Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with virus, Trojan, adware, Autorun virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 angy08

angy08

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 23 February 2012 - 10:13 AM

My antivirus detected and removed a few things but I think my pc is still infected. I lost one pc trying to fix it myself in the a while ago so I need some help this time. I removed my antivirus because it started not working properly, I removed something using this forums but I want to make sure my pc will be clean completely. I see some locked files when I scanned it on safe mode with my antivirus before. I know I have or had, Trojan win32/downloader, generic 4.cnrq, generic 14.boic, Trojan agent/gen-remote Admin, malware reported on my c:\windows\system32\flcss.exe and virus Regt.3xe and Autorun.inf. Maybe there is more, not sure how to find hidden virus on my system. Please help me clean my computer...

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 25 February 2012 - 02:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 26 February 2012 - 06:33 PM

Thank you so much for you fast reply, I followed you steps and here are the logs. Also When I tried to start my pc on safe move I got a windows message that said: Failure Configuring Windows Updates
Reverting Changes
Do not turn off your computer.
Then I got this message....
Preparing to configure windows do not turn off your computer.
I hadn't used my computer because i dint feel safe using it till i knew everything was ok. All I notice after using it again is that it is extremely slow compare to how it was before I realize I had malware. Thank you so much for your help, here is the logs I saved to my desktop.

DSS.txt log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Andry at 18:02:24 on 2012-02-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.446 [GMT -5:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
F:\Toshiba Program Files\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
F:\Toshiba Program Files\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\explorer.com\mbamgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Users\Andry\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
F:\Toshiba Program Files\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\explorer.com\mbamservice.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com?a=6PQmBClvdJ&i=26
uDefault_Page_URL = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: IE.PerformancePack: {7adefb8e-b723-45e6-86e2-2b7841f5d6a5} - mscoree.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - c:\program files\samsung anyweb print\W2PBrowser.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
uRun: [Google Update] "c:\users\andry\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Advanced SystemCare 5] "f:\toshiba program files\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "f:\toshiba program files\iTunesHelper.exe"
mRun: [QuickTime Task] "f:\toshiba program files\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\explorer.com\mbamgui.exe" /starttray
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\samsung anyweb print\W2PBrowser.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{644EE323-51BA-46DD-B84B-EE5CAF4B384F} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{644EE323-51BA-46DD-B84B-EE5CAF4B384F}\8416C62656273747164647 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: !SASWinLogon - f:\toshiba program files\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-28 16184]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2011-1-17 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;f:\toshiba program files\advanced systemcare 5\ASCService.exe [2012-1-28 497496]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 KLAntiFL;KLAntiFL;c:\windows\system32\flcss.sys [2012-2-8 12714]
R2 MBAMService;MBAMService;c:\program files\explorer.com\mbamservice.exe [2012-2-12 652360]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-2-26 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-12-22 300584]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-12-22 33320]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-11-10 27632]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-1-17 116008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-12 20464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-17 324712]
S2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 NOBU;Norton Online Backup;"c:\program files\symantec\norton online backup\nobuagent.exe" service --> c:\program files\symantec\norton online backup\NOBuAgent.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2012-2-10 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-1-31 163008]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2011-12-22 131888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-28 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-31 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-15 12:41:48 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-15 12:41:42 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-02-15 12:41:39 -------- d-----w- c:\program files\AVG Secure Search
2012-02-13 13:42:12 -------- d-----w- c:\users\andry\appdata\local\TempDIR
2012-02-12 07:10:27 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-12 05:47:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-12 05:47:15 -------- d-----w- c:\program files\explorer.com
2012-02-12 00:24:21 -------- d-----w- c:\users\andry\DoctorWeb
.
==================== Find3M ====================
.
