Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine results redirected


  • This topic is locked This topic is locked
20 replies to this topic

#1 GrassCuttingSword

GrassCuttingSword

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 19 February 2012 - 01:52 PM

A few weeks ago, I began having the issue where my search engine results would be redirected to various websites (mostly ad sites). It doesn't matter which search engine I use (Chrome, Firefox or (shudder) IE); they all get redirected. I've tried a number of solutions. I have Avast installed. I've run various Malware bites removal programs and antispyware programs. I have spybot search and destroy running. I tried a rootkit removal program, though I can't recall which one. I've even gone so far as to format the computer; once from the hard drive partition and once from a disc. Ine Firefox, I have NoScript, and that seems to interrupt the hijack: it will attempt to send me to the wrong page, but the page won't load at all, and the correct URL will remain in the address bar. As a note, if I type in a URL directly, or go to a webiste that I visit regularly, there is no hijack- it's only when I'm using a search engine. Thanks in advance for any advice! Here are the logs requested (since I was pointed here by HijackThis, I'll include my HijackThis scan below the DDS log, in case it's helpful):

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Hal9000 at 12:15:08 on 2012-02-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2563 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26064785-399D-4249-B043-710612B3121F} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hal9000\AppData\Roaming\Mozilla\Firefox\Profiles\sz4kw9jk.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hal9000\AppData\Roaming\Mozilla\Firefox\Profiles\sz4kw9jk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-4 44768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-8 1153368]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-4 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-4 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-2-8 17152]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-19 17:51:23 -------- d-----w- C:\Users\Hal9000\AppData\Roaming\QuickScan
2012-02-17 18:14:18 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE71889D-DE32-488F-A5F2-F2657D99C94C}\mpengine.dll
2012-02-10 17:29:59 -------- d-----w- C:\Users\Hal9000\AppData\Local\Adobe
2012-02-08 22:01:59 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-08 20:27:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-08 20:27:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-08 20:11:46 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-02-08 20:09:35 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-02-08 20:09:26 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-02-08 20:01:57 388096 ----a-r- C:\Users\Hal9000\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-08 20:01:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-07 18:24:37 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-06 18:04:55 90112 ----a-w- C:\Windows\System32\snymsico.dll
2012-02-06 18:04:55 65024 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys
2012-02-06 18:04:55 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys
2012-02-06 18:04:55 172032 ----a-w- C:\Windows\System32\rixdicon.dll
2012-02-06 18:04:54 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys
2012-02-06 18:03:27 -------- d-----w- C:\Users\Hal9000\AppData\Local\ElevatedDiagnostics
2012-02-05 22:52:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 02:43:43 -------- d-----w- C:\Users\Hal9000\AppData\Local\Google
2012-02-05 02:43:38 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-05 02:43:38 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-05 02:40:35 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-05 02:40:29 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-05 02:40:29 -------- d-----w- C:\Program Files\AVAST Software
2012-02-05 01:47:05 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-05 01:47:05 -------- d-----w- C:\Windows\System32\Wat
2012-02-05 01:36:28 -------- d-----w- C:\Program Files (x86)\ASUS
2012-02-03 19:01:16 2829824 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-03 18:56:55 1048576 ------w- C:\N81Vg.BIN
2012-02-03 18:56:55 1048576 ------w- C:\N81Ve.BIN
2012-02-03 18:56:52 15416 ----a-w- C:\Windows\System32\drivers\kbfiltr.sys
2012-02-03 18:56:51 408600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-02-03 18:56:50 1490432 ----a-w- C:\Windows\System32\drivers\athrx.sys
2012-02-03 18:56:45 15928 ----a-w- C:\Windows\System32\drivers\ATK64AMD.sys
2012-02-03 18:45:25 -------- d-----w- C:\Users\Hal9000\AppData\Local\Mozilla
2012-02-03 18:23:41 -------- d-----w- C:\Program Files\ATI
2012-02-03 18:23:40 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-02-03 18:23:38 -------- d-sh--w- C:\Windows\Installer
2012-02-03 18:19:00 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-03 18:10:21 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-03 18:10:21 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-03 18:03:07 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-02-03 18:03:07 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-02-03 17:55:04 -------- d-----w- C:\ProgramData\TrueSuite
2012-02-03 17:55:02 -------- d-----w- C:\Windows\System32\wocaffe
2012-02-03 17:55:02 -------- d-----w- C:\Program Files\TrueSuite
2012-02-03 17:54:58 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-02-03 17:51:23 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-03 17:50:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-02-03 17:50:46 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-02-03 17:50:05 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-02-03 17:50:05 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-02-03 17:50:05 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2012-02-03 17:48:43 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-03 17:47:54 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2012-02-03 16:32:30 -------- d-----w- C:\Users\Hal9000\AppData\Local\VirtualStore
2012-02-03 16:32:23 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-03 16:32:23 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-03 16:32:23 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-02-03 16:32:23 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
.
==================== Find3M ====================
.
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlbLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:22 PM, on 2/19/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6959 bytes

.
============= FINISH: 12:22:33.45 ===============

HijackThis:

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 20 February 2012 - 01:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GrassCuttingSword

GrassCuttingSword
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 23 February 2012 - 01:56 PM

Hey, thanks for the reply! I've been crazy busy so I missed my alert that you had posted. I probably won't get a chance to run this until saturday morning, but I'll post the results immediately after I do. Thanks again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 23 February 2012 - 03:05 PM

No Problem and thanks for letting me know - just to let you know I do most of my work at night


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 26 February 2012 - 12:54 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 GrassCuttingSword

GrassCuttingSword
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 26 February 2012 - 02:56 AM

Yeah; I didn't get a chance to run the fix today. I've set aside time tomorrow (sunday) to run it, and I'll post my results then. Thanks for your patience with this, things have been pretty crazy for me the last few weeks.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 26 February 2012 - 03:01 AM

No Problem and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 GrassCuttingSword

GrassCuttingSword
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 26 February 2012 - 01:16 PM

Allright, I ran Combofix. After running it I did another search in firefox, and the search was redirected, so it doesn't look like this fixed the problem by itself. Here's the combofix log:

ComboFix 12-02-25.02 - Hal9000 02/26/2012 11:22:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2617 [GMT -6:00]
Running from: c:\users\Hal9000\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetWallpaper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 17:51 . 2012-02-26 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 18:54 . 2012-02-26 17:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B32BD8D-2FA3-4F35-A570-EEA1C8AD5552}\offreg.dll
2012-02-25 05:22 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B32BD8D-2FA3-4F35-A570-EEA1C8AD5552}\mpengine.dll
2012-02-10 17:30 . 2012-02-10 17:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-02-10 17:28 . 2012-02-10 17:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-08 22:01 . 2012-02-08 20:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-08 20:27 . 2012-02-08 20:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-08 20:27 . 2012-02-08 20:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-08 20:11 . 2012-02-08 20:11 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-08 20:09 . 2012-02-08 20:09 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-08 20:09 . 2011-12-23 13:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-08 20:09 . 2012-02-08 20:09 -------- d-----w- c:\programdata\Lavasoft
2012-02-08 20:09 . 2012-02-08 20:09 -------- d-----w- c:\program files (x86)\Lavasoft
2012-02-08 20:01 . 2012-02-08 20:01 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-06 18:04 . 2008-06-24 19:50 65024 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2012-02-06 18:04 . 2007-07-28 01:45 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2012-02-06 18:04 . 2007-07-25 18:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2012-02-06 18:04 . 2004-09-04 09:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-02-06 18:04 . 2007-07-27 02:33 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2012-02-06 18:04 . 2012-02-06 18:04 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-02-06 08:06 . 2012-02-06 08:06 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-05 22:52 . 2012-02-21 03:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 22:52 . 2012-02-05 22:52 -------- d-----w- c:\windows\SysWow64\Macromed
2012-02-05 22:52 . 2012-02-05 22:52 -------- d-----w- c:\windows\system32\Macromed
2012-02-05 02:43 . 2012-02-05 02:45 -------- d-----w- c:\program files (x86)\Google
2012-02-05 02:43 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-05 02:43 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-05 02:43 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-05 02:43 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-05 02:43 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-05 02:43 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-05 02:43 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-05 02:40 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-05 02:40 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-05 02:40 . 2012-02-05 02:40 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 02:40 . 2012-02-05 02:40 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:47 . 2012-02-05 01:47 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-05 01:47 . 2012-02-05 01:47 -------- d-----w- c:\windows\system32\Wat
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files (x86)\ASUS
2012-02-03 19:01 . 2009-08-13 14:13 274432 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-02-03 18:56 . 2009-09-14 06:48 1048576 ------w- C:\N81Ve.BIN
2012-02-03 18:56 . 2009-08-20 12:01 1048576 ------w- C:\N81Vg.BIN
2012-02-03 18:56 . 2009-07-20 09:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2012-02-03 18:56 . 2009-08-06 21:24 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-03 18:56 . 2009-08-10 10:16 1490432 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-02-03 18:56 . 2009-05-13 01:07 15928 ----a-w- c:\windows\system32\drivers\ATK64AMD.sys
2012-02-03 18:23 . 2012-02-03 18:23 -------- d-----w- c:\program files\ATI
2012-02-03 18:23 . 2012-02-03 18:23 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-02-03 18:23 . 2012-02-18 14:29 -------- d-sh--w- c:\windows\Installer
2012-02-03 18:19 . 2012-02-03 18:19 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-03 18:10 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-03 18:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-03 18:03 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-03 18:03 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-02-03 17:55 . 2012-02-03 17:55 -------- d-----w- c:\programdata\TrueSuite
2012-02-03 17:55 . 2012-02-03 17:55 -------- d-----w- c:\windows\system32\wocaffe
2012-02-03 17:55 . 2012-02-03 17:55 -------- d-----w- c:\program files\TrueSuite
2012-02-03 17:54 . 2012-02-03 17:54 -------- d-----w- c:\programdata\Downloaded Installations
2012-02-03 17:51 . 2012-01-29 11:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 17:50 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-03 17:50 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-03 17:50 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-03 17:50 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-03 17:50 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-03 17:48 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-03 17:47 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-02-03 16:32 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-02-03 16:32 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-02-03 16:32 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-02-03 16:32 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-03 16:28 . 2012-02-19 18:09 -------- d-----w- c:\users\Hal9000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-08 2152152]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\preload64\Patch\AsPrOb64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-02-08 17152]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 20:11]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 02:43]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 02:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hal9000\AppData\Roaming\Mozilla\Firefox\Profiles\sz4kw9jk.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-26 12:12:08
ComboFix-quarantined-files.txt 2012-02-26 18:12
.
Pre-Run: 122,533,859,328 bytes free
Post-Run: 122,338,607,104 bytes free
.
- - End Of File - - 169AFEF6F4406C95633762C629113150

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 26 February 2012 - 01:25 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 GrassCuttingSword

GrassCuttingSword
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 26 February 2012 - 04:27 PM

