Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Searchbif Google keeps redirecting


  • This topic is locked This topic is locked
16 replies to this topic

#1 Sakster

Sakster

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 16 February 2012 - 09:47 AM

When selecting any search result from google I am redirected to searchbif.net which then generates random websites. Please help with removal.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by jkissel at 9:27:36 on 2012-02-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3710.2639 [GMT -5:00]
.
AV: AVG Anti-Virus Business Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\LTSVC\LTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\LTSvc\LTSvcMon.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\jkissel\AppData\Local\dplaysvr.exe
C:\Windows\LTSvc\LTTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [?]
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: ciscom.com\lt
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.137.241 192.168.137.1 192.168.137.242 192.168.137.246
TCP: Interfaces\{AD03FCC0-E096-4A00-8A76-849FEFF603C0} : DhcpNameServer = 192.168.137.241 192.168.137.1 192.168.137.242 192.168.137.246
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 94.63.240.127 www.google.com
Hosts: 94.63.240.128 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jkissel\appdata\roaming\mozilla\firefox\profiles\lqmoslmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-2-14 13336]
R2 LTService;LabTech Monitoring Service;c:\windows\ltsvc\LTSVC.exe [2011-3-23 12381184]
R2 LTSvcMon;LabTech Monitoring Service CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2011-3-23 92672]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-14 224424]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-9-4 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
.scr=AutoCADLTScriptFile
.
=============== Created Last 30 ================
.
2012-02-16 12:30:29 -------- d-s---w- C:\ComboFix
2012-02-03 16:59:28 -------- d-----w- C:\$RECYCLE.BIN
2012-02-01 20:32:21 -------- d-----w- c:\users\jkissel\appdata\local\ElevatedDiagnostics
2012-01-18 10:59:25 -------- d-----w- C:\$AVG
.
==================== Find3M ====================
.
.
============= FINISH: 9:28:02.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 AM

Posted 17 February 2012 - 02:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Sakster

Sakster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 17 February 2012 - 08:09 AM

No programs would open after Combofix ran, and windows rebooted. Rebooted again, and everything was back to normal.
Clicked roughly 30 of the Google search results without it redirecting me. Seems to be working fine.


ComboFix 12-02-17.01 - jkissel 02/17/2012 7:43.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3710.2684 [GMT -5:00]
Running from: c:\users\jkissel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Business Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jkissel\AppData\Local\dplayx.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 12:47 . 2012-02-17 12:47 -------- d-----w- c:\users\mhsadmin\AppData\Local\temp
2012-02-17 12:47 . 2012-02-17 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-17 12:47 . 2012-02-17 12:47 -------- d-----w- c:\users\administrator\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 12:49 . 2012-01-03 13:39 0 ----a-w- c:\users\jkissel\AppData\Local\WavXMapDrive.bat
2012-01-03 13:36 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-03 13:36 . 2011-03-23 15:45 0 ----a-w- c:\users\administrator\AppData\Local\WavXMapDrive.bat
2012-01-29 15:55 . 2012-02-03 13:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-12-03 1657448]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-1-4 1274696]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4194421219-3928421883-2463824581-1611\Scripts\Logon\0\0]
"Script"=Labtechinstall.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4194421219-3928421883-2463824581-500\Scripts\Logon\0\0]
"Script"=Labtechinstall.bat
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-23 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LTService;LabTech Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-29 12381184]
S2 LTSvcMon;LabTech Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2012-01-03 92672]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: ciscom.com\lt
TCP: DhcpNameServer = 192.168.137.241 192.168.137.1 192.168.137.242 192.168.137.246
FF - ProfilePath - c:\users\jkissel\AppData\Roaming\Mozilla\Firefox\Profiles\lqmoslmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(4208)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-02-17 07:51:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 12:51
ComboFix2.txt 2012-02-03 17:01
ComboFix3.txt 2012-02-03 16:47
ComboFix4.txt 2012-01-24 12:41
.
Pre-Run: 270,355,038,208 bytes free
Post-Run: 270,252,425,216 bytes free
.
- - End Of File - - FF26A40B7AADD5AF5CA4C4B92C46C965

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 AM

Posted 18 February 2012 - 01:26 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Sakster

Sakster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 20 February 2012 - 07:10 AM

