_bedroom2[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\lilbear_porch[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\csugar[1].jpg 340180 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\datapair[1].gif 42 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\datapair[2].gif 42 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\guest_policies[1].htm 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\Breckoma_Lodge[1].jpg 5808 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\12[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\pool[1].png 3419 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\style_tables[1].css 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\show[1].json 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\sign[1].jpg 41125 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\annoucement[1].js 814 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\lazyjhideaway[1].jpg 15511 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\tsugar[1].jpg 480762 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\TwitterIcon[1].png 6206 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\usugar[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\backrepeat2home[1].png 2984 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\chulosa_100_1126[1].jpg 9442 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\Talako_Lodge-[1].jpg 3607 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\cabins_lilbear[1].gif 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\icon_puppy1[1].png 6042 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\icon_puppy2[1].png 6300 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50N97PFK\index[2].php 189331 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\4bedA2[1].jpg 3078 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\oakridgeretreatcabin[1].jpg 16803 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\taleko[1].png 10178 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\ads[1] 7280 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\ads[1].htm 11735 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\adview[1].txt 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\safaricabin[1].jpg 15560 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\topic_top;ppos=atf;kw=;tile=1;sz=970x90;ord=4942622939590103[1] 1392 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\topic_top_one;ppos=atf;kw=;tile=1;sz=300x250,336x280;ord=7237329869591717[1] 674 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\petfriendlyposter[1].png 111502 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\ba[1].js 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\bear-mountain-lodging_com[1].htm 8975 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\BUNGALOWDSC00286_small[1].jpg 2278 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\b[1].gif 43 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\b[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\l[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\1bedB[1].jpg 3495 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\22959e05[1].htm 17146 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\cabin.53[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\jessica_spradley[1] 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\jessica_spradley[3] 196 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\yahoo_com[2].htm 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\_challenge[1].js 943 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\summary[1].asp 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\surly[1].js 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\cabins-photosdetails[1].png 2296 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\cabin_lilbear[1].htm 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\nnm-soc-yt-3[1].png 1407 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\five_star_lodge[1].png 55688 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\jtcad[1].png 76341 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\h[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\icon_boat1[1].png 10921 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\minty[1].txt 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\3bedA[1].jpg 3120 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\imagebrokenboot10[1].jpg 7948 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\imp[1] 1371 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\index[2].htm 7424 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\index[3].htm 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\chulosa[1].png 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\Dana[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\css[1].txt 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\lilbear_dining[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\lilbear_front1[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\lilbear_front2[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\lilbear_kitchen[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\lilbear_living[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\lilbear_loft[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\thewhisperingpines[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\thumbs_1[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\thumbs_m[1].jpg 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\photo[1].js 0 bytes
File C:\Users\Jess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7RP80VM\cabinfrontpic[1].jpg 0 bytes
File C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\KTLGABMQ.txt 0 bytes
File C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\0E9H30RE.txt 0 bytes
File C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Cookies\NC10OM1K.txt 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 11 February 2012 - 12:21 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image You have more than one antivirus (AV) program running. Your logs show both AVG and McAffee running. Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer. Please use the following instructions to remove all but one of the AV applications.

Download AppRemover from here saving it to your desktop.
  • Double click to run AppRemover
  • Follow the prompts to remove all but one of the AV applications
  • Reboot
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • The Attach.txt log from DDS
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Jessmoon

Jessmoon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 11 February 2012 - 09:06 AM

First of all thanks for your help.I used Appremover and uninstalled one of the AVs. Now I have a stupid question, I am very new to Windows 7 and I have tried to save things to my desktop but it's not an option. Maybe I'm just clueless but I don't see desktop anywhere.
Thanks again,
Jessica

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 11 February 2012 - 10:12 AM

You can right click on ComboFix once it's in your downloads folder, select "Cut" then right click on a blank spot on your desktop and select "Paste"

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Jessmoon

Jessmoon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 12 February 2012 - 12:56 PM