2012-02-10 23:36:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-10 22:37:48 0 ----a-w- c:\windows\system32\bride.exe
2012-02-10 22:37:48 0 ----a-w- c:\windows\system32\aavar.pif
2012-02-10 22:37:48 0 ----a-w- c:\windows\srv32.exe
2012-02-10 22:37:48 0 ----a-w- c:\windows\scrsvr.exe
2012-02-10 22:37:48 0 ----a-w- c:\windows\marco!.scr
2012-02-10 22:37:48 0 ----a-w- c:\windows\instit.bat
2012-02-10 22:37:48 0 ----a-w- c:\windows\brasil.pif
2012-02-10 22:37:48 0 ----a-w- c:\windows\brasil.exe
2012-02-10 22:37:48 0 ----a-w- c:\windows\alevir.exe
2012-02-08 12:57:35 12714 ----a-w- c:\windows\system32\flcss.sys
2012-01-31 23:49:18 163008 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
2012-01-31 16:57:12 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2012-01-31 16:57:12 109216 ----a-w- c:\windows\system32\EasyHook64.dll
2012-01-31 16:57:11 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-01-31 14:18:29 14664 ----a-w- c:\windows\stinger.sys
2012-01-28 05:51:47 159608 ----a-w- c:\windows\system32\mfevtps.exe.a686.deleteme
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 05:10:44 159608 ----a-w- c:\windows\system32\mfevtps.exe.ad2f.deleteme
2012-01-24 04:18:09 159608 ----a-w- c:\windows\system32\mfevtps.exe.017e.deleteme
2012-01-10 14:31:55 87608 ----a-w- c:\users\andry\appdata\roaming\inst.exe
2012-01-10 14:31:55 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-10 14:31:55 47360 ----a-w- c:\users\andry\appdata\roaming\pcouffin.sys
2012-01-04 04:22:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 05:04:55 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-12-31 05:04:54 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-31 05:04:53 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-30 22:02:54 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-28 14:46:55 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-23 12:12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
.
============= FINISH: 18:04:08.99 ===============

ATTACH.txt log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2011 12:10:51 PM
System Uptime: 2/26/2012 5:21:40 PM (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC210/NC110
Processor: Intel® Atom™ CPU N455 @ 1.66GHz | CPU 1 | 1316/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 87 GiB total, 57.389 GiB free.
D: is FIXED (NTFS) - 131 GiB total, 118.367 GiB free.
E: is Removable
F: is FIXED (NTFS) - 466 GiB total, 414.995 GiB free.
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP121: 2/10/2012 9:59:58 AM - Before uninstalling Kaspersky Internet Security 2012
RP122: 2/10/2012 10:16:32 AM - Removed AVG 2011
RP123: 2/10/2012 10:19:26 AM - Removed AVG 2011
RP125: 2/10/2012 10:21:18 AM - Before uninstalling AVG 2011
RP126: 2/10/2012 11:18:59 AM - Installed AVG 2011
RP127: 2/10/2012 11:19:52 AM - Installed AVG 2011
RP128: 2/10/2012 6:26:31 PM - Installed Ad-Aware
RP129: 2/10/2012 6:28:36 PM - Installed Ad-Aware
RP130: 2/15/2012 9:28:06 AM - new restored point for malware removal
RP131: 2/15/2012 9:43:28 AM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?? Messenger
???????? ?????????? Windows Live
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
2XL Supercross
2XL Trophylite Rally
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Advanced SystemCare 5
Alice Greenfingers
„Messenger“ pagalbine priemone
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
AVG 2011
AVG PC Tuneup
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bonbon Quest
Bonjour
Broadcom 802.11 Network Adapter
Cake Mania
ChargeableUSB
Complemento Messenger
Complément Messenger
CyberLink YouCam
D3DX10
Daycare Nightmare
Doplnok programu Messenger
Download Accelerator Plus (DAP)
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ETDWare PS/2-X86 8.0.7.2_WHQL
Fast Start
Flip Words
Fotogalerija Windows Live
Galapago
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Game Pack
Gem Shop
Google Chrome
Insaniquarium Deluxe
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Junk Mail filter update
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
Mahjong Escape Ancient China
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Color Enhancer
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhoneShare
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pomocnik Messenger
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 4.2
Slingo
Smart Defrag 2
Spremljevalec Messenger
SRS Premium Sound Control Panel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
User Guide
WIDCOMM Bluetooth Software
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinZip 16.0
WordCaptureX Pro
.
==== Event Viewer Messages From Past Week ========
.
2/26/2012 5:31:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2660465).
2/26/2012 5:31:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2660075).