07:01:21.0146 3204 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
07:01:21.0562 3204 ============================================================
07:01:21.0562 3204 Current date / time: 2012/02/20 07:01:21.0562
07:01:21.0562 3204 SystemInfo:
07:01:21.0562 3204
07:01:21.0562 3204 OS Version: 6.1.7601 ServicePack: 1.0
07:01:21.0562 3204 Product type: Workstation
07:01:21.0562 3204 ComputerName: NEWMHSD4
07:01:21.0562 3204 UserName: jkissel
07:01:21.0562 3204 Windows directory: C:\Windows
07:01:21.0562 3204 System windows directory: C:\Windows
07:01:21.0562 3204 Processor architecture: Intel x86
07:01:21.0562 3204 Number of processors: 4
07:01:21.0562 3204 Page size: 0x1000
07:01:21.0562 3204 Boot type: Normal boot
07:01:21.0562 3204 ============================================================
07:01:22.0333 3204 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:01:22.0333 3204 \Device\Harddisk0\DR0:
07:01:22.0333 3204 MBR used
07:01:22.0333 3204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1785000
07:01:22.0333 3204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1799000, BlocksNum 0x23C95000
07:01:22.0364 3204 Initialize success
07:01:22.0364 3204 ============================================================
07:01:26.0170 2328 ============================================================
07:01:26.0170 2328 Scan started
07:01:26.0170 2328 Mode: Manual;
07:01:26.0170 2328 ============================================================
07:01:26.0740 2328 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
07:01:26.0740 2328 1394ohci - ok
07:01:26.0802 2328 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
07:01:26.0802 2328 ACPI - ok
07:01:26.0879 2328 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
07:01:26.0879 2328 AcpiPmi - ok
07:01:26.0940 2328 ADIHdAudAddService (9ae87d8e973b18b0cda4a6ac69943ba5) C:\Windows\system32\drivers\ADIHdAud.sys
07:01:26.0956 2328 ADIHdAudAddService - ok
07:01:27.0033 2328 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
07:01:27.0033 2328 adp94xx - ok
07:01:27.0110 2328 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
07:01:27.0110 2328 adpahci - ok
07:01:27.0187 2328 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
07:01:27.0187 2328 adpu320 - ok
07:01:27.0249 2328 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
07:01:27.0264 2328 AFD - ok
07:01:27.0310 2328 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
07:01:27.0310 2328 agp440 - ok
07:01:27.0388 2328 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
07:01:27.0388 2328 aic78xx - ok
07:01:27.0481 2328 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
07:01:27.0481 2328 aliide - ok
07:01:27.0542 2328 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
07:01:27.0542 2328 amdagp - ok
07:01:27.0589 2328 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
07:01:27.0589 2328 amdide - ok
07:01:27.0650 2328 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
07:01:27.0650 2328 AmdK8 - ok
07:01:27.0712 2328 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
07:01:27.0712 2328 AmdPPM - ok
07:01:28.0390 2328 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
07:01:28.0390 2328 amdsata - ok
07:01:28.0421 2328 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
07:01:28.0421 2328 amdsbs - ok
07:01:28.0436 2328 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
07:01:28.0436 2328 amdxata - ok
07:01:28.0467 2328 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
07:01:28.0467 2328 AppID - ok
07:01:28.0498 2328 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
07:01:28.0498 2328 arc - ok
07:01:28.0513 2328 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
07:01:28.0513 2328 arcsas - ok
07:01:28.0529 2328 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
07:01:28.0529 2328 AsyncMac - ok
07:01:28.0544 2328 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
07:01:28.0559 2328 atapi - ok
07:01:28.0606 2328 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
07:01:28.0606 2328 AVGIDSDriver - ok
07:01:28.0621 2328 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
07:01:28.0621 2328 AVGIDSEH - ok
07:01:28.0636 2328 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
07:01:28.0636 2328 AVGIDSFilter - ok
07:01:28.0652 2328 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
07:01:28.0652 2328 AVGIDSShim - ok
07:01:28.0683 2328 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
07:01:28.0683 2328 Avgldx86 - ok
07:01:28.0698 2328 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
07:01:28.0713 2328 Avgmfx86 - ok
07:01:28.0729 2328 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
07:01:28.0729 2328 Avgrkx86 - ok
07:01:28.0744 2328 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
07:01:28.0744 2328 Avgtdix - ok
07:01:28.0806 2328 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
07:01:28.0806 2328 b06bdrv - ok
07:01:28.0837 2328 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:01:28.0837 2328 b57nd60x - ok
07:01:28.0868 2328 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
07:01:28.0868 2328 Beep - ok
07:01:28.0898 2328 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
07:01:28.0898 2328 blbdrive - ok
07:01:28.0914 2328 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
07:01:28.0914 2328 bowser - ok
07:01:28.0929 2328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:01:28.0929 2328 BrFiltLo - ok
07:01:28.0945 2328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:01:28.0945 2328 BrFiltUp - ok
07:01:29.0006 2328 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
07:01:29.0006 2328 BridgeMP - ok
07:01:29.0022 2328 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
07:01:29.0022 2328 Brserid - ok
07:01:29.0037 2328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
07:01:29.0037 2328 BrSerWdm - ok
07:01:29.0053 2328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:01:29.0053 2328 BrUsbMdm - ok
07:01:29.0068 2328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
07:01:29.0068 2328 BrUsbSer - ok
07:01:29.0083 2328 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
07:01:29.0083 2328 BTHMODEM - ok
07:01:29.0160 2328 catchme - ok
07:01:29.0176 2328 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
07:01:29.0176 2328 cdfs - ok
07:01:29.0207 2328 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
07:01:29.0207 2328 cdrom - ok
07:01:29.0237 2328 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
07:01:29.0237 2328 circlass - ok
07:01:29.0253 2328 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
07:01:29.0268 2328 CLFS - ok
07:01:29.0284 2328 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
07:01:29.0299 2328 CmBatt - ok
07:01:29.0314 2328 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
07:01:29.0314 2328 cmdide - ok
07:01:29.0330 2328 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
07:01:29.0330 2328 CNG - ok
07:01:29.0345 2328 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
07:01:29.0345 2328 Compbatt - ok
07:01:29.0361 2328 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
07:01:29.0376 2328 CompositeBus - ok
07:01:29.0392 2328 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