Ok I ran Combofix and here is my log

ComboFix 12-02-11.03 - Jess 02/12/2012 11:37:11.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.5097 [GMT -6:00]
Running from: c:\users\Jess\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\~Gy4Ca6b1rR9Zoi
c:\programdata\~Gy4Ca6b1rR9Zoir
c:\programdata\Gy4Ca6b1rR9Zoi
c:\users\Jess\imacros-for-internet-explorer.exe
c:\users\Jess\Minecraft.exe
c:\users\Jess\Minecraft_Server.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 17:40 . 2012-02-12 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 14:12 . 2012-01-17 10:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D15207C-1D22-495B-9E4E-C6C2F404308D}\mpengine.dll
2012-02-11 13:41 . 2012-02-11 13:41 9200064 ----a-w- C:\AppRemover.exe
2012-02-11 00:13 . 2012-02-11 00:13 302592 ----a-w- c:\program files\g5rufgfm.exe
2012-02-11 00:10 . 2012-02-11 00:11 302592 ----a-w- c:\program files\qjms2vhn.exe
2012-02-11 00:06 . 2012-02-11 00:06 607260 ------r- c:\program files\dds.scr
2012-02-09 22:36 . 2012-02-09 22:36 -------- d-----w- c:\windows\Sun
2012-02-09 01:03 . 2012-02-09 01:03 8656400 ----a-w- c:\program files\RootkitBuster_v5_1050.exe
2012-02-09 00:41 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-02-08 23:15 . 2012-02-08 23:15 -------- d-----w- c:\users\Jess\AppData\Roaming\Malwarebytes
2012-02-08 23:15 . 2012-02-08 23:15 -------- d-----w- c:\programdata\Malwarebytes
2012-02-08 23:14 . 2012-02-08 23:14 9502424 ----a-w- c:\program files\mbam--setup-1.60.1.1000.exe
2012-02-08 18:46 . 2012-02-08 18:46 -------- d-----w- c:\users\Jess\AppData\Roaming\SUPERAntiSpyware.com
2012-02-08 18:46 . 2012-02-08 23:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-08 18:46 . 2012-02-08 18:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-08 13:40 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-07 19:18 . 2012-02-07 19:18 2343816 ----a-w- c:\windows\hamachi-2.exe
2012-02-07 19:18 . 2012-02-07 19:18 1987976 ----a-w- c:\windows\hamachi-2-ui.exe
2012-02-06 20:12 . 2012-02-06 20:12 -------- d-----w- C:\$AVG
2012-02-06 20:09 . 2012-02-06 20:09 -------- d-----w- c:\users\Jess\AppData\Roaming\AVG2012
2012-02-06 20:08 . 2012-02-06 20:08 -------- d--h--w- c:\programdata\Common Files
2012-02-06 20:08 . 2012-02-06 20:08 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-02-06 20:07 . 2012-02-12 02:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-06 20:07 . 2012-02-06 20:19 -------- d-----w- c:\programdata\AVG2012
2012-02-06 20:06 . 2012-02-06 20:06 -------- d-----w- c:\program files (x86)\AVG
2012-02-06 20:04 . 2012-02-12 02:47 -------- d-----w- c:\programdata\MFAData
2012-02-04 20:39 . 2012-02-04 20:56 -------- d-----w- c:\programdata\Blueberry
2012-02-04 20:37 . 2012-02-04 20:38 -------- d-----w- c:\users\Jess\AppData\Roaming\Blueberry
2012-02-04 20:37 . 2012-02-04 20:37 5632 ----a-w- c:\windows\system32\bbchlp.dll
2012-02-04 20:37 . 2012-02-04 20:37 4608 ----a-w- c:\windows\system32\drivers\bbcap.sys
2012-02-04 20:37 . 2012-02-04 20:37 37376 ----a-w- c:\windows\system32\bbcap.dll
2012-02-04 20:37 . 2012-02-04 20:37 -------- d-----w- c:\users\Jess\AppData\Roaming\LogSys
2012-02-04 20:37 . 2012-02-04 20:37 -------- d-----w- c:\programdata\LogSys
2012-02-04 20:37 . 2012-02-04 20:37 -------- d-----w- c:\program files (x86)\Common Files\Blueberry Software
2012-02-04 16:47 . 2012-02-04 17:12 -------- d-----w- c:\users\Jess\AppData\Local\gctmp
2012-02-04 16:47 . 2012-02-04 16:47 -------- d-----w- c:\users\Jess\AppData\Local\Xenocode
2012-02-04 04:27 . 2011-04-10 17:22 667648 ----a-w- c:\windows\SysWow64\vp8vfw.dll
2012-02-03 22:59 . 2012-02-03 22:59 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-02-03 22:42 . 2012-02-11 00:02 -------- d-----w- c:\users\Jess\AppData\Roaming\Solveig Multimedia
2012-01-30 21:05 . 2012-01-30 21:05 -------- d-----w- c:\users\Jess\AppData\Roaming\pymclevel
2012-01-30 18:22 . 2012-01-30 18:22 -------- d-----w- c:\programdata\Yahoo!
2012-01-30 18:22 . 2012-02-06 20:12 -------- d-----w- c:\programdata\Yahoo! Companion
2012-01-30 18:22 . 2012-01-30 18:22 -------- d-----w- c:\program files (x86)\Yahoo!
2012-01-30 18:22 . 2012-01-30 18:22 -------- d-----w- c:\users\Jess\AppData\Roaming\Yahoo!
2012-01-30 17:38 . 2012-02-01 02:58 -------- d-----w- c:\users\Jess\AppData\Local\Linkury
2012-01-30 17:38 . 2012-02-01 02:58 -------- d-----w- c:\program files (x86)\Linkury
2012-01-30 17:36 . 2012-01-30 18:22 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-01-30 17:36 . 2012-01-30 17:36 -------- d-----w- c:\programdata\WeCareReminder
2012-01-30 17:36 . 2012-02-06 20:12 -------- d-----w- c:\program files (x86)\EpicPlay
2012-01-30 17:06 . 2012-01-30 17:06 1491 ----a-w- C:\user.js
2012-01-30 17:06 . 2012-01-30 17:06 -------- d-----w- c:\users\Jess\AppData\Roaming\Babylon
2012-01-30 17:06 . 2012-01-30 17:06 -------- d-----w- c:\users\Jess\AppData\Local\Babylon
2012-01-30 17:06 . 2012-01-30 17:06 -------- d-----w- c:\programdata\Babylon
2012-01-30 00:57 . 2012-02-10 18:13 -------- d-----w- c:\program files (x86)\Steam
2012-01-29 20:27 . 2012-01-29 20:27 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-01-28 15:22 . 2012-02-10 18:06 -------- d-----w- c:\users\Jess\AppData\Local\LogMeIn Hamachi
2012-01-28 15:07 . 2012-01-28 15:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-28 15:07 . 2012-01-28 15:07 -------- d-----w- c:\program files (x86)\Java
2012-01-28 09:00 . 2012-01-28 09:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-27 23:17 . 2012-01-27 23:17 -------- d-----w- c:\users\Jess\jagexcache
2012-01-27 22:14 . 2012-02-11 00:01 -------- d-----w- c:\users\Jess\AppData\Local\Google
2012-01-27 22:14 . 2012-01-27 22:14 -------- d-----w- c:\users\Jess\AppData\Local\Deployment
2012-01-27 22:14 . 2012-01-27 22:14 -------- d-----w- c:\users\Jess\AppData\Local\Apps
2012-01-27 22:04 . 2012-01-27 22:05 -------- d-----w- c:\programdata\iOpus-i-M
2012-01-27 22:04 . 2005-01-15 11:02 118784 ----a-w- c:\windows\SysWow64\msstdfmt.dll
2012-01-27 22:04 . 2006-08-17 00:39 241016 ----a-w- c:\windows\SysWow64\imatl.dll
2012-01-27 22:04 . 2006-08-17 00:39 56696 ----a-w- c:\windows\SysWow64\imsys.dll
2012-01-27 22:04 . 2004-03-09 05:00 224016 ----a-w- c:\windows\SysWow64\tabctl32.ocx
2012-01-27 22:04 . 2004-03-09 05:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2012-01-27 22:04 . 2012-01-27 22:05 -------- d-----w- c:\program files (x86)\iMacros
2012-01-27 09:17 . 2012-01-27 09:17 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-27 09:17 . 2012-01-27 09:17 -------- d-----w- c:\windows\system32\Wat
2012-01-26 09:17 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-01-26 09:17 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-01-26 09:08 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-01-26 09:08 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-01-26 09:08 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-01-26 09:08 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-01-26 09:08 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-01-26 09:08 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-26 09:08 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-01-26 09:08 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-26 09:08 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-26 09:08 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-01-26 09:00 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-01-26 09:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-01-26 01:49 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-26 01:48 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-01-26 01:46 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-26 01:46 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-26 01:46 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-01-26 01:46 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-01-26 01:46 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-26 01:46 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-01-26 01:46 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-26 01:46 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-26 01:46 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-16 15:58 . 2012-01-30 17:06 -------- d-----w- c:\users\Tanner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-28 15:07 . 2010-12-15 03:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\users\Tanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\windows\hamachi-2.exe [2012-02-07 2343816]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782907224-991577004-2984746210-1000Core.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 22:14]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2782907224-991577004-2984746210-1000UA.job
- c:\users\Jess\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 22:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-WinRAR archiver - c:\users\Tanner\Desktop\Minecraft\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-02-12 11:45:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 17:45
.
Pre-Run: 159,268,642,816 bytes free
Post-Run: 159,575,920,640 bytes free
.
- - End Of File - - 25D5606CD1416BA147A16A67CC9DE745