Allright, here goes.
TDSKILLER:
15:11:30.0934 4208 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
15:11:31.0201 4208 ============================================================
15:11:31.0201 4208 Current date / time: 2012/02/26 15:11:31.0201
15:11:31.0201 4208 SystemInfo:
15:11:31.0201 4208
15:11:31.0201 4208 OS Version: 6.1.7600 ServicePack: 0.0
15:11:31.0201 4208 Product type: Workstation
15:11:31.0201 4208 ComputerName: HAL9000-PC
15:11:31.0222 4208 UserName: Hal9000
15:11:31.0222 4208 Windows directory: C:\Windows
15:11:31.0222 4208 System windows directory: C:\Windows
15:11:31.0222 4208 Running under WOW64
15:11:31.0222 4208 Processor architecture: Intel x64
15:11:31.0222 4208 Number of processors: 2
15:11:31.0222 4208 Page size: 0x1000
15:11:31.0222 4208 Boot type: Normal boot
15:11:31.0222 4208 ============================================================
15:11:31.0856 4208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:11:31.0861 4208 \Device\Harddisk0\DR0:
15:11:31.0861 4208 MBR used
15:11:31.0861 4208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1D4B000
15:11:31.0861 4208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x12A17000
15:11:31.0886 4208 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14763000, BlocksNum 0x10CCB000
15:11:31.0983 4208 Initialize success
15:11:31.0983 4208 ============================================================
15:11:36.0457 4648 ============================================================
15:11:36.0457 4648 Scan started
15:11:36.0457 4648 Mode: Manual;
15:11:36.0457 4648 ============================================================
15:11:36.0956 4648 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:11:36.0956 4648 1394ohci - ok
15:11:36.0972 4648 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:11:36.0972 4648 ACPI - ok
15:11:37.0003 4648 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:11:37.0003 4648 AcpiPmi - ok
15:11:37.0050 4648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:11:37.0050 4648 adp94xx - ok
15:11:37.0066 4648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:11:37.0066 4648 adpahci - ok
15:11:37.0081 4648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:11:37.0081 4648 adpu320 - ok
15:11:37.0128 4648 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:11:37.0128 4648 AFD - ok
15:11:37.0144 4648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:11:37.0144 4648 agp440 - ok
15:11:37.0190 4648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:11:37.0190 4648 aliide - ok
15:11:37.0237 4648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:11:37.0237 4648 amdide - ok
15:11:37.0253 4648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:11:37.0253 4648 AmdK8 - ok
15:11:37.0253 4648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:11:37.0268 4648 AmdPPM - ok
15:11:37.0300 4648 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:11:37.0300 4648 amdsata - ok
15:11:37.0331 4648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:11:37.0331 4648 amdsbs - ok
15:11:37.0362 4648 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:11:37.0362 4648 amdxata - ok
15:11:37.0393 4648 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:11:37.0393 4648 AppID - ok
15:11:37.0424 4648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:11:37.0424 4648 arc - ok
15:11:37.0440 4648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:11:37.0440 4648 arcsas - ok
15:11:37.0502 4648 ASUSProcObsrv - ok
15:11:37.0534 4648 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
15:11:37.0534 4648 aswFsBlk - ok
15:11:37.0580 4648 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
15:11:37.0580 4648 aswMonFlt - ok
15:11:37.0596 4648 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
15:11:37.0596 4648 aswRdr - ok
15:11:37.0627 4648 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
15:11:37.0627 4648 aswSnx - ok
15:11:37.0643 4648 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
15:11:37.0643 4648 aswSP - ok
15:11:37.0658 4648 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
15:11:37.0658 4648 aswTdi - ok
15:11:37.0690 4648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:11:37.0690 4648 AsyncMac - ok
15:11:37.0736 4648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:11:37.0736 4648 atapi - ok
15:11:37.0783 4648 athr (0d8456e0e48a8f47c6f6a8bf35f3861d) C:\Windows\system32\DRIVERS\athrx.sys
15:11:37.0783 4648 athr - ok
15:11:37.0924 4648 atikmdag (74813bcd647b441dc9c9c0db2833781d) C:\Windows\system32\DRIVERS\atikmdag.sys
15:11:37.0939 4648 atikmdag - ok
15:11:37.0986 4648 ATSwpWDF (ea512f43f4a28d18b52cafe8c93984fb) C:\Windows\system32\Drivers\ATSwpWDF.sys
15:11:38.0002 4648 ATSwpWDF - ok
15:11:38.0064 4648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:11:38.0064 4648 b06bdrv - ok
15:11:38.0080 4648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:11:38.0095 4648 b57nd60a - ok
15:11:38.0111 4648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:11:38.0111 4648 Beep - ok
15:11:38.0158 4648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:11:38.0158 4648 blbdrive - ok
15:11:38.0189 4648 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:11:38.0189 4648 bowser - ok
15:11:38.0204 4648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:11:38.0204 4648 BrFiltLo - ok
15:11:38.0220 4648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:11:38.0220 4648 BrFiltUp - ok
15:11:38.0236 4648 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:11:38.0236 4648 BridgeMP - ok
15:11:38.0267 4648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:11:38.0267 4648 Brserid - ok
15:11:38.0282 4648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:11:38.0282 4648 BrSerWdm - ok
15:11:38.0298 4648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:11:38.0298 4648 BrUsbMdm - ok
15:11:38.0314 4648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:11:38.0314 4648 BrUsbSer - ok
15:11:38.0360 4648 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:11:38.0360 4648 BthEnum - ok
15:11:38.0376 4648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:11:38.0376 4648 BTHMODEM - ok
15:11:38.0407 4648 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:11:38.0407 4648 BthPan - ok
15:11:38.0454 4648 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
15:11:38.0454 4648 BTHPORT - ok
15:11:38.0501 4648 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
15:11:38.0501 4648 BTHUSB - ok
15:11:38.0610 4648 catchme - ok
15:11:38.0657 4648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:11:38.0657 4648 cdfs - ok
15:11:38.0688 4648 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:11:38.0688 4648 cdrom - ok
15:11:38.0719 4648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:11:38.0719 4648 circlass - ok
15:11:38.0750 4648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:11:38.0750 4648 CLFS - ok
15:11:38.0782 4648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:38.0782 4648 CmBatt - ok
15:11:38.0828 4648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:11:38.0828 4648 cmdide - ok
15:11:38.0860 4648 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:11:38.0875 4648 CNG - ok
15:11:38.0906 4648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:11:38.0906 4648 Compbatt - ok
15:11:38.0922 4648 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:11:38.0922 4648 CompositeBus - ok
15:11:38.0953 4648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:11:38.0953 4648 crcdisk - ok
15:11:39.0000 4648 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:11:39.0000 4648 DfsC - ok
15:11:39.0031 4648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:11:39.0031 4648 discache - ok
15:11:39.0062 4648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:11:39.0062 4648 Disk - ok
15:11:39.0094 4648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:11:39.0094 4648 drmkaud - ok
15:11:39.0140 4648 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:11:39.0156 4648 DXGKrnl - ok