07:01:29.0392 2328 crcdisk - ok
07:01:29.0422 2328 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
07:01:29.0438 2328 CSC - ok
07:01:29.0469 2328 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
07:01:29.0469 2328 DfsC - ok
07:01:29.0484 2328 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
07:01:29.0484 2328 discache - ok
07:01:29.0515 2328 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
07:01:29.0515 2328 Disk - ok
07:01:29.0546 2328 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
07:01:29.0561 2328 drmkaud - ok
07:01:29.0592 2328 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
07:01:29.0592 2328 DXGKrnl - ok
07:01:29.0607 2328 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
07:01:29.0623 2328 e1kexpress - ok
07:01:29.0684 2328 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
07:01:29.0731 2328 ebdrv - ok
07:01:29.0761 2328 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
07:01:29.0777 2328 elxstor - ok
07:01:29.0792 2328 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
07:01:29.0792 2328 ErrDev - ok
07:01:29.0823 2328 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
07:01:29.0823 2328 exfat - ok
07:01:29.0838 2328 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
07:01:29.0838 2328 fastfat - ok
07:01:29.0869 2328 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
07:01:29.0869 2328 fdc - ok
07:01:29.0885 2328 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
07:01:29.0885 2328 FileInfo - ok
07:01:29.0900 2328 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
07:01:29.0900 2328 Filetrace - ok
07:01:29.0915 2328 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
07:01:29.0915 2328 flpydisk - ok
07:01:29.0931 2328 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
07:01:29.0931 2328 FltMgr - ok
07:01:29.0946 2328 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
07:01:29.0962 2328 FsDepends - ok
07:01:29.0962 2328 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
07:01:29.0962 2328 Fs_Rec - ok
07:01:29.0992 2328 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
07:01:29.0992 2328 fvevol - ok
07:01:30.0023 2328 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:01:30.0023 2328 gagp30kx - ok
07:01:30.0023 2328 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
07:01:30.0039 2328 hcw85cir - ok
07:01:30.0071 2328 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
07:01:30.0071 2328 HDAudBus - ok
07:01:30.0086 2328 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
07:01:30.0086 2328 HidBatt - ok
07:01:30.0101 2328 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
07:01:30.0101 2328 HidBth - ok
07:01:30.0132 2328 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
07:01:30.0132 2328 HidIr - ok
07:01:30.0148 2328 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
07:01:30.0148 2328 HidUsb - ok
07:01:30.0178 2328 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
07:01:30.0178 2328 HpSAMD - ok
07:01:30.0209 2328 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
07:01:30.0209 2328 HTTP - ok
07:01:30.0240 2328 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
07:01:30.0240 2328 hwpolicy - ok
07:01:30.0240 2328 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
07:01:30.0255 2328 i8042prt - ok
07:01:30.0271 2328 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
07:01:30.0271 2328 iaStor - ok
07:01:30.0317 2328 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
07:01:30.0317 2328 iaStorV - ok
07:01:30.0332 2328 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
07:01:30.0332 2328 iirsp - ok
07:01:30.0348 2328 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
07:01:30.0363 2328 intelide - ok
07:01:30.0379 2328 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:01:30.0379 2328 intelppm - ok
07:01:30.0394 2328 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:01:30.0410 2328 IpFilterDriver - ok
07:01:30.0425 2328 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
07:01:30.0425 2328 IPMIDRV - ok
07:01:30.0440 2328 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:01:30.0440 2328 IPNAT - ok
07:01:30.0471 2328 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:01:30.0471 2328 IRENUM - ok
07:01:30.0487 2328 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
07:01:30.0487 2328 isapnp - ok
07:01:30.0502 2328 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
07:01:30.0502 2328 iScsiPrt - ok
07:01:30.0517 2328 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:01:30.0517 2328 kbdclass - ok
07:01:30.0533 2328 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
07:01:30.0533 2328 kbdhid - ok
07:01:30.0548 2328 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
07:01:30.0548 2328 KSecDD - ok
07:01:30.0564 2328 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
07:01:30.0564 2328 KSecPkg - ok
07:01:30.0579 2328 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:01:30.0579 2328 lltdio - ok
07:01:30.0610 2328 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:01:30.0610 2328 LSI_FC - ok
07:01:30.0625 2328 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:01:30.0625 2328 LSI_SAS - ok
07:01:30.0641 2328 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:01:30.0641 2328 LSI_SAS2 - ok
07:01:30.0656 2328 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:01:30.0672 2328 LSI_SCSI - ok
07:01:30.0702 2328 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:01:30.0702 2328 luafv - ok
07:01:30.0718 2328 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
07:01:30.0718 2328 megasas - ok
07:01:30.0733 2328 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
07:01:30.0733 2328 MegaSR - ok
07:01:30.0764 2328 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:01:30.0764 2328 Modem - ok
07:01:30.0779 2328 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:01:30.0779 2328 monitor - ok
07:01:30.0810 2328 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
07:01:30.0810 2328 mouclass - ok
07:01:30.0826 2328 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:01:30.0826 2328 mouhid - ok
07:01:30.0841 2328 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
07:01:30.0841 2328 mountmgr - ok
07:01:30.0856 2328 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
07:01:30.0872 2328 mpio - ok
07:01:30.0887 2328 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:01:30.0887 2328 mpsdrv - ok
07:01:30.0903 2328 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
07:01:30.0903 2328 MRxDAV - ok
07:01:30.0933 2328 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:01:30.0949 2328 mrxsmb - ok
07:01:30.0964 2328 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:01:30.0964 2328 mrxsmb10 - ok
07:01:30.0980 2328 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:01:30.0980 2328 mrxsmb20 - ok
07:01:30.0995 2328 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
07:01:30.0995 2328 msahci - ok
07:01:31.0011 2328 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
07:01:31.0011 2328 msdsm - ok
07:01:31.0026 2328 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:01:31.0026 2328 Msfs - ok
07:01:31.0041 2328 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:01:31.0041 2328 mshidkmdf - ok