Thanks
Jessica

Attached Files


Edited by RPMcMurphy, 12 February 2012 - 01:34 PM.
Added log


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 12 February 2012 - 01:45 PM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the box below by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above http://

http://www.bleepingcomputer.com/forums/topic442155.html
Collect::
c:\program files\g5rufgfm.exe
c:\program files\qjms2vhn.exe

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Jessmoon

Jessmoon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 12 February 2012 - 03:16 PM

Ok I ran the combofix and downloaded and ran Malwarebytes. When it finished the scan it didn't offer me to see scan results, it just said nothing found but it gave me a log.
So I will attach them both.
Thanks,
Jessica

Attached Files



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 12 February 2012 - 03:32 PM

How is your computer running now? Please do this next:

Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:

c:\Qoobox\ComboFix-quarantined-files.txt
That will open a txt file. Please copy and paste the conents of that file into your next post.

Please include the following in your next post:
  • aswMBR log
  • Program list

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Jessmoon

Jessmoon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 12 February 2012 - 08:13 PM

My computer browser is still being redirected, but the computer doesn't freeze up in regular mode. But in order to go to this thread I have to run in safe mode
Ok here is the list from asw MBR
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 15:25:04
-----------------------------
15:25:04.635 OS Version: Windows x64 6.1.7600
15:25:04.635 Number of processors: 2 586 0x170A
15:25:04.635 ComputerName: JESS-PC UserName: Jess
15:25:05.930 Initialize success
15:25:10.673 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:25:10.673 Disk 0 Vendor: WDC_WD25 02.0 Size: 238418MB BusType: 3
15:25:10.688 Disk 0 MBR read successfully
15:25:10.688 Disk 0 MBR scan
15:25:10.704 Disk 0 Windows 7 default MBR code
15:25:10.704 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
15:25:10.719 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8818 MB offset 112640
15:25:10.719 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 229544 MB offset 18171904
15:25:10.719 Service scanning
15:25:11.733 Modules scanning
15:25:11.733 Disk 0 trace - called modules:
15:25:11.733 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:25:11.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006bed060]
15:25:11.749 3 CLASSPNP.SYS[fffff8800159f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ce9050]
15:25:11.749 Scan finished successfully
15:25:37.099 Disk 0 MBR has been saved successfully to "C:\Users\Jess\Desktop\MBR.dat"
15:25:37.099 The log file has been saved successfully to "C:\Users\Jess\Desktop\aswMBR.txt"
_________________________________________
And here is the combofix quarantine files
________________________________

2012-02-12 19:38:37 . 2012-02-12 19:38:38 432 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\etc\hosts.ics.vir
2012-02-12 19:33:18 . 2012-02-12 19:33:18 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-02-12 17:43:59 . 2012-02-12 17:43:59 1,142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-WinRAR archiver.reg.dat
2012-02-12 17:43:52 . 2012-02-12 17:43:52 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-02-12 17:43:39 . 2012-02-12 19:41:20 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-02-12 17:39:12 . 2012-02-12 19:36:36 5,639 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-02-12 17:36:06 . 2012-02-12 19:32:35 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-01-28 15:16:13 . 2012-01-28 15:16:13 1,435,251 ----a-w- C:\Qoobox\Quarantine\C\Users\Jess\Minecraft_Server.exe.vir
2012-01-28 15:03:38 . 2012-01-28 15:03:41 270,142 ----a-w- C:\Qoobox\Quarantine\C\Users\Jess\Minecraft.exe.vir
2012-01-27 22:04:42 . 2012-01-27 22:04:46 3,600,120 ----a-w- C:\Qoobox\Quarantine\C\Users\Jess\imacros-for-internet-explorer.exe.vir
2012-01-26 03:52:09 . 2012-01-26 03:52:09 192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\~Gy4Ca6b1rR9Zoir.vir
2012-01-26 03:52:09 . 2012-01-26 03:52:09 280 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\~Gy4Ca6b1rR9Zoi.vir
2012-01-26 03:51:50 . 2012-01-26 03:51:50 344 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Gy4Ca6b1rR9Zoi.vir
2007-11-07 14:03:18 . 2007-11-07 14:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

Attached Files



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 12 February 2012 - 09:53 PM

Please do this next:

Posted Image Please download MiniToolBox and run it.