15:11:39.0265 4648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:11:39.0281 4648 ebdrv - ok
15:11:39.0328 4648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:11:39.0343 4648 elxstor - ok
15:11:39.0343 4648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:11:39.0343 4648 ErrDev - ok
15:11:39.0374 4648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:11:39.0374 4648 exfat - ok
15:11:39.0406 4648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:11:39.0406 4648 fastfat - ok
15:11:39.0421 4648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:11:39.0421 4648 fdc - ok
15:11:39.0437 4648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:11:39.0437 4648 FileInfo - ok
15:11:39.0484 4648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:11:39.0484 4648 Filetrace - ok
15:11:39.0484 4648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:39.0484 4648 flpydisk - ok
15:11:39.0515 4648 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:11:39.0515 4648 FltMgr - ok
15:11:39.0562 4648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:11:39.0562 4648 FsDepends - ok
15:11:39.0562 4648 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:11:39.0562 4648 Fs_Rec - ok
15:11:39.0608 4648 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:11:39.0608 4648 fvevol - ok
15:11:39.0640 4648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:11:39.0640 4648 gagp30kx - ok
15:11:39.0686 4648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:11:39.0686 4648 hcw85cir - ok
15:11:39.0733 4648 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:11:39.0733 4648 HdAudAddService - ok
15:11:39.0764 4648 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:11:39.0764 4648 HDAudBus - ok
15:11:39.0780 4648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:11:39.0780 4648 HidBatt - ok
15:11:39.0796 4648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:11:39.0796 4648 HidBth - ok
15:11:39.0842 4648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:11:39.0842 4648 HidIr - ok
15:11:39.0858 4648 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:11:39.0858 4648 HidUsb - ok
15:11:39.0920 4648 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:11:39.0920 4648 HpSAMD - ok
15:11:39.0952 4648 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:11:39.0952 4648 HTTP - ok
15:11:39.0967 4648 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:11:39.0967 4648 hwpolicy - ok
15:11:39.0983 4648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:11:39.0983 4648 i8042prt - ok
15:11:40.0014 4648 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:11:40.0014 4648 iaStor - ok
15:11:40.0061 4648 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:11:40.0061 4648 iaStorV - ok
15:11:40.0076 4648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:11:40.0076 4648 iirsp - ok
15:11:40.0092 4648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:11:40.0092 4648 intelide - ok
15:11:40.0108 4648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:11:40.0108 4648 intelppm - ok
15:11:40.0123 4648 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:40.0123 4648 IpFilterDriver - ok
15:11:40.0139 4648 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:11:40.0139 4648 IPMIDRV - ok
15:11:40.0154 4648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:11:40.0154 4648 IPNAT - ok
15:11:40.0186 4648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:11:40.0186 4648 IRENUM - ok
15:11:40.0201 4648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:11:40.0201 4648 isapnp - ok
15:11:40.0232 4648 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:11:40.0232 4648 iScsiPrt - ok
15:11:40.0279 4648 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
15:11:40.0279 4648 itecir - ok
15:11:40.0295 4648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:40.0295 4648 kbdclass - ok
15:11:40.0310 4648 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:40.0310 4648 kbdhid - ok
15:11:40.0357 4648 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:11:40.0357 4648 kbfiltr - ok
15:11:40.0388 4648 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:11:40.0388 4648 KSecDD - ok
15:11:40.0404 4648 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:11:40.0404 4648 KSecPkg - ok
15:11:40.0420 4648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:11:40.0420 4648 ksthunk - ok
15:11:40.0529 4648 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
15:11:40.0529 4648 Lavasoft Kernexplorer - ok
15:11:40.0560 4648 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
15:11:40.0560 4648 Lbd - ok
15:11:40.0591 4648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:11:40.0591 4648 lltdio - ok
15:11:40.0622 4648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:11:40.0622 4648 LSI_FC - ok
15:11:40.0638 4648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:11:40.0638 4648 LSI_SAS - ok
15:11:40.0669 4648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:11:40.0669 4648 LSI_SAS2 - ok
15:11:40.0685 4648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:11:40.0685 4648 LSI_SCSI - ok
15:11:40.0716 4648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:11:40.0716 4648 luafv - ok
15:11:40.0732 4648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:11:40.0732 4648 megasas - ok
15:11:40.0747 4648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:11:40.0747 4648 MegaSR - ok
15:11:40.0763 4648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:11:40.0763 4648 Modem - ok
15:11:40.0778 4648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:11:40.0778 4648 monitor - ok
15:11:40.0810 4648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:11:40.0810 4648 mouclass - ok
15:11:40.0841 4648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:11:40.0841 4648 mouhid - ok
15:11:40.0856 4648 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:11:40.0856 4648 mountmgr - ok
15:11:40.0872 4648 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:11:40.0872 4648 mpio - ok
15:11:40.0888 4648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:11:40.0888 4648 mpsdrv - ok
15:11:40.0903 4648 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:11:40.0903 4648 MRxDAV - ok
15:11:40.0950 4648 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:11:40.0950 4648 mrxsmb - ok
15:11:40.0966 4648 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:11:40.0966 4648 mrxsmb10 - ok
15:11:40.0981 4648 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:11:40.0981 4648 mrxsmb20 - ok
15:11:41.0012 4648 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:11:41.0012 4648 msahci - ok
15:11:41.0028 4648 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:11:41.0028 4648 msdsm - ok
15:11:41.0059 4648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:11:41.0059 4648 Msfs - ok
15:11:41.0075 4648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:11:41.0075 4648 mshidkmdf - ok
15:11:41.0090 4648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:11:41.0090 4648 msisadrv - ok
15:11:41.0122 4648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:11:41.0122 4648 MSKSSRV - ok
15:11:41.0137 4648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:11:41.0137 4648 MSPCLOCK - ok
15:11:41.0153 4648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:11:41.0153 4648 MSPQM - ok
15:11:41.0184 4648 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:11:41.0184 4648 MsRPC - ok
15:11:41.0200 4648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:11:41.0200 4648 mssmbios - ok
15:11:41.0215 4648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:11:41.0215 4648 MSTEE - ok
15:11:41.0231 4648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:11:41.0231 4648 MTConfig - ok
15:11:41.0262 4648 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
15:11:41.0262 4648 MTsensor - ok
15:11:41.0278 4648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:11:41.0278 4648 Mup - ok
15:11:41.0340 4648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:11:41.0340 4648 NativeWifiP - ok