07:01:31.0057 2328 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
07:01:31.0057 2328 msisadrv - ok
07:01:31.0088 2328 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:01:31.0088 2328 MSKSSRV - ok
07:01:31.0103 2328 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:01:31.0103 2328 MSPCLOCK - ok
07:01:31.0118 2328 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:01:31.0118 2328 MSPQM - ok
07:01:31.0134 2328 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:01:31.0134 2328 MsRPC - ok
07:01:31.0149 2328 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
07:01:31.0149 2328 mssmbios - ok
07:01:31.0165 2328 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:01:31.0165 2328 MSTEE - ok
07:01:31.0180 2328 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
07:01:31.0180 2328 MTConfig - ok
07:01:31.0180 2328 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:01:31.0180 2328 Mup - ok
07:01:31.0211 2328 NAL (428c611928df3e96538a482117e659f7) C:\Windows\system32\Drivers\iqvw32.sys
07:01:31.0226 2328 NAL - ok
07:01:31.0242 2328 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:01:31.0242 2328 NativeWifiP - ok
07:01:31.0272 2328 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
07:01:31.0288 2328 NDIS - ok
07:01:31.0303 2328 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:01:31.0319 2328 NdisCap - ok
07:01:31.0334 2328 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:01:31.0334 2328 NdisTapi - ok
07:01:31.0365 2328 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
07:01:31.0365 2328 Ndisuio - ok
07:01:31.0380 2328 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
07:01:31.0380 2328 NdisWan - ok
07:01:31.0396 2328 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
07:01:31.0396 2328 NDProxy - ok
07:01:31.0411 2328 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:01:31.0411 2328 NetBIOS - ok
07:01:31.0442 2328 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
07:01:31.0442 2328 NetBT - ok
07:01:31.0473 2328 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
07:01:31.0473 2328 nfrd960 - ok
07:01:31.0488 2328 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:01:31.0504 2328 Npfs - ok
07:01:31.0519 2328 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:01:31.0519 2328 nsiproxy - ok
07:01:31.0550 2328 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
07:01:31.0581 2328 Ntfs - ok
07:01:31.0596 2328 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:01:31.0596 2328 Null - ok
07:01:31.0766 2328 nvlddmkm (686cc241f9935341b51c5aa3ab5e4da4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:01:31.0812 2328 nvlddmkm - ok
07:01:31.0827 2328 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
07:01:31.0843 2328 nvraid - ok
07:01:31.0858 2328 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
07:01:31.0858 2328 nvstor - ok
07:01:31.0873 2328 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
07:01:31.0889 2328 nv_agp - ok
07:01:31.0904 2328 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
07:01:31.0920 2328 ohci1394 - ok
07:01:31.0951 2328 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:01:31.0951 2328 Parport - ok
07:01:31.0981 2328 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
07:01:31.0981 2328 partmgr - ok
07:01:31.0997 2328 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:01:31.0997 2328 Parvdm - ok
07:01:32.0028 2328 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
07:01:32.0028 2328 PBADRV - ok
07:01:32.0058 2328 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
07:01:32.0058 2328 pci - ok
07:01:32.0074 2328 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
07:01:32.0074 2328 pciide - ok
07:01:32.0089 2328 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
07:01:32.0089 2328 pcmcia - ok
07:01:32.0105 2328 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:01:32.0105 2328 pcw - ok
07:01:32.0135 2328 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:01:32.0135 2328 PEAUTH - ok
07:01:32.0166 2328 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:01:32.0166 2328 PptpMiniport - ok
07:01:32.0182 2328 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
07:01:32.0182 2328 Processor - ok
07:01:32.0212 2328 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:01:32.0228 2328 Psched - ok
07:01:32.0243 2328 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
07:01:32.0243 2328 PxHelp20 - ok
07:01:32.0290 2328 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
07:01:32.0320 2328 ql2300 - ok
07:01:32.0336 2328 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
07:01:32.0336 2328 ql40xx - ok
07:01:32.0351 2328 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:01:32.0351 2328 QWAVEdrv - ok
07:01:32.0367 2328 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:01:32.0367 2328 RasAcd - ok
07:01:32.0382 2328 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:01:32.0397 2328 RasAgileVpn - ok
07:01:32.0397 2328 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:01:32.0397 2328 Rasl2tp - ok
07:01:32.0428 2328 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:01:32.0428 2328 RasPppoe - ok
07:01:32.0428 2328 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:01:32.0428 2328 RasSstp - ok
07:01:32.0459 2328 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
07:01:32.0459 2328 rdbss - ok
07:01:32.0474 2328 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
07:01:32.0474 2328 rdpbus - ok
07:01:32.0505 2328 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:01:32.0505 2328 RDPCDD - ok
07:01:32.0521 2328 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
07:01:32.0521 2328 RDPDR - ok
07:01:32.0551 2328 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:01:32.0551 2328 RDPENCDD - ok
07:01:32.0567 2328 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:01:32.0567 2328 RDPREFMP - ok
07:01:32.0598 2328 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
07:01:32.0598 2328 RDPWD - ok
07:01:32.0613 2328 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
07:01:32.0613 2328 rdyboost - ok
07:01:32.0675 2328 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:01:32.0675 2328 rspndr - ok
07:01:32.0690 2328 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
07:01:32.0690 2328 s3cap - ok
07:01:32.0721 2328 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
07:01:32.0721 2328 sbp2port - ok
07:01:32.0736 2328 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
07:01:32.0736 2328 scfilter - ok
07:01:32.0767 2328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:01:32.0767 2328 secdrv - ok
07:01:32.0813 2328 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:01:32.0813 2328 Serenum - ok
07:01:32.0829 2328 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:01:32.0829 2328 Serial - ok
07:01:32.0860 2328 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
07:01:32.0860 2328 sermouse - ok
07:01:32.0875 2328 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
07:01:32.0891 2328 sffdisk - ok
07:01:32.0891 2328 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
07:01:32.0891 2328 sffp_mmc - ok
07:01:32.0906 2328 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
07:01:32.0906 2328 sffp_sd - ok