2/26/2012 5:31:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2640148).
2/26/2012 5:31:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2654428).
2/26/2012 5:31:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2633873).
2/26/2012 5:31:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2647516).
2/26/2012 5:22:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SASDIFSV
2/26/2012 5:22:22 PM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The system cannot find the file specified.
2/26/2012 5:20:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv.dll Error Code: 21
2/26/2012 5:20:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 cdrom discache SABI SASDIFSV spldr Wanarpv6
2/26/2012 5:20:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 26 February 2012 - 08:26 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 February 2012 - 09:35 AM

I followed the instructions and I ran through some problems, Im trying to reply as fast as I can so I ran combofix last night, I disabled all antivirus, I have Malwarebytes and AVG,(I forgot to say I have windows 7/ 32 Bit on my topic); the problem I ran to is that AVG only disables for 15 min according to the instructions I followed to disable it so I let combofix do its thing, I know you said it may restart my pc on its own also. I waited and ended up not realizing I closed my eyes for a couple of hours I think so when I checked What combofix found I realized AVG had enabled itself and was asking me to allow or block combofix so I clicked Allow, I quickly disabled avg again so it wouldn't interrupt CF again (I didn't touch CF window at all), then combofix finished and restarted my computer, came on again and finished and I saved log to my desktop. I got worried that I messed up the whole malware cleaning process by not disabling the avg again if combofix took longer. Im so sorry. Is everything still ok or do we need to do it over. I know combofix is a tool only to be used by the instructions of experts like you so I didn't attempt to run it again. Here is the log i saved from combo fix.

ComboFix 12-02-25.02 - Andry 02/26/2012 23:54:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.350 [GMT -5:00]
Running from: c:\users\Andry\Desktop\combarreglar.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Andry\AppData\Local\TempDIR
c:\users\Andry\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Andry\AppData\Roaming\inst.exe
c:\windows\alevir.exe
c:\windows\brasil.exe
c:\windows\brasil.pif
c:\windows\instit.bat
c:\windows\marco!.scr
c:\windows\scrsvr.exe
c:\windows\srv32.exe
c:\windows\system32\aavar.pif
c:\windows\system32\bride.exe
c:\windows\system32\flcss.sys
F:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KLANTIFL
-------\Service_KLAntiFL
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 05:19 . 2012-02-27 08:55 -------- d-----w- c:\users\Andry\AppData\Local\temp
2012-02-27 05:19 . 2012-02-27 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 12:41 . 2012-02-26 22:23 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-15 12:41 . 2012-02-15 12:41 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-02-15 12:41 . 2012-02-26 22:23 -------- d-----w- c:\program files\AVG Secure Search
2012-02-12 07:10 . 2012-02-12 07:10 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-12 05:47 . 2012-02-12 05:47 -------- d-----w- c:\program files\explorer.com
2012-02-12 05:47 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-12 00:24 . 2012-02-12 00:24 -------- d-----w- c:\users\Andry\DoctorWeb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 14:18 . 2012-01-08 19:52 14664 ----a-w- c:\windows\stinger.sys
2012-01-28 05:51 . 2012-01-28 05:51 159608 ----a-w- c:\windows\system32\mfevtps.exe.a686.deleteme
2012-01-27 05:21 . 2011-12-30 13:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 05:10 . 2012-01-26 05:10 159608 ----a-w- c:\windows\system32\mfevtps.exe.ad2f.deleteme
2012-01-24 04:18 . 2012-01-24 04:18 159608 ----a-w- c:\windows\system32\mfevtps.exe.017e.deleteme
2012-01-10 14:31 . 2012-01-10 14:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-10 14:31 . 2012-01-10 14:31 47360 ----a-w- c:\users\Andry\AppData\Roaming\pcouffin.sys
2012-01-04 04:22 . 2012-01-04 04:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 05:04 . 2011-12-31 05:05 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-12-31 05:04 . 2011-12-31 05:05 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-31 05:04 . 2011-12-31 05:05 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-28 14:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-23 06:17 . 2010-06-24 02:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-26 22:23 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-26 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Advanced SystemCare 5"="f:\toshiba program files\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2012-01-31 2980016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-10 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-10 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-10 150808]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="f:\toshiba program files\iTunesHelper.exe" [2012-01-16 421736]
"QuickTime Task"="f:\toshiba program files\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"Malwarebytes' Anti-Malware"="c:\program files\explorer.com\mbamgui.exe" [2012-01-13 460872]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-26 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-26 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
2010-11-12 22:24 1812264 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [BU]
.