15:11:41.0371 4648 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:11:41.0371 4648 NDIS - ok
15:11:41.0402 4648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:11:41.0402 4648 NdisCap - ok
15:11:41.0418 4648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:11:41.0418 4648 NdisTapi - ok
15:11:41.0449 4648 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:11:41.0449 4648 Ndisuio - ok
15:11:41.0465 4648 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:11:41.0465 4648 NdisWan - ok
15:11:41.0465 4648 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:11:41.0465 4648 NDProxy - ok
15:11:41.0480 4648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:11:41.0480 4648 NetBIOS - ok
15:11:41.0496 4648 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:11:41.0496 4648 NetBT - ok
15:11:41.0543 4648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:11:41.0543 4648 nfrd960 - ok
15:11:41.0558 4648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:11:41.0558 4648 Npfs - ok
15:11:41.0574 4648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:11:41.0574 4648 nsiproxy - ok
15:11:41.0636 4648 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:11:41.0636 4648 Ntfs - ok
15:11:41.0652 4648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:11:41.0668 4648 Null - ok
15:11:41.0699 4648 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:11:41.0699 4648 nvraid - ok
15:11:41.0730 4648 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:11:41.0730 4648 nvstor - ok
15:11:41.0746 4648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:11:41.0746 4648 nv_agp - ok
15:11:41.0761 4648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:11:41.0761 4648 ohci1394 - ok
15:11:41.0777 4648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:11:41.0777 4648 Parport - ok
15:11:41.0792 4648 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:11:41.0792 4648 partmgr - ok
15:11:41.0808 4648 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:11:41.0808 4648 pci - ok
15:11:41.0839 4648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:11:41.0839 4648 pciide - ok
15:11:41.0855 4648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:11:41.0855 4648 pcmcia - ok
15:11:41.0870 4648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:11:41.0870 4648 pcw - ok
15:11:41.0886 4648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:11:41.0886 4648 PEAUTH - ok
15:11:41.0948 4648 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:11:41.0948 4648 PptpMiniport - ok
15:11:41.0980 4648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:11:41.0980 4648 Processor - ok
15:11:42.0011 4648 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:11:42.0011 4648 Psched - ok
15:11:42.0042 4648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:11:42.0058 4648 ql2300 - ok
15:11:42.0058 4648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:11:42.0073 4648 ql40xx - ok
15:11:42.0089 4648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:11:42.0089 4648 QWAVEdrv - ok
15:11:42.0104 4648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:11:42.0104 4648 RasAcd - ok
15:11:42.0136 4648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:11:42.0151 4648 RasAgileVpn - ok
15:11:42.0167 4648 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:11:42.0167 4648 Rasl2tp - ok
15:11:42.0198 4648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:11:42.0198 4648 RasPppoe - ok
15:11:42.0214 4648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:11:42.0214 4648 RasSstp - ok
15:11:42.0229 4648 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:11:42.0229 4648 rdbss - ok
15:11:42.0260 4648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:11:42.0260 4648 rdpbus - ok
15:11:42.0276 4648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:11:42.0276 4648 RDPCDD - ok
15:11:42.0292 4648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:11:42.0292 4648 RDPENCDD - ok
15:11:42.0323 4648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:11:42.0323 4648 RDPREFMP - ok
15:11:42.0323 4648 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:11:42.0338 4648 RDPWD - ok
15:11:42.0354 4648 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:11:42.0354 4648 rdyboost - ok
15:11:42.0401 4648 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:11:42.0401 4648 RFCOMM - ok
15:11:42.0448 4648 rimmptsk (528d70eabe8305a02f387fec839b9a47) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:11:42.0448 4648 rimmptsk - ok
15:11:42.0479 4648 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:11:42.0479 4648 rimsptsk - ok
15:11:42.0510 4648 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:11:42.0510 4648 rismxdp - ok
15:11:42.0557 4648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:11:42.0557 4648 rspndr - ok
15:11:42.0572 4648 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:11:42.0572 4648 RTL8167 - ok
15:11:42.0604 4648 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:11:42.0604 4648 sbp2port - ok
15:11:42.0635 4648 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:11:42.0635 4648 scfilter - ok
15:11:42.0666 4648 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
15:11:42.0666 4648 sdbus - ok
15:11:42.0682 4648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:11:42.0682 4648 secdrv - ok
15:11:42.0713 4648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:11:42.0713 4648 Serenum - ok
15:11:42.0760 4648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:11:42.0760 4648 Serial - ok
15:11:42.0775 4648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:11:42.0775 4648 sermouse - ok
15:11:42.0791 4648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:11:42.0791 4648 sffdisk - ok
15:11:42.0806 4648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:11:42.0806 4648 sffp_mmc - ok
15:11:42.0822 4648 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:11:42.0822 4648 sffp_sd - ok
15:11:42.0838 4648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:11:42.0838 4648 sfloppy - ok
15:11:42.0853 4648 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:11:42.0853 4648 SiSGbeLH - ok
15:11:42.0869 4648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:11:42.0869 4648 SiSRaid2 - ok
15:11:42.0884 4648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:11:42.0884 4648 SiSRaid4 - ok
15:11:42.0916 4648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:11:42.0916 4648 Smb - ok
15:11:42.0947 4648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:11:42.0947 4648 spldr - ok
15:11:42.0978 4648 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:11:42.0978 4648 srv - ok
15:11:43.0009 4648 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:11:43.0009 4648 srv2 - ok
15:11:43.0040 4648 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:11:43.0040 4648 srvnet - ok
15:11:43.0072 4648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:11:43.0072 4648 stexstor - ok
15:11:43.0087 4648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:11:43.0087 4648 swenum - ok
15:11:43.0165 4648 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:11:43.0181 4648 Tcpip - ok
15:11:43.0228 4648 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:11:43.0243 4648 TCPIP6 - ok
15:11:43.0259 4648 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:11:43.0259 4648 tcpipreg - ok
15:11:43.0274 4648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:11:43.0274 4648 TDPIPE - ok
15:11:43.0290 4648 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:11:43.0290 4648 TDTCP - ok
15:11:43.0306 4648 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:11:43.0306 4648 tdx - ok
15:11:43.0321 4648 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:11:43.0321 4648 TermDD - ok
15:11:43.0352 4648 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:11:43.0352 4648 tssecsrv - ok
15:11:43.0368 4648 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:11:43.0368 4648 tunnel - ok