07:01:32.0921 2328 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
07:01:32.0921 2328 sfloppy - ok
07:01:32.0937 2328 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
07:01:32.0937 2328 sisagp - ok
07:01:32.0952 2328 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:01:32.0952 2328 SiSRaid2 - ok
07:01:32.0952 2328 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
07:01:32.0968 2328 SiSRaid4 - ok
07:01:32.0998 2328 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:01:32.0998 2328 Smb - ok
07:01:33.0014 2328 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:01:33.0014 2328 spldr - ok
07:01:33.0045 2328 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
07:01:33.0045 2328 srv - ok
07:01:33.0060 2328 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
07:01:33.0060 2328 srv2 - ok
07:01:33.0091 2328 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
07:01:33.0091 2328 srvnet - ok
07:01:33.0106 2328 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
07:01:33.0106 2328 stexstor - ok
07:01:33.0137 2328 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
07:01:33.0137 2328 storflt - ok
07:01:33.0152 2328 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
07:01:33.0152 2328 storvsc - ok
07:01:33.0168 2328 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
07:01:33.0168 2328 swenum - ok
07:01:33.0214 2328 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
07:01:33.0230 2328 Tcpip - ok
07:01:33.0276 2328 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
07:01:33.0276 2328 TCPIP6 - ok
07:01:33.0307 2328 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
07:01:33.0307 2328 tcpipreg - ok
07:01:33.0337 2328 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
07:01:33.0337 2328 TDPIPE - ok
07:01:33.0353 2328 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
07:01:33.0353 2328 TDTCP - ok
07:01:33.0368 2328 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
07:01:33.0384 2328 tdx - ok
07:01:33.0384 2328 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
07:01:33.0399 2328 TermDD - ok
07:01:33.0430 2328 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:01:33.0430 2328 tssecsrv - ok
07:01:33.0461 2328 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
07:01:33.0461 2328 TsUsbFlt - ok
07:01:33.0507 2328 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
07:01:33.0507 2328 tunnel - ok
07:01:33.0538 2328 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
07:01:33.0538 2328 uagp35 - ok
07:01:33.0569 2328 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
07:01:33.0569 2328 udfs - ok
07:01:33.0599 2328 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
07:01:33.0599 2328 uliagpkx - ok
07:01:33.0630 2328 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
07:01:33.0630 2328 umbus - ok
07:01:33.0646 2328 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
07:01:33.0646 2328 UmPass - ok
07:01:33.0676 2328 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
07:01:33.0676 2328 usbccgp - ok
07:01:33.0692 2328 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
07:01:33.0692 2328 usbcir - ok
07:01:33.0707 2328 usbehci (6bf08e83a434d511ac3fca6d97c43683) C:\Windows\system32\DRIVERS\usbehci.sys
07:01:33.0707 2328 usbehci - ok
07:01:33.0723 2328 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
07:01:33.0723 2328 usbhub - ok
07:01:33.0753 2328 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
07:01:33.0753 2328 usbohci - ok
07:01:33.0769 2328 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
07:01:33.0769 2328 usbprint - ok
07:01:33.0784 2328 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:01:33.0784 2328 USBSTOR - ok
07:01:33.0800 2328 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
07:01:33.0800 2328 usbuhci - ok
07:01:33.0801 2328 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
07:01:33.0801 2328 vdrvroot - ok
07:01:33.0831 2328 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:01:33.0831 2328 vga - ok
07:01:33.0847 2328 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:01:33.0847 2328 VgaSave - ok
07:01:33.0862 2328 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
07:01:33.0878 2328 vhdmp - ok
07:01:33.0909 2328 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
07:01:33.0909 2328 viaagp - ok
07:01:33.0924 2328 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
07:01:33.0924 2328 ViaC7 - ok
07:01:33.0939 2328 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
07:01:33.0939 2328 viaide - ok
07:01:33.0955 2328 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
07:01:33.0955 2328 vmbus - ok
07:01:33.0970 2328 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
07:01:33.0970 2328 VMBusHID - ok
07:01:33.0986 2328 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
07:01:33.0986 2328 volmgr - ok
07:01:34.0001 2328 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:01:34.0016 2328 volmgrx - ok
07:01:34.0016 2328 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
07:01:34.0032 2328 volsnap - ok
07:01:34.0047 2328 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
07:01:34.0047 2328 vsmraid - ok
07:01:34.0063 2328 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:01:34.0063 2328 vwifibus - ok
07:01:34.0078 2328 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
07:01:34.0078 2328 WacomPen - ok
07:01:34.0109 2328 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:01:34.0109 2328 WANARP - ok
07:01:34.0124 2328 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:01:34.0124 2328 Wanarpv6 - ok
07:01:34.0155 2328 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys
07:01:34.0155 2328 WavxDMgr - ok
07:01:34.0171 2328 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
07:01:34.0171 2328 Wd - ok
07:01:34.0186 2328 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:01:34.0186 2328 Wdf01000 - ok
07:01:34.0232 2328 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:01:34.0232 2328 WfpLwf - ok
07:01:34.0248 2328 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:01:34.0248 2328 WIMMount - ok
07:01:34.0294 2328 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
07:01:34.0294 2328 WmiAcpi - ok
07:01:34.0325 2328 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:01:34.0325 2328 ws2ifsl - ok
07:01:34.0340 2328 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
07:01:34.0340 2328 WudfPf - ok
07:01:34.0371 2328 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:01:34.0371 2328 WUDFRd - ok
07:01:34.0386 2328 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:01:34.0448 2328 \Device\Harddisk0\DR0 - ok
07:01:34.0463 2328 Boot (0x1200) (d63dcab986e0c8bcedfe43f0d64cdbdf) \Device\Harddisk0\DR0\Partition0
07:01:34.0463 2328 \Device\Harddisk0\DR0\Partition0 - ok
07:01:34.0463 2328 Boot (0x1200) (e141731ed0b9c4694b4e3586edb28839) \Device\Harddisk0\DR0\Partition1
07:01:34.0463 2328 \Device\Harddisk0\DR0\Partition1 - ok
07:01:34.0463 2328 ============================================================
07:01:34.0463 2328 Scan finished
07:01:34.0463 2328 ============================================================
07:01:34.0479 5912 Detected object count: 0
07:01:34.0479 5912 Actual detected object count: 0