Check the following items:
  • Flush DNS
  • List content of Hosts
  • List IP configuration
  • List Installed Programs
Click Go and copy/paste the log (Result.txt) into your next post.

Please include the following in your next post:
  • MiniToolBox log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 Jessmoon

Jessmoon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 13 February 2012 - 08:08 AM

Ok here is my log

MiniToolBox by Farbar Version: 18-01-2012
Ran by Jess (administrator) on 13-02-2012 at 07:05:38
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jess-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-25-64-83-A6-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::559d:59a4:c85f:b028%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, February 12, 2012 1:39:25 PM
Lease Expires . . . . . . . . . . : Monday, February 13, 2012 7:41:50 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234890596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-9A-09-9D-00-25-64-83-A6-86
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-E7-54-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5e7:5416(Preferred)
Link-local IPv6 Address . . . . . : fe80::aca4:fd61:db73:1946%17(Preferred)
IPv4 Address. . . . . . . . . . . : 5.231.84.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Sunday, February 12, 2012 1:39:20 PM
Lease Expires . . . . . . . . . . : Monday, February 13, 2012 7:09:10 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 377125312
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-9A-09-9D-00-25-64-83-A6-86
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{0B69C736-F438-4317-8EAD-06EF35C7C0A8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{72E7BB5F-DD05-4A30-9588-7A4EB2518876}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.227.83
74.125.227.84
74.125.227.80
74.125.227.81
74.125.227.82


Pinging google.com [74.125.227.51] with 32 bytes of data:
Reply from 74.125.227.51: bytes=32 time=17ms TTL=55
Reply from 74.125.227.51: bytes=32 time=18ms TTL=55

Ping statistics for 74.125.227.51:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 18ms, Average = 17ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=18ms TTL=54
Reply from 209.191.122.70: bytes=32 time=18ms TTL=54

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 25 64 83 a6 86 ......Realtek PCIe GBE Family Controller
17...7a 79 05 e7 54 16 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
23...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 11
5.0.0.0 255.0.0.0 On-link 5.231.84.22 9256
5.231.84.22 255.255.255.255 On-link 5.231.84.22 9256
5.255.255.255 255.255.255.255 On-link 5.231.84.22 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 266
192.168.0.5 255.255.255.255 On-link 192.168.0.5 266
192.168.0.255 255.255.255.255 On-link 192.168.0.5 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 266
224.0.0.0 240.0.0.0 On-link 5.231.84.22 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 266
255.255.255.255 255.255.255.255 On-link 5.231.84.22 9256
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
17 276 2620:9b::/64 On-link
17 276 2620:9b::/96 On-link
17 276 2620:9b::5e7:5416/128 On-link
11 266 fe80::/64 On-link
17 276 fe80::/64 On-link
11 266 fe80::559d:59a4:c85f:b028/128
On-link
17 276 fe80::aca4:fd61:db73:1946/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
17 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================

=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Age of Mythology
Age of Mythology - The Titans Expansion
Audacity 1.3.14 (Unicode)
Aurora 3D Animation Maker version 12.01.21 (Version: 12.01.21)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
BB FlashBack Express (Version: 3.2.2.2096)
Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2 (Version: 5.0.2.2)
Community Smartbar (Version: 1.4.0.1797)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Conexant D850 PCI V.92 Modem (Version: 7.80.4.0)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Digital Line Detect (Version: 1.21)
GIMP 2.6.11 (Version: 2.6.11)
GoToAssist 8.0.0.514
iMacros V5.21 (Version: 5.21)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8089.726)
LogMeIn Hamachi (Version: 2.1.0.158)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Modem Diagnostic Tool (Version: 1.0.28.0)
MonkeyJam 3_050529
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Netwaiting (Version: 2.5.59)
PowerDVD DX (Version: 8.3.6029)
Realtek High Definition Audio Driver (Version: 6.0.1.5963)
Roxio Burn (Version: 1.01)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1134)
Team Fortress 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR 4.10 (32-bit) (Version: 4.10.0)
Yahoo! Software Update
Yahoo! Toolbar

**** End of log ****

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 13 February 2012 - 03:26 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 Jessmoon

Jessmoon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 13 February 2012 - 04:07 PM

Ok I did that and it said everything was ok, nothing was found.