15:11:43.0399 4648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:11:43.0399 4648 uagp35 - ok
15:11:43.0430 4648 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:11:43.0430 4648 udfs - ok
15:11:43.0462 4648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:11:43.0462 4648 uliagpkx - ok
15:11:43.0493 4648 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:11:43.0493 4648 umbus - ok
15:11:43.0524 4648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:11:43.0540 4648 UmPass - ok
15:11:43.0586 4648 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:11:43.0586 4648 usbccgp - ok
15:11:43.0602 4648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:11:43.0602 4648 usbcir - ok
15:11:43.0633 4648 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:11:43.0633 4648 usbehci - ok
15:11:43.0680 4648 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:11:43.0680 4648 usbhub - ok
15:11:43.0696 4648 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
15:11:43.0696 4648 usbohci - ok
15:11:43.0727 4648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:11:43.0727 4648 usbprint - ok
15:11:43.0758 4648 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
15:11:43.0758 4648 USBSTOR - ok
15:11:43.0774 4648 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:11:43.0774 4648 usbuhci - ok
15:11:43.0820 4648 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:11:43.0836 4648 usbvideo - ok
15:11:43.0867 4648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:11:43.0867 4648 vdrvroot - ok
15:11:43.0898 4648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:11:43.0914 4648 vga - ok
15:11:43.0914 4648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:11:43.0930 4648 VgaSave - ok
15:11:43.0930 4648 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:11:43.0930 4648 vhdmp - ok
15:11:43.0961 4648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:11:43.0961 4648 viaide - ok
15:11:43.0961 4648 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:11:43.0976 4648 volmgr - ok
15:11:43.0992 4648 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:11:43.0992 4648 volmgrx - ok
15:11:44.0008 4648 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:11:44.0008 4648 volsnap - ok
15:11:44.0054 4648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:11:44.0054 4648 vsmraid - ok
15:11:44.0070 4648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:11:44.0070 4648 vwifibus - ok
15:11:44.0070 4648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:11:44.0070 4648 vwififlt - ok
15:11:44.0101 4648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:11:44.0101 4648 WacomPen - ok
15:11:44.0117 4648 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:11:44.0117 4648 WANARP - ok
15:11:44.0117 4648 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:11:44.0117 4648 Wanarpv6 - ok
15:11:44.0164 4648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:11:44.0164 4648 Wd - ok
15:11:44.0179 4648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:11:44.0179 4648 Wdf01000 - ok
15:11:44.0210 4648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:11:44.0210 4648 WfpLwf - ok
15:11:44.0226 4648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:11:44.0242 4648 WIMMount - ok
15:11:44.0273 4648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:11:44.0273 4648 WmiAcpi - ok
15:11:44.0304 4648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:11:44.0304 4648 ws2ifsl - ok
15:11:44.0335 4648 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:11:44.0335 4648 WudfPf - ok
15:11:44.0366 4648 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:11:44.0366 4648 WUDFRd - ok
15:11:44.0398 4648 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
15:11:44.0429 4648 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
15:11:44.0429 4648 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
15:11:44.0460 4648 Boot (0x1200) (b45e7313242a6e6bfa2cc33921510b14) \Device\Harddisk0\DR0\Partition0
15:11:44.0460 4648 \Device\Harddisk0\DR0\Partition0 - ok
15:11:44.0476 4648 Boot (0x1200) (471dc2662c750a274aaf5cf06ee17b3f) \Device\Harddisk0\DR0\Partition1
15:11:44.0476 4648 \Device\Harddisk0\DR0\Partition1 - ok
15:11:44.0491 4648 Boot (0x1200) (f5a7479d130d7dea0b504b2b3915b34d) \Device\Harddisk0\DR0\Partition2
15:11:44.0507 4648 \Device\Harddisk0\DR0\Partition2 - ok
15:11:44.0507 4648 ============================================================
15:11:44.0507 4648 Scan finished
15:11:44.0507 4648 ============================================================
15:11:44.0507 0720 Detected object count: 1
15:11:44.0507 0720 Actual detected object count: 1
15:11:51.0917 0720 \Device\Harddisk0\DR0\# - copied to quarantine
15:11:51.0917 0720 \Device\Harddisk0\DR0 - copied to quarantine
15:11:51.0979 0720 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:11:51.0979 0720 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:11:51.0995 0720 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:11:52.0010 0720 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:11:52.0010 0720 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
15:11:52.0010 0720 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
15:11:52.0010 0720 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
15:11:52.0073 0720 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
15:11:52.0073 0720 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
15:11:52.0073 0720 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
15:11:52.0088 0720 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
15:11:52.0088 0720 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
15:11:52.0104 0720 \Device\Harddisk0\DR0\TDLFS\serf232 - copied to quarantine
15:11:52.0120 0720 \Device\Harddisk0\DR0\TDLFS\serf264 - copied to quarantine
15:11:52.0135 0720 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
15:11:52.0135 0720 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
15:11:52.0135 0720 \Device\Harddisk0\DR0 - ok
15:11:56.0971 0720 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
15:12:01.0230 4048 Deinitialize success
----------------------------------------------------------
aswMBR:
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 15:19:10
-----------------------------
15:19:10.148 OS Version: Windows x64 6.1.7600
15:19:10.148 Number of processors: 2 586 0x170A
15:19:10.148 ComputerName: HAL9000-PC UserName: Hal9000
15:19:11.942 Initialize success
15:19:12.051 AVAST engine defs: 12022603
15:19:15.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:19:15.015 Disk 0 Vendor: ST932042 0002 Size: 305245MB BusType: 3
15:19:15.015 Disk 0 MBR read successfully
15:19:15.031 Disk 0 MBR scan
15:19:15.483 Disk 0 Windows VISTA default MBR code
15:19:15.499 Disk 0 Partition 1 00 0C FAT32 LBA MSDOS5.0 14998 MB offset 2048
15:19:15.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152622 MB offset 30717952
15:19:15.858 Disk 0 Partition - 00 0F Extended LBA 137623 MB offset 343287808
15:19:15.873 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137622 MB offset 343289856
15:19:16.092 Disk 0 scanning C:\Windows\system32\drivers
15:19:27.901 Service scanning
15:19:41.380 Modules scanning
15:19:41.380 Disk 0 trace - called modules:
15:19:41.411 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:19:41.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c20370]
15:19:41.411 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80046bdb20]
15:19:41.426 5 ACPI.sys[fffff88000ece781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046c6050]
15:19:43.158 AVAST engine scan C:\Windows
15:19:48.041 AVAST engine scan C:\Windows\system32
15:21:52.045 AVAST engine scan C:\Windows\system32\drivers
15:22:02.950 AVAST engine scan C:\Users\Hal9000
15:23:24.242 AVAST engine scan C:\ProgramData
15:23:42.603 Scan finished successfully
15:25:03.598 Disk 0 MBR has been saved successfully to "C:\Users\Hal9000\Desktop\MBR.dat"
15:25:03.598 The log file has been saved successfully to "C:\Users\Hal9000\Desktop\aswMBR.txt"