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 07:04:55
-----------------------------
07:04:55.310 OS Version: Windows 6.1.7601 Service Pack 1
07:04:55.310 Number of processors: 4 586 0x170A
07:04:55.310 ComputerName: NEWMHSD4 UserName: jkissel
07:04:56.009 Initialize success
07:04:58.851 AVAST engine defs: 12022000
07:05:01.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:05:01.725 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 8
07:05:01.740 Disk 0 MBR read successfully
07:05:01.740 Disk 0 MBR scan
07:05:01.740 Disk 0 Windows VISTA default MBR code
07:05:01.756 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:05:01.756 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12042 MB offset 81920
07:05:01.771 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293162 MB offset 24743936
07:05:01.787 Disk 0 scanning sectors +625139712
07:05:01.973 Disk 0 scanning C:\Windows\system32\drivers
07:05:12.395 Service scanning
07:05:26.312 Modules scanning
07:05:47.545 Disk 0 trace - called modules:
07:05:47.591 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
07:05:47.591 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e5e230]
07:05:47.591 3 CLASSPNP.SYS[8cd8a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f38028]
07:05:48.352 AVAST engine scan C:\Windows
07:05:51.692 AVAST engine scan C:\Windows\system32
07:07:42.047 AVAST engine scan C:\Windows\system32\drivers
07:07:52.484 AVAST engine scan C:\Users\jkissel
07:08:29.965 AVAST engine scan C:\ProgramData
07:08:49.706 Scan finished successfully
07:09:02.055 Disk 0 MBR has been saved successfully to "C:\Users\jkissel\Desktop\MBR.dat"
07:09:02.055 The log file has been saved successfully to "C:\Users\jkissel\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 AM