15:04:20.0610 2620 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
15:04:21.0046 2620 ============================================================
15:04:21.0046 2620 Current date / time: 2012/02/13 15:04:21.0046
15:04:21.0046 2620 SystemInfo:
15:04:21.0046 2620
15:04:21.0046 2620 OS Version: 6.1.7600 ServicePack: 0.0
15:04:21.0046 2620 Product type: Workstation
15:04:21.0046 2620 ComputerName: JESS-PC
15:04:21.0046 2620 UserName: Jess
15:04:21.0046 2620 Windows directory: C:\Windows
15:04:21.0046 2620 System windows directory: C:\Windows
15:04:21.0046 2620 Running under WOW64
15:04:21.0046 2620 Processor architecture: Intel x64
15:04:21.0046 2620 Number of processors: 2
15:04:21.0046 2620 Page size: 0x1000
15:04:21.0046 2620 Boot type: Safe boot with network
15:04:21.0046 2620 ============================================================
15:04:21.0327 2620 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:04:21.0358 2620 \Device\Harddisk0\DR0:
15:04:21.0358 2620 MBR used
15:04:21.0358 2620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1139000
15:04:21.0358 2620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1154800, BlocksNum 0x1C054000
15:04:21.0374 2620 Initialize success
15:04:21.0374 2620 ============================================================
15:05:01.0014 2880 ============================================================
15:05:01.0014 2880 Scan started
15:05:01.0014 2880 Mode: Manual; TDLFS;
15:05:01.0014 2880 ============================================================
15:05:01.0622 2880 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
15:05:01.0622 2880 1394ohci - ok
15:05:01.0653 2880 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:05:01.0653 2880 ACPI - ok
15:05:01.0669 2880 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:05:01.0669 2880 AcpiPmi - ok
15:05:01.0700 2880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:05:01.0716 2880 adp94xx - ok
15:05:01.0731 2880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:05:01.0731 2880 adpahci - ok
15:05:01.0762 2880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:05:01.0762 2880 adpu320 - ok
15:05:01.0809 2880 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:05:01.0809 2880 AFD - ok
15:05:01.0825 2880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:05:01.0825 2880 agp440 - ok
15:05:01.0872 2880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:05:01.0872 2880 aliide - ok
15:05:01.0872 2880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:05:01.0872 2880 amdide - ok
15:05:01.0903 2880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:05:01.0903 2880 AmdK8 - ok
15:05:01.0918 2880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:05:01.0918 2880 AmdPPM - ok
15:05:01.0950 2880 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:05:01.0950 2880 amdsata - ok
15:05:01.0981 2880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:05:01.0981 2880 amdsbs - ok
15:05:01.0996 2880 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:05:01.0996 2880 amdxata - ok
15:05:02.0012 2880 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:05:02.0012 2880 AppID - ok
15:05:02.0074 2880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:05:02.0074 2880 arc - ok
15:05:02.0090 2880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:05:02.0090 2880 arcsas - ok
15:05:02.0106 2880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:05:02.0106 2880 AsyncMac - ok
15:05:02.0152 2880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:05:02.0152 2880 atapi - ok
15:05:02.0215 2880 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:05:02.0215 2880 AVGIDSDriver - ok
15:05:02.0230 2880 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:05:02.0230 2880 AVGIDSEH - ok
15:05:02.0262 2880 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:05:02.0262 2880 AVGIDSFilter - ok
15:05:02.0308 2880 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:05:02.0308 2880 Avgldx64 - ok
15:05:02.0324 2880 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:05:02.0324 2880 Avgmfx64 - ok
15:05:02.0371 2880 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:05:02.0371 2880 Avgrkx64 - ok
15:05:02.0418 2880 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:05:02.0418 2880 Avgtdia - ok
15:05:02.0464 2880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:05:02.0464 2880 b06bdrv - ok
15:05:02.0496 2880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:05:02.0496 2880 b57nd60a - ok
15:05:02.0527 2880 bbcap (849ea7a204f9f77e7b2adb8699f7bfc8) C:\Windows\system32\DRIVERS\bbcap.sys
15:05:02.0527 2880 bbcap - ok
15:05:02.0558 2880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:05:02.0558 2880 Beep - ok
15:05:02.0605 2880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:05:02.0605 2880 blbdrive - ok
15:05:02.0636 2880 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:05:02.0636 2880 bowser - ok
15:05:02.0652 2880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:05:02.0652 2880 BrFiltLo - ok
15:05:02.0667 2880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:05:02.0667 2880 BrFiltUp - ok
15:05:02.0683 2880 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:05:02.0683 2880 BridgeMP - ok
15:05:02.0714 2880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:05:02.0714 2880 Brserid - ok
15:05:02.0730 2880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:05:02.0730 2880 BrSerWdm - ok
15:05:02.0745 2880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:05:02.0745 2880 BrUsbMdm - ok
15:05:02.0745 2880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:05:02.0745 2880 BrUsbSer - ok
15:05:02.0776 2880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:05:02.0776 2880 BTHMODEM - ok
15:05:02.0792 2880 catchme - ok
15:05:02.0823 2880 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
15:05:02.0839 2880 CAXHWBS2 - ok
15:05:02.0886 2880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:05:02.0886 2880 cdfs - ok
15:05:02.0917 2880 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:05:02.0917 2880 cdrom - ok
15:05:02.0948 2880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:05:02.0948 2880 circlass - ok
15:05:02.0964 2880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:05:02.0979 2880 CLFS - ok
15:05:03.0026 2880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:05:03.0026 2880 CmBatt - ok
15:05:03.0042 2880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:05:03.0042 2880 cmdide - ok
15:05:03.0088 2880 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:05:03.0088 2880 CNG - ok
15:05:03.0120 2880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:05:03.0120 2880 Compbatt - ok
15:05:03.0135 2880 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:05:03.0135 2880 CompositeBus - ok
15:05:03.0151 2880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:05:03.0151 2880 crcdisk - ok
15:05:03.0229 2880 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:05:03.0229 2880 DfsC - ok
15:05:03.0260 2880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:05:03.0260 2880 discache - ok
15:05:03.0276 2880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:05:03.0276 2880 Disk - ok