R1 SASDIFSV;SASDIFSV;f:\toshiba program files\SASDIFSV.SYS [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;f:\toshiba program files\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-01-31 163008]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-31 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 MBAMService;MBAMService;c:\program files\explorer.com\mbamservice.exe [2012-01-13 652360]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-26 909152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 300584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 27632]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-10 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-25 324712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com?a=6PQmBClvdJ&i=26
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-!SASWinLogon - f:\toshiba program files\SASWINLO.DLL
SafeBoot-Lavasoft Ad-Aware Service
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3228)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-27 04:02:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 09:02
ComboFix2.txt 2012-02-10 13:07
ComboFix3.txt 2012-02-10 04:43
.
Pre-Run: 61,627,985,920 bytes free
Post-Run: 61,593,329,664 bytes free
.
- - End Of File - - D039347CDC4A2C4A3C92CAB4A1D51993

#6 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 27 February 2012 - 10:41 AM

I forgot to say earlier, one thing Ive been noticing is that when I start up in safe mode with networking it starts up as normal, I have been able to start in safe mode but this has happen twice already and never happend before, this is a recent issue I've had.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 27 February 2012 - 01:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 February 2012 - 12:19 AM

When I was searching for the TDSSkiller log I notice 2 folders that look strange to me C:/$RECYCLE.BIN and C:/$AVG.
Here are the logs. TDSSkiller didn't detect anything.

23:59:07.0939 5928 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
23:59:09.0982 5928 ============================================================
23:59:09.0982 5928 Current date / time: 2012/02/27 23:59:09.0982
23:59:09.0982 5928 SystemInfo:
23:59:09.0982 5928
23:59:09.0982 5928 OS Version: 6.1.7601 ServicePack: 1.0
23:59:09.0982 5928 Product type: Workstation
23:59:09.0982 5928 ComputerName: ANDRY-PC
23:59:09.0982 5928 UserName: Andry
23:59:09.0982 5928 Windows directory: C:\windows
23:59:09.0982 5928 System windows directory: C:\windows
23:59:09.0982 5928 Processor architecture: Intel x86
23:59:09.0982 5928 Number of processors: 2
23:59:09.0982 5928 Page size: 0x1000
23:59:09.0982 5928 Boot type: Normal boot
23:59:09.0982 5928 ============================================================
23:59:12.0365 5928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:59:12.0443 5928 Drive \Device\Harddisk1\DR1 - Size: 0x3AC00000 (0.92 Gb), SectorSize: 0x200, Cylinders: 0x77, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:59:12.0443 5928 Drive \Device\Harddisk3\DR3 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:59:12.0459 5928 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:59:12.0802 5928 \Device\Harddisk0\DR0:
23:59:12.0802 5928 MBR used
23:59:12.0802 5928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:59:12.0802 5928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAE00000
23:59:12.0849 5928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAE33000, BlocksNum 0x10522000
23:59:12.0849 5928 \Device\Harddisk1\DR1:
23:59:12.0849 5928 MBR used
23:59:12.0849 5928 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1D5FE0
23:59:12.0849 5928 \Device\Harddisk3\DR3:
23:59:12.0849 5928 MBR used
23:59:12.0849 5928 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
23:59:12.0849 5928 \Device\Harddisk4\DR4:
23:59:12.0849 5928 MBR used
23:59:12.0849 5928 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385030
23:59:12.0989 5928 Initialize success
23:59:12.0989 5928 ============================================================
23:59:24.0019 4136 ============================================================
23:59:24.0019 4136 Scan started
23:59:24.0019 4136 Mode: Manual;
23:59:24.0019 4136 ============================================================
23:59:25.0721 4136 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
23:59:25.0737 4136 1394ohci - ok
23:59:25.0846 4136 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
23:59:25.0862 4136 ACPI - ok