#11 GrassCuttingSword

GrassCuttingSword
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 26 February 2012 - 04:30 PM

I saw that tdskiller removed a rootkit, which the previous rootkit removal tools I've used did not catch. I did a few google searches, and have not been redirected, so hopefully that caught the issue. I look forward to hearing what you think from the logs.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 27 February 2012 - 12:22 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 GrassCuttingSword

GrassCuttingSword
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 27 February 2012 - 01:18 PM

There didn't seem to be any issues with running the combofix again as described. I played around with the computer last night after the other fixes you had me run, and I have not been redirected at all. I've specifically been trying to use the search engines that seemed to be most susceptible (Chrome and IE, since my firefox has a javascript blocker installed) and haven't run into any issues. Unless something pops up again, it looks like this may have cleared out the issue. I'm impressed with the programs you've had me use, since I'd run other rootkit removal software and they did not find the issue. Let me know if there's anything else I should do, and thanks for the help!

Here's the combofix log from the last run:

ComboFix 12-02-25.02 - Hal9000 02/27/2012 12:06:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2598 [GMT -6:00]
Running from: c:\users\Hal9000\Desktop\ComboFix.exe
Command switches used :: c:\users\Hal9000\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 18:11 . 2012-02-27 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 21:11 . 2012-02-26 21:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-25 05:22 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B32BD8D-2FA3-4F35-A570-EEA1C8AD5552}\mpengine.dll
2012-02-10 17:30 . 2012-02-10 17:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-02-10 17:28 . 2012-02-10 17:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-08 22:01 . 2012-02-08 20:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-08 20:27 . 2012-02-08 20:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-08 20:27 . 2012-02-08 20:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-08 20:11 . 2012-02-08 20:11 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-08 20:09 . 2012-02-08 20:09 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-08 20:09 . 2011-12-23 13:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-08 20:09 . 2012-02-08 20:09 -------- d-----w- c:\programdata\Lavasoft
2012-02-08 20:09 . 2012-02-08 20:09 -------- d-----w- c:\program files (x86)\Lavasoft
2012-02-08 20:01 . 2012-02-08 20:01 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-06 18:04 . 2008-06-24 19:50 65024 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2012-02-06 18:04 . 2007-07-28 01:45 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2012-02-06 18:04 . 2007-07-25 18:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2012-02-06 18:04 . 2004-09-04 09:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-02-06 18:04 . 2007-07-27 02:33 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2012-02-06 18:04 . 2012-02-06 18:04 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-02-06 08:06 . 2012-02-06 08:06 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-05 22:52 . 2012-02-21 03:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 22:52 . 2012-02-05 22:52 -------- d-----w- c:\windows\SysWow64\Macromed
2012-02-05 22:52 . 2012-02-05 22:52 -------- d-----w- c:\windows\system32\Macromed
2012-02-05 02:43 . 2012-02-05 02:45 -------- d-----w- c:\program files (x86)\Google
2012-02-05 02:43 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-05 02:43 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-05 02:43 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-05 02:43 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-05 02:43 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-05 02:43 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-05 02:43 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-05 02:40 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-05 02:40 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-05 02:40 . 2012-02-05 02:40 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 02:40 . 2012-02-05 02:40 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:47 . 2012-02-05 01:47 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-05 01:47 . 2012-02-05 01:47 -------- d-----w- c:\windows\system32\Wat
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files (x86)\ASUS
2012-02-03 19:01 . 2009-08-13 14:13 274432 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-02-03 18:56 . 2009-09-14 06:48 1048576 ------w- C:\N81Ve.BIN
2012-02-03 18:56 . 2009-08-20 12:01 1048576 ------w- C:\N81Vg.BIN
2012-02-03 18:56 . 2009-07-20 09:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2012-02-03 18:56 . 2009-08-06 21:24 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-03 18:56 . 2009-08-10 10:16 1490432 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-02-03 18:56 . 2009-05-13 01:07 15928 ----a-w- c:\windows\system32\drivers\ATK64AMD.sys
2012-02-03 18:23 . 2012-02-03 18:23 -------- d-----w- c:\program files\ATI
2012-02-03 18:23 . 2012-02-03 18:23 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-02-03 18:23 . 2012-02-18 14:29 -------- d-sh--w- c:\windows\Installer
2012-02-03 18:19 . 2012-02-03 18:19 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-03 18:10 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-03 18:10 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-03 18:03 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-02-03 18:03 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-02-03 17:55 . 2012-02-03 17:55 -------- d-----w- c:\programdata\TrueSuite
2012-02-03 17:55 . 2012-02-03 17:55 -------- d-----w- c:\windows\system32\wocaffe
2012-02-03 17:55 . 2012-02-03 17:55 -------- d-----w- c:\program files\TrueSuite
2012-02-03 17:54 . 2012-02-03 17:54 -------- d-----w- c:\programdata\Downloaded Installations