Posted 20 February 2012 - 03:35 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Sakster

Sakster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 20 February 2012 - 04:01 PM

Again, after Combofix ran no program would open. Rebooted, and everything was fine. No problems on the browser at this time. Computer seems to be working fine now. Everything opens with no problems and no redirects from Google.


ComboFix 12-02-17.01 - jkissel 02/20/2012 15:44:17.5.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3710.1897 [GMT -5:00]
Running from: c:\users\jkissel\Desktop\ComboFix.exe
Command switches used :: c:\users\jkissel\Desktop\CFScript.txt
AV: AVG Anti-Virus Business Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 20:48 . 2012-02-20 20:48 -------- d-----w- c:\users\mhsadmin\AppData\Local\temp
2012-02-20 20:48 . 2012-02-20 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 20:48 . 2012-02-20 20:48 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-02-03 13:18 . 2012-02-03 13:18 -------- d-----w- c:\users\jkissel\AppData\Local\Mozilla
2012-02-01 20:32 . 2012-02-01 20:32 -------- d-----w- c:\users\jkissel\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 13:53 . 2012-01-03 13:39 0 ----a-w- c:\users\jkissel\AppData\Local\WavXMapDrive.bat
2012-01-03 13:36 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-03 13:36 . 2011-03-23 15:45 0 ----a-w- c:\users\administrator\AppData\Local\WavXMapDrive.bat
2012-01-29 15:55 . 2012-02-03 13:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-12-03 1657448]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-1-4 1274696]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4194421219-3928421883-2463824581-1611\Scripts\Logon\0\0]
"Script"=Labtechinstall.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4194421219-3928421883-2463824581-500\Scripts\Logon\0\0]
"Script"=Labtechinstall.bat
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-23 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LTService;LabTech Monitoring Service;c:\windows\LTSVC\LTSVC.exe [2011-11-29 12381184]
S2 LTSvcMon;LabTech Monitoring Service CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [2012-01-03 92672]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: ciscom.com\lt
TCP: DhcpNameServer = 192.168.137.241 192.168.137.1 192.168.137.242 192.168.137.246
FF - ProfilePath - c:\users\jkissel\AppData\Roaming\Mozilla\Firefox\Profiles\lqmoslmq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(2456)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
Completion time: 2012-02-20 15:49:40
ComboFix-quarantined-files.txt 2012-02-20 20:49
ComboFix2.txt 2012-02-17 12:51
ComboFix3.txt 2012-02-03 17:01
ComboFix4.txt 2012-02-03 16:47
ComboFix5.txt 2012-02-20 20:43
.
Pre-Run: 269,342,134,272 bytes free
Post-Run: 269,431,840,768 bytes free
.
- - End Of File - - 89398DD7CE7C5B1116BBB950410100F3