15:05:03.0322 2880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:05:03.0322 2880 drmkaud - ok
15:05:03.0354 2880 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:05:03.0385 2880 DXGKrnl - ok
15:05:03.0447 2880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:05:03.0525 2880 ebdrv - ok
15:05:03.0556 2880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:05:03.0572 2880 elxstor - ok
15:05:03.0588 2880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:05:03.0588 2880 ErrDev - ok
15:05:03.0619 2880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:05:03.0619 2880 exfat - ok
15:05:03.0650 2880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:05:03.0650 2880 fastfat - ok
15:05:03.0681 2880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:05:03.0681 2880 fdc - ok
15:05:03.0697 2880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:05:03.0697 2880 FileInfo - ok
15:05:03.0728 2880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:05:03.0728 2880 Filetrace - ok
15:05:03.0744 2880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:05:03.0744 2880 flpydisk - ok
15:05:03.0759 2880 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:05:03.0759 2880 FltMgr - ok
15:05:03.0775 2880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:05:03.0775 2880 FsDepends - ok
15:05:03.0790 2880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:05:03.0790 2880 Fs_Rec - ok
15:05:03.0822 2880 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:05:03.0822 2880 fvevol - ok
15:05:03.0837 2880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:05:03.0837 2880 gagp30kx - ok
15:05:03.0884 2880 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:05:03.0900 2880 hamachi - ok
15:05:03.0915 2880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:05:03.0931 2880 hcw85cir - ok
15:05:03.0946 2880 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:05:03.0962 2880 HDAudBus - ok
15:05:03.0978 2880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:05:03.0978 2880 HidBatt - ok
15:05:03.0993 2880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:05:03.0993 2880 HidBth - ok
15:05:04.0009 2880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:05:04.0009 2880 HidIr - ok
15:05:04.0040 2880 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:05:04.0040 2880 HidUsb - ok
15:05:04.0056 2880 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:05:04.0056 2880 HpSAMD - ok
15:05:04.0118 2880 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:05:04.0134 2880 HSF_DPV - ok
15:05:04.0165 2880 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:05:04.0196 2880 HTTP - ok
15:05:04.0212 2880 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:05:04.0212 2880 hwpolicy - ok
15:05:04.0243 2880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:05:04.0243 2880 i8042prt - ok
15:05:04.0258 2880 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
15:05:04.0258 2880 iaStor - ok
15:05:04.0321 2880 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:05:04.0321 2880 iaStorV - ok
15:05:04.0446 2880 igfx (ac4b14e985b2bb19386cc8203fe49bcd) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:05:04.0555 2880 igfx - ok
15:05:04.0570 2880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:05:04.0570 2880 iirsp - ok
15:05:04.0648 2880 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
15:05:04.0680 2880 IntcAzAudAddService - ok
15:05:04.0695 2880 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
15:05:04.0695 2880 IntcHdmiAddService - ok
15:05:04.0711 2880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:05:04.0711 2880 intelide - ok
15:05:04.0742 2880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:05:04.0742 2880 intelppm - ok
15:05:04.0758 2880 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:05:04.0758 2880 IpFilterDriver - ok
15:05:04.0789 2880 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:05:04.0789 2880 IPMIDRV - ok
15:05:04.0804 2880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:05:04.0804 2880 IPNAT - ok
15:05:04.0820 2880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:05:04.0820 2880 IRENUM - ok
15:05:04.0836 2880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:05:04.0836 2880 isapnp - ok
15:05:04.0851 2880 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:05:04.0851 2880 iScsiPrt - ok
15:05:04.0882 2880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:05:04.0882 2880 kbdclass - ok
15:05:04.0898 2880 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:05:04.0898 2880 kbdhid - ok
15:05:04.0929 2880 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:05:04.0929 2880 KSecDD - ok
15:05:04.0960 2880 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:05:04.0960 2880 KSecPkg - ok
15:05:04.0976 2880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:05:04.0976 2880 ksthunk - ok
15:05:05.0023 2880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:05:05.0023 2880 lltdio - ok
15:05:05.0054 2880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:05:05.0054 2880 LSI_FC - ok
15:05:05.0054 2880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:05:05.0070 2880 LSI_SAS - ok
15:05:05.0085 2880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:05:05.0085 2880 LSI_SAS2 - ok
15:05:05.0101 2880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:05:05.0101 2880 LSI_SCSI - ok
15:05:05.0116 2880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:05:05.0116 2880 luafv - ok
15:05:05.0148 2880 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:05:05.0148 2880 mdmxsdk - ok
15:05:05.0163 2880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:05:05.0163 2880 megasas - ok
15:05:05.0179 2880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:05:05.0179 2880 MegaSR - ok
15:05:05.0210 2880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:05:05.0210 2880 Modem - ok
15:05:05.0241 2880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:05:05.0241 2880 monitor - ok
15:05:05.0241 2880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:05:05.0257 2880 mouclass - ok
15:05:05.0272 2880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:05:05.0272 2880 mouhid - ok
15:05:05.0272 2880 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:05:05.0288 2880 mountmgr - ok
15:05:05.0304 2880 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:05:05.0304 2880 mpio - ok
15:05:05.0319 2880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:05:05.0319 2880 mpsdrv - ok
15:05:05.0350 2880 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:05:05.0350 2880 MRxDAV - ok
15:05:05.0382 2880 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:05:05.0382 2880 mrxsmb - ok
15:05:05.0413 2880 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:05:05.0413 2880 mrxsmb10 - ok
15:05:05.0428 2880 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:05:05.0428 2880 mrxsmb20 - ok
15:05:05.0444 2880 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
15:05:05.0444 2880 msahci - ok
15:05:05.0460 2880 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:05:05.0460 2880 msdsm - ok
15:05:05.0475 2880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:05:05.0475 2880 Msfs - ok
15:05:05.0506 2880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:05:05.0506 2880 mshidkmdf - ok