2012-02-03 17:51 . 2012-01-29 11:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 17:50 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-03 17:50 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-03 17:50 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-03 17:50 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-03 17:50 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-03 17:48 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-03 17:47 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-02-03 16:32 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-02-03 16:32 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-02-03 16:32 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-02-03 16:32 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-03 16:28 . 2012-02-19 18:09 -------- d-----w- c:\users\Hal9000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-26_17.53.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-26 16:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-27 18:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-26 16:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-27 18:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-27 18:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-26 16:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-02-26 21:14 33386 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-04 06:42 . 2012-02-26 21:18 79118 c:\windows\system32\perfc001.dat
- 2009-08-04 06:42 . 2012-02-25 20:45 79118 c:\windows\system32\perfc001.dat
- 2012-02-03 16:27 . 2012-02-25 20:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-03 16:27 . 2012-02-26 21:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-03 16:27 . 2012-02-26 21:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-03 16:27 . 2012-02-25 20:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-03 18:11 . 2012-02-26 21:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-03 18:11 . 2012-02-25 20:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-03 17:35 . 2012-02-26 17:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-03 17:35 . 2012-02-27 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-03 17:35 . 2012-02-26 17:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-03 17:35 . 2012-02-27 18:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-03 17:36 . 2012-02-26 21:14 5172 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1420797380-1674729285-1784402540-1001_UserData.bin
- 2012-02-22 05:41 . 2012-02-25 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-26 21:12 . 2012-02-26 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-26 21:12 . 2012-02-26 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-22 05:41 . 2012-02-25 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-04 00:50 . 2012-02-27 18:02 235884 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-08-04 06:31 . 2012-02-26 21:18 687512 c:\windows\system32\prfh0816.dat
- 2009-08-04 06:31 . 2012-02-25 20:45 687512 c:\windows\system32\prfh0816.dat
- 2009-08-04 06:56 . 2012-02-25 20:45 369938 c:\windows\system32\prfh0804.dat
+ 2009-08-04 06:56 . 2012-02-26 21:18 369938 c:\windows\system32\prfh0804.dat
- 2009-08-04 06:12 . 2012-02-25 20:45 671974 c:\windows\system32\prfh0416.dat
+ 2009-08-04 06:12 . 2012-02-26 21:18 671974 c:\windows\system32\prfh0416.dat
- 2009-08-04 06:25 . 2012-02-25 20:45 393490 c:\windows\system32\prfh0404.dat
+ 2009-08-04 06:25 . 2012-02-26 21:18 393490 c:\windows\system32\prfh0404.dat
- 2009-08-04 06:31 . 2012-02-25 20:45 133886 c:\windows\system32\prfc0816.dat
+ 2009-08-04 06:31 . 2012-02-26 21:18 133886 c:\windows\system32\prfc0816.dat
- 2009-08-04 06:56 . 2012-02-25 20:45 104382 c:\windows\system32\prfc0804.dat
+ 2009-08-04 06:56 . 2012-02-26 21:18 104382 c:\windows\system32\prfc0804.dat
+ 2009-08-04 06:12 . 2012-02-26 21:18 128228 c:\windows\system32\prfc0416.dat
- 2009-08-04 06:12 . 2012-02-25 20:45 128228 c:\windows\system32\prfc0416.dat
- 2009-08-04 06:25 . 2012-02-25 20:45 106522 c:\windows\system32\prfc0404.dat
+ 2009-08-04 06:25 . 2012-02-26 21:18 106522 c:\windows\system32\prfc0404.dat
- 2009-08-04 06:18 . 2012-02-25 20:45 618372 c:\windows\system32\perfh01F.dat
+ 2009-08-04 06:18 . 2012-02-26 21:18 618372 c:\windows\system32\perfh01F.dat
+ 2009-08-04 06:05 . 2012-02-26 21:18 702600 c:\windows\system32\perfh00C.dat
- 2009-08-04 06:05 . 2012-02-25 20:45 702600 c:\windows\system32\perfh00C.dat
+ 2009-08-04 05:59 . 2012-02-26 21:18 701624 c:\windows\system32\perfh00A.dat
- 2009-08-04 05:59 . 2012-02-25 20:45 701624 c:\windows\system32\perfh00A.dat
- 2009-07-14 02:36 . 2012-02-25 20:45 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-26 21:18 624178 c:\windows\system32\perfh009.dat
+ 2009-08-04 06:42 . 2012-02-26 21:18 442656 c:\windows\system32\perfh001.dat
- 2009-08-04 06:42 . 2012-02-25 20:45 442656 c:\windows\system32\perfh001.dat
- 2009-08-04 06:18 . 2012-02-25 20:45 121660 c:\windows\system32\perfc01F.dat
+ 2009-08-04 06:18 . 2012-02-26 21:18 121660 c:\windows\system32\perfc01F.dat
+ 2009-08-04 06:05 . 2012-02-26 21:18 130274 c:\windows\system32\perfc00C.dat
- 2009-08-04 06:05 . 2012-02-25 20:45 130274 c:\windows\system32\perfc00C.dat
+ 2009-08-04 05:59 . 2012-02-26 21:18 137196 c:\windows\system32\perfc00A.dat
- 2009-08-04 05:59 . 2012-02-25 20:45 137196 c:\windows\system32\perfc00A.dat
+ 2009-07-14 02:36 . 2012-02-26 21:18 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-25 20:45 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-02-22 05:41 229236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-26 21:12 229236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-05 03:18 . 2012-02-26 21:12 455092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1420797380-1674729285-1784402540-1001-8192.dat
- 2012-02-05 03:18 . 2012-02-22 05:41 455092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1420797380-1674729285-1784402540-1001-8192.dat
- 2009-07-14 02:34 . 2012-02-26 03:05 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-27 02:34 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-08 2152152]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\preload64\Patch\AsPrOb64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 20:11]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 02:43]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 02:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hal9000\AppData\Roaming\Mozilla\Firefox\Profiles\sz4kw9jk.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-27 12:13:41
ComboFix-quarantined-files.txt 2012-02-27 18:13
ComboFix2.txt 2012-02-26 18:12
.
Pre-Run: 123,011,895,296 bytes free
Post-Run: 122,463,641,600 bytes free
.
- - End Of File - - 36363EB470A4E968D87BDE6AE7C8B609

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 27 February 2012 - 03:10 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 GrassCuttingSword

GrassCuttingSword
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 28 February 2012 - 01:01 AM

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Hal9000 :: HAL9000-PC [administrator]

2/27/2012 11:53:51 PM
mbam-log-2012-02-27 (23-53-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183740
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:51 PM, on 2/27/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6095 bytes


No new issues; all of these ran smoothly. The computer did have to reboot from the TCF scan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users