23:59:25.0986 4136 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
23:59:25.0986 4136 AcpiPmi - ok
23:59:26.0142 4136 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
23:59:26.0158 4136 adp94xx - ok
23:59:26.0298 4136 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
23:59:26.0314 4136 adpahci - ok
23:59:26.0424 4136 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
23:59:26.0440 4136 adpu320 - ok
23:59:26.0627 4136 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
23:59:26.0643 4136 AFD - ok
23:59:26.0767 4136 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
23:59:26.0783 4136 agp440 - ok
23:59:26.0908 4136 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
23:59:26.0908 4136 aic78xx - ok
23:59:27.0033 4136 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
23:59:27.0048 4136 aliide - ok
23:59:27.0173 4136 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
23:59:27.0173 4136 amdagp - ok
23:59:27.0298 4136 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
23:59:27.0298 4136 amdide - ok
23:59:27.0423 4136 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
23:59:27.0438 4136 AmdK8 - ok
23:59:27.0547 4136 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
23:59:27.0563 4136 AmdPPM - ok
23:59:27.0657 4136 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
23:59:27.0672 4136 amdsata - ok
23:59:27.0781 4136 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
23:59:27.0797 4136 amdsbs - ok
23:59:27.0922 4136 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
23:59:27.0953 4136 amdxata - ok
23:59:28.0125 4136 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
23:59:28.0140 4136 AppID - ok
23:59:28.0437 4136 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
23:59:28.0452 4136 arc - ok
23:59:28.0639 4136 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
23:59:28.0639 4136 arcsas - ok
23:59:28.0858 4136 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
23:59:28.0873 4136 AsyncMac - ok
23:59:28.0983 4136 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
23:59:28.0998 4136 atapi - ok
23:59:29.0232 4136 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\windows\system32\DRIVERS\avgfwd6x.sys
23:59:29.0248 4136 Avgfwfd - ok
23:59:29.0388 4136 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
23:59:29.0404 4136 AVGIDSDriver - ok
23:59:29.0435 4136 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
23:59:29.0451 4136 AVGIDSEH - ok
23:59:29.0544 4136 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
23:59:29.0560 4136 AVGIDSFilter - ok
23:59:29.0747 4136 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
23:59:29.0763 4136 AVGIDSShim - ok
23:59:29.0856 4136 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\windows\system32\DRIVERS\avgldx86.sys
23:59:29.0872 4136 Avgldx86 - ok
23:59:29.0997 4136 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\windows\system32\DRIVERS\avgmfx86.sys
23:59:30.0012 4136 Avgmfx86 - ok
23:59:30.0137 4136 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\windows\system32\DRIVERS\avgrkx86.sys
23:59:30.0137 4136 Avgrkx86 - ok
23:59:30.0355 4136 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\windows\system32\DRIVERS\avgtdix.sys
23:59:30.0371 4136 Avgtdix - ok
23:59:30.0714 4136 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
23:59:30.0730 4136 b06bdrv - ok
23:59:31.0182 4136 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
23:59:31.0198 4136 b57nd60x - ok
23:59:31.0915 4136 BCM43XX (55bbdde1cbd3fa79ea88baaa051d9735) C:\windows\system32\DRIVERS\bcmwl6.sys
23:59:32.0009 4136 BCM43XX - ok
23:59:32.0212 4136 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
23:59:32.0227 4136 Beep - ok
23:59:32.0430 4136 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
23:59:32.0461 4136 blbdrive - ok
23:59:32.0602 4136 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
23:59:32.0617 4136 bowser - ok
23:59:32.0680 4136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:59:32.0680 4136 BrFiltLo - ok
23:59:32.0805 4136 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:59:32.0836 4136 BrFiltUp - ok
23:59:32.0992 4136 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
23:59:33.0007 4136 BridgeMP - ok
23:59:33.0132 4136 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
23:59:33.0148 4136 Brserid - ok
23:59:33.0226 4136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
23:59:33.0226 4136 BrSerWdm - ok
23:59:33.0335 4136 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
23:59:33.0335 4136 BrUsbMdm - ok
23:59:33.0429 4136 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