15:05:05.0522 2880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:05:05.0522 2880 msisadrv - ok
15:05:05.0553 2880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:05:05.0553 2880 MSKSSRV - ok
15:05:05.0569 2880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:05:05.0569 2880 MSPCLOCK - ok
15:05:05.0584 2880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:05:05.0584 2880 MSPQM - ok
15:05:05.0616 2880 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:05:05.0616 2880 MsRPC - ok
15:05:05.0631 2880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:05:05.0631 2880 mssmbios - ok
15:05:05.0662 2880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:05:05.0662 2880 MSTEE - ok
15:05:05.0678 2880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:05:05.0678 2880 MTConfig - ok
15:05:05.0694 2880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:05:05.0694 2880 Mup - ok
15:05:05.0725 2880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:05:05.0740 2880 NativeWifiP - ok
15:05:05.0756 2880 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:05:05.0787 2880 NDIS - ok
15:05:05.0803 2880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:05:05.0803 2880 NdisCap - ok
15:05:05.0818 2880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:05:05.0818 2880 NdisTapi - ok
15:05:05.0834 2880 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:05:05.0834 2880 Ndisuio - ok
15:05:05.0850 2880 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:05:05.0850 2880 NdisWan - ok
15:05:05.0865 2880 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:05:05.0865 2880 NDProxy - ok
15:05:05.0881 2880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:05:05.0881 2880 NetBIOS - ok
15:05:05.0896 2880 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:05:05.0912 2880 NetBT - ok
15:05:05.0928 2880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:05:05.0928 2880 nfrd960 - ok
15:05:05.0959 2880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:05:05.0959 2880 Npfs - ok
15:05:05.0974 2880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:05:05.0974 2880 nsiproxy - ok
15:05:06.0037 2880 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:05:06.0052 2880 Ntfs - ok
15:05:06.0068 2880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:05:06.0068 2880 Null - ok
15:05:06.0099 2880 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:05:06.0099 2880 nvraid - ok
15:05:06.0115 2880 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:05:06.0115 2880 nvstor - ok
15:05:06.0130 2880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:05:06.0130 2880 nv_agp - ok
15:05:06.0162 2880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:05:06.0162 2880 ohci1394 - ok
15:05:06.0177 2880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:05:06.0177 2880 Parport - ok
15:05:06.0193 2880 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:05:06.0193 2880 partmgr - ok
15:05:06.0224 2880 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:05:06.0224 2880 pci - ok
15:05:06.0224 2880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:05:06.0240 2880 pciide - ok
15:05:06.0240 2880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:05:06.0255 2880 pcmcia - ok
15:05:06.0271 2880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:05:06.0271 2880 pcw - ok
15:05:06.0302 2880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:05:06.0318 2880 PEAUTH - ok
15:05:06.0364 2880 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:05:06.0364 2880 PptpMiniport - ok
15:05:06.0396 2880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:05:06.0396 2880 Processor - ok
15:05:06.0442 2880 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:05:06.0442 2880 Psched - ok
15:05:06.0474 2880 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:05:06.0474 2880 PxHlpa64 - ok
15:05:06.0505 2880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:05:06.0536 2880 ql2300 - ok
15:05:06.0552 2880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:05:06.0552 2880 ql40xx - ok
15:05:06.0583 2880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:05:06.0583 2880 QWAVEdrv - ok
15:05:06.0598 2880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:05:06.0598 2880 RasAcd - ok
15:05:06.0614 2880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:05:06.0614 2880 RasAgileVpn - ok
15:05:06.0630 2880 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:05:06.0645 2880 Rasl2tp - ok
15:05:06.0661 2880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:05:06.0661 2880 RasPppoe - ok
15:05:06.0676 2880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:05:06.0676 2880 RasSstp - ok
15:05:06.0692 2880 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:05:06.0708 2880 rdbss - ok
15:05:06.0723 2880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:05:06.0723 2880 rdpbus - ok
15:05:06.0739 2880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:05:06.0739 2880 RDPCDD - ok
15:05:06.0754 2880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:05:06.0754 2880 RDPENCDD - ok
15:05:06.0770 2880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:05:06.0770 2880 RDPREFMP - ok
15:05:06.0786 2880 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:05:06.0786 2880 RDPWD - ok
15:05:06.0801 2880 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:05:06.0801 2880 rdyboost - ok
15:05:06.0832 2880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:05:06.0832 2880 rspndr - ok
15:05:06.0864 2880 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:05:06.0879 2880 RTL8167 - ok
15:05:06.0926 2880 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:05:06.0926 2880 SASDIFSV - ok
15:05:06.0942 2880 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:05:06.0942 2880 SASKUTIL - ok
15:05:06.0957 2880 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:05:06.0957 2880 sbp2port - ok
15:05:06.0973 2880 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:05:06.0973 2880 scfilter - ok
15:05:07.0004 2880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:05:07.0004 2880 secdrv - ok
15:05:07.0035 2880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:05:07.0035 2880 Serenum - ok
15:05:07.0066 2880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:05:07.0066 2880 Serial - ok
15:05:07.0082 2880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:05:07.0082 2880 sermouse - ok
15:05:07.0098 2880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:05:07.0113 2880 sffdisk - ok
15:05:07.0113 2880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:05:07.0113 2880 sffp_mmc - ok
15:05:07.0129 2880 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:05:07.0129 2880 sffp_sd - ok
15:05:07.0144 2880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:05:07.0144 2880 sfloppy - ok
15:05:07.0176 2880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:05:07.0176 2880 SiSRaid2 - ok
15:05:07.0191 2880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:05:07.0191 2880 SiSRaid4 - ok
15:05:07.0207 2880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:05:07.0207 2880 Smb - ok
15:05:07.0254 2880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:05:07.0254 2880 spldr - ok