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 AM

Posted 20 February 2012 - 05:12 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 22 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Sakster

Sakster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 21 February 2012 - 07:16 AM

When clicking on the TFC link it opens a new tabs that says this...

"Gateway Anti-Virus Alert

This request is blocked by the SonicWALL Gateway Anti-Virus Service. Name: Emold.U (Worm)"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 AM

Posted 21 February 2012 - 07:45 AM

It is not a virus but go ahead and skip that part (it is not very important)

gringo

Edited by gringo_pr, 21 February 2012 - 07:45 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Sakster

Sakster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 21 February 2012 - 08:02 AM

No problems other then the one mentioned in the previous post.



Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
jkissel :: NEWMHSD4 [administrator]

Protection: Enabled

2/21/2012 7:54:27 AM
mbam-log-2012-02-21 (07-54-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224851
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:11 AM, on 2/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\LTSvc\LTTray.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Autodesk\AutoCAD LT 2011\acadlt.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr\lib\WSCommCntr2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Network Monitoring Tray.lnk = C:\Windows\LTSvc\LTTray.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: lt.ciscom.com (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mhsinclou
O17 - HKLM\Software\..\Telephony: DomainName = mhsinclou
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mhsinclou
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mhsinclou
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: LabTech Monitoring Service (LTService) - LabTech Software - C:\Windows\LTSVC\LTSVC.exe
O23 - Service: LabTech Monitoring Service CheckUp Util (LTSvcMon) - LabTech Software - C:\Windows\LTSvc\LTSvcMon.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

--
End of file - 9060 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 AM

Posted 21 February 2012 - 08:17 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
      O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
      O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
      O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Sakster

Sakster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 21 February 2012 - 09:18 AM

This was the only thing that ESET Online Scanner showed. I didn't see an option for a full log.

C:\Qoobox\Quarantine\C\Users\jkissel\AppData\Local\dplayx.dll.vir a variant of Win32/Kryptik.AAVG trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:24 AM

Posted 21 February 2012 - 12:52 PM

Hello

The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Sakster

Sakster
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 21 February 2012 - 01:01 PM

Thank you very much. Everything seems to be in order. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users