23:59:33.0429 4136 BrUsbSer - ok
23:59:33.0678 4136 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
23:59:33.0694 4136 BthEnum - ok
23:59:33.0959 4136 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
23:59:33.0975 4136 BTHMODEM - ok
23:59:34.0162 4136 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
23:59:34.0162 4136 BthPan - ok
23:59:34.0489 4136 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
23:59:34.0521 4136 BTHPORT - ok
23:59:34.0692 4136 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
23:59:34.0708 4136 BTHUSB - ok
23:59:34.0848 4136 BTWAMPFL (e4f2ff5b6befe0872b5a4098eb5caca9) C:\windows\system32\DRIVERS\btwampfl.sys
23:59:34.0864 4136 BTWAMPFL - ok
23:59:35.0004 4136 btwaudio (c30935c27eb451586143b79b7dad590f) C:\windows\system32\drivers\btwaudio.sys
23:59:35.0020 4136 btwaudio - ok
23:59:35.0207 4136 btwavdt (9abea4dc976e3f47da2d4b169719cbaa) C:\windows\system32\DRIVERS\btwavdt.sys
23:59:35.0223 4136 btwavdt - ok
23:59:35.0394 4136 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
23:59:35.0410 4136 btwl2cap - ok
23:59:35.0519 4136 btwrchid (1e5468447e4d18fbea5f01267d6495a5) C:\windows\system32\DRIVERS\btwrchid.sys
23:59:35.0535 4136 btwrchid - ok
23:59:35.0722 4136 catchme - ok
23:59:35.0831 4136 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
23:59:35.0847 4136 cdfs - ok
23:59:35.0940 4136 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
23:59:35.0956 4136 cdrom - ok
23:59:36.0049 4136 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
23:59:36.0049 4136 circlass - ok
23:59:36.0190 4136 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
23:59:36.0221 4136 CLFS - ok
23:59:36.0377 4136 clwvd (125c828bf3673406dfd642d7bee8434f) C:\windows\system32\DRIVERS\clwvd.sys
23:59:36.0377 4136 clwvd - ok
23:59:36.0471 4136 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
23:59:36.0486 4136 CmBatt - ok
23:59:36.0580 4136 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
23:59:36.0580 4136 cmdide - ok
23:59:36.0689 4136 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
23:59:36.0705 4136 CNG - ok
23:59:36.0798 4136 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
23:59:36.0814 4136 Compbatt - ok
23:59:36.0907 4136 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
23:59:36.0907 4136 CompositeBus - ok
23:59:37.0001 4136 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
23:59:37.0017 4136 crcdisk - ok
23:59:37.0126 4136 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\windows\system32\DRIVERS\dc3d.sys
23:59:37.0141 4136 dc3d - ok
23:59:37.0266 4136 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
23:59:37.0282 4136 DfsC - ok
23:59:37.0375 4136 DigiartyVirtualCDBus (c5cb4b8826064146cfcc6f79b32521c3) C:\windows\system32\drivers\DigiartyVirtualCDBus.sys
23:59:37.0422 4136 DigiartyVirtualCDBus - ok
23:59:37.0516 4136 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
23:59:37.0531 4136 discache - ok
23:59:37.0625 4136 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
23:59:37.0641 4136 Disk - ok
23:59:37.0750 4136 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
23:59:37.0765 4136 drmkaud - ok
23:59:37.0906 4136 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
23:59:37.0921 4136 DXGKrnl - ok
23:59:38.0124 4136 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
23:59:38.0187 4136 ebdrv - ok
23:59:38.0343 4136 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
23:59:38.0358 4136 elxstor - ok
23:59:38.0467 4136 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
23:59:38.0467 4136 ErrDev - ok
23:59:38.0592 4136 ETD (f8f330e056e3f9237ed885024d44bc52) C:\windows\system32\DRIVERS\ETD.sys
23:59:38.0592 4136 ETD - ok
23:59:38.0733 4136 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
23:59:38.0748 4136 exfat - ok
23:59:38.0842 4136 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
23:59:38.0857 4136 fastfat - ok
23:59:38.0967 4136 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
23:59:38.0967 4136 fdc - ok
23:59:39.0091 4136 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
23:59:39.0107 4136 FileInfo - ok
23:59:39.0216 4136 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
23:59:39.0232 4136 Filetrace - ok
23:59:39.0325 4136 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
23:59:39.0325 4136 flpydisk - ok
23:59:39.0419 4136 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
23:59:39.0435 4136 FltMgr - ok
23:59:39.0544 4136 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