15:05:07.0300 2880 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:05:07.0300 2880 srv - ok
15:05:07.0347 2880 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:05:07.0347 2880 srv2 - ok
15:05:07.0363 2880 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:05:07.0363 2880 srvnet - ok
15:05:07.0425 2880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:05:07.0425 2880 stexstor - ok
15:05:07.0441 2880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:05:07.0441 2880 swenum - ok
15:05:07.0519 2880 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:05:07.0534 2880 Tcpip - ok
15:05:07.0566 2880 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:05:07.0581 2880 TCPIP6 - ok
15:05:07.0597 2880 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:05:07.0597 2880 tcpipreg - ok
15:05:07.0612 2880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:05:07.0612 2880 TDPIPE - ok
15:05:07.0628 2880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:05:07.0628 2880 TDTCP - ok
15:05:07.0644 2880 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:05:07.0644 2880 tdx - ok
15:05:07.0659 2880 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:05:07.0659 2880 TermDD - ok
15:05:07.0690 2880 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:05:07.0690 2880 tssecsrv - ok
15:05:07.0706 2880 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:05:07.0706 2880 tunnel - ok
15:05:07.0722 2880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:05:07.0722 2880 uagp35 - ok
15:05:07.0753 2880 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
15:05:07.0753 2880 udfs - ok
15:05:07.0768 2880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:05:07.0768 2880 uliagpkx - ok
15:05:07.0800 2880 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:05:07.0800 2880 umbus - ok
15:05:07.0800 2880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:05:07.0800 2880 UmPass - ok
15:05:07.0846 2880 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
15:05:07.0846 2880 usbaudio - ok
15:05:07.0878 2880 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:05:07.0878 2880 usbccgp - ok
15:05:07.0893 2880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:05:07.0893 2880 usbcir - ok
15:05:07.0924 2880 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:05:07.0940 2880 usbehci - ok
15:05:07.0956 2880 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:05:07.0956 2880 usbhub - ok
15:05:07.0971 2880 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
15:05:07.0971 2880 usbohci - ok
15:05:08.0002 2880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:05:08.0002 2880 usbprint - ok
15:05:08.0034 2880 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
15:05:08.0034 2880 USBSTOR - ok
15:05:08.0049 2880 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:05:08.0049 2880 usbuhci - ok
15:05:08.0080 2880 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:05:08.0080 2880 usbvideo - ok
15:05:08.0096 2880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:05:08.0096 2880 vdrvroot - ok
15:05:08.0127 2880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:05:08.0127 2880 vga - ok
15:05:08.0143 2880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:05:08.0143 2880 VgaSave - ok
15:05:08.0158 2880 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:05:08.0158 2880 vhdmp - ok
15:05:08.0174 2880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:05:08.0174 2880 viaide - ok
15:05:08.0190 2880 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:05:08.0205 2880 volmgr - ok
15:05:08.0221 2880 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:05:08.0221 2880 volmgrx - ok
15:05:08.0236 2880 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:05:08.0236 2880 volsnap - ok
15:05:08.0252 2880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:05:08.0268 2880 vsmraid - ok
15:05:08.0283 2880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:05:08.0283 2880 vwifibus - ok
15:05:08.0299 2880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:05:08.0299 2880 WacomPen - ok
15:05:08.0314 2880 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:05:08.0314 2880 WANARP - ok
15:05:08.0330 2880 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:05:08.0330 2880 Wanarpv6 - ok
15:05:08.0361 2880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:05:08.0361 2880 Wd - ok
15:05:08.0392 2880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:05:08.0392 2880 Wdf01000 - ok
15:05:08.0439 2880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:05:08.0455 2880 WfpLwf - ok
15:05:08.0470 2880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:05:08.0470 2880 WIMMount - ok
15:05:08.0502 2880 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:05:08.0517 2880 winachsf - ok
15:05:08.0580 2880 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:05:08.0580 2880 WinUsb - ok
15:05:08.0595 2880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:05:08.0595 2880 WmiAcpi - ok
15:05:08.0642 2880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:05:08.0642 2880 ws2ifsl - ok
15:05:08.0673 2880 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
15:05:08.0673 2880 WudfPf - ok
15:05:08.0689 2880 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:08.0689 2880 WUDFRd - ok
15:05:08.0704 2880 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
15:05:08.0704 2880 XAudio - ok
15:05:08.0751 2880 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
15:05:08.0751 2880 xusb21 - ok
15:05:08.0782 2880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:05:08.0892 2880 \Device\Harddisk0\DR0 - ok
15:05:08.0892 2880 Boot (0x1200) (77522f4825a5593df2980797c09acf21) \Device\Harddisk0\DR0\Partition0
15:05:08.0892 2880 \Device\Harddisk0\DR0\Partition0 - ok
15:05:08.0907 2880 Boot (0x1200) (fa2072c792488d49de13b62d418ea0ea) \Device\Harddisk0\DR0\Partition1
15:05:08.0907 2880 \Device\Harddisk0\DR0\Partition1 - ok
15:05:08.0907 2880 ============================================================
15:05:08.0907 2880 Scan finished
15:05:08.0907 2880 ============================================================
15:05:08.0923 1668 Detected object count: 0
15:05:08.0923 1668 Actual detected object count: 0

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 13 February 2012 - 11:02 PM

Hi,

Do you use a router? If so, what make model (ie: Linksys WRT54G)? Please do this:

Posted Image Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    flushdns /c
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please include the following in your next post:
  • OTM log
  • Your router information

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 Jessmoon

Jessmoon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 15 February 2012 - 08:27 AM

I'm using a Motorola surfboard model SBG6580 supplied by Time Warner Cable.
Here is the log

->Temp folder emptied: 0 bytes

User: Tanner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 123020559 bytes
->Java cache emptied: 3397231 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 392 bytes

Total Files Cleaned = 214.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.19.0 log created on 02152012_071522




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users