23:59:39.0559 4136 FsDepends - ok
23:59:39.0669 4136 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
23:59:39.0684 4136 Fs_Rec - ok
23:59:39.0793 4136 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
23:59:39.0809 4136 fvevol - ok
23:59:39.0903 4136 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
23:59:39.0918 4136 gagp30kx - ok
23:59:40.0012 4136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:59:40.0012 4136 GEARAspiWDM - ok
23:59:40.0121 4136 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
23:59:40.0121 4136 hcw85cir - ok
23:59:40.0230 4136 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
23:59:40.0246 4136 HdAudAddService - ok
23:59:40.0339 4136 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
23:59:40.0339 4136 HDAudBus - ok
23:59:40.0449 4136 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
23:59:40.0449 4136 HidBatt - ok
23:59:40.0558 4136 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
23:59:40.0558 4136 HidBth - ok
23:59:40.0651 4136 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
23:59:40.0651 4136 HidIr - ok
23:59:40.0792 4136 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
23:59:40.0792 4136 HidUsb - ok
23:59:40.0932 4136 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
23:59:40.0932 4136 HpSAMD - ok
23:59:41.0041 4136 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
23:59:41.0057 4136 HTTP - ok
23:59:41.0151 4136 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
23:59:41.0166 4136 hwpolicy - ok
23:59:41.0275 4136 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
23:59:41.0275 4136 i8042prt - ok
23:59:41.0385 4136 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
23:59:41.0385 4136 iaStor - ok
23:59:41.0509 4136 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
23:59:41.0525 4136 iaStorV - ok
23:59:41.0743 4136 igfx (cc3c10ee092045394fb441d52b4afcaa) C:\windows\system32\DRIVERS\igdkmd32.sys
23:59:41.0884 4136 igfx - ok
23:59:41.0993 4136 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
23:59:41.0993 4136 iirsp - ok
23:59:42.0196 4136 IntcAzAudAddService (544fcaf4cf73c6ef6a83747cb9274177) C:\windows\system32\drivers\RTKVHDA.sys
23:59:42.0258 4136 IntcAzAudAddService - ok
23:59:42.0352 4136 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
23:59:42.0352 4136 intelide - ok
23:59:42.0461 4136 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
23:59:42.0477 4136 intelppm - ok
23:59:42.0586 4136 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:59:42.0586 4136 IpFilterDriver - ok
23:59:42.0679 4136 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
23:59:42.0695 4136 IPMIDRV - ok
23:59:42.0789 4136 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
23:59:42.0804 4136 IPNAT - ok
23:59:42.0913 4136 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
23:59:42.0913 4136 IRENUM - ok
23:59:43.0023 4136 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
23:59:43.0038 4136 isapnp - ok
23:59:43.0147 4136 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
23:59:43.0147 4136 iScsiPrt - ok
23:59:43.0257 4136 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
23:59:43.0257 4136 kbdclass - ok
23:59:43.0350 4136 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
23:59:43.0366 4136 kbdhid - ok
23:59:43.0475 4136 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
23:59:43.0491 4136 KSecDD - ok
23:59:43.0569 4136 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
23:59:43.0584 4136 KSecPkg - ok
23:59:43.0740 4136 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
23:59:43.0740 4136 lltdio - ok
23:59:43.0881 4136 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
23:59:43.0896 4136 LSI_FC - ok
23:59:43.0990 4136 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
23:59:43.0990 4136 LSI_SAS - ok
23:59:44.0115 4136 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:59:44.0130 4136 LSI_SAS2 - ok
23:59:44.0255 4136 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:59:44.0271 4136 LSI_SCSI - ok
23:59:44.0364 4136 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
23:59:44.0380 4136 luafv - ok
23:59:44.0489 4136 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
23:59:44.0489 4136 MBAMProtector - ok
23:59:44.0614 4136 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
23:59:44.0629 4136 megasas - ok
23:59:44.0723 4136 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
23:59:44.0739 4136 MegaSR - ok
23:59:44.0848 4136 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
23:59:44.0863 4136 Modem - ok
23:59:44.0973 4136 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
23:59:44.0973 4136 monitor - ok
23:59:45.0082 4136 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
23:59:45.0082 4136 mouclass - ok
23:59:45.0191 4136 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
23:59:45.0191 4136 mouhid - ok
23:59:45.0316 4136 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
23:59:45.0331 4136 mountmgr - ok
23:59:45.0441 4136 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
23:59:45.0441 4136 mpio - ok
23:59:45.0550 4136 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
23:59:45.0550 4136 mpsdrv - ok
23:59:45.0690 4136 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
23:59:45.0690 4136 MRxDAV - ok
23:59:45.0815 4136 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
23:59:45.0831 4136 mrxsmb - ok
23:59:45.0924 4136 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:59:45.0940 4136 mrxsmb10 - ok
23:59:46.0080 4136 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:59:46.0080 4136 mrxsmb20 - ok
23:59:46.0174 4136 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
23:59:46.0174 4136 msahci - ok
23:59:46.0283 4136 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
23:59:46.0299 4136 msdsm - ok
23:59:46.0423 4136 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
23:59:46.0439 4136 Msfs - ok
23:59:46.0517 4136 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
23:59:46.0533 4136 mshidkmdf - ok
23:59:46.0626 4136 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
23:59:46.0642 4136 msisadrv - ok
23:59:46.0751 4136 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
23:59:46.0767 4136 MSKSSRV - ok
23:59:46.0845 4136 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
23:59:46.0860 4136 MSPCLOCK - ok
23:59:46.0954 4136 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
23:59:46.0954 4136 MSPQM - ok
23:59:47.0063 4136 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
23:59:47.0079 4136 MsRPC - ok
23:59:47.0188 4136 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
23:59:47.0188 4136 mssmbios - ok
23:59:47.0281 4136 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
23:59:47.0313 4136 MSTEE - ok
23:59:47.0391 4136 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
23:59:47.0406 4136 MTConfig - ok
23:59:47.0500 4136 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
23:59:47.0515 4136 Mup - ok
23:59:47.0640 4136 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
23:59:47.0656 4136 NativeWifiP - ok
23:59:47.0782 4136 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
23:59:47.0813 4136 NDIS - ok
23:59:47.0906 4136 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
23:59:47.0906 4136 NdisCap - ok
23:59:48.0016 4136 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
23:59:48.0016 4136 NdisTapi - ok
23:59:48.0140 4136 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
23:59:48.0140 4136 Ndisuio - ok
23:59:48.0281 4136 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
23:59:48.0296 4136 NdisWan - ok
23:59:48.0406 4136 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
23:59:48.0406 4136 NDProxy - ok
23:59:48.0499 4136 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
23:59:48.0499 4136 NetBIOS - ok
23:59:48.0640 4136 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
23:59:48.0655 4136 NetBT - ok
23:59:48.0796 4136 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
23:59:48.0796 4136 nfrd960 - ok
23:59:48.0920 4136 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
23:59:48.0936 4136 Npfs - ok
23:59:49.0045 4136 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
23:59:49.0061 4136 nsiproxy - ok
23:59:49.0201 4136 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
23:59:49.0217 4136 Ntfs - ok
23:59:49.0326 4136 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\windows\system32\DRIVERS\NuidFltr.sys
23:59:49.0326 4136 NuidFltr - ok
23:59:49.0435 4136 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
23:59:49.0451 4136 Null - ok
23:59:49.0544 4136 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
23:59:49.0544 4136 nvraid - ok
23:59:49.0654 4136 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
23:59:49.0669 4136 nvstor - ok
23:59:49.0778 4136 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
23:59:49.0794 4136 nv_agp - ok
23:59:49.0888 4136 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
23:59:49.0888 4136 ohci1394 - ok
23:59:50.0012 4136 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
23:59:50.0012 4136 Parport - ok
23:59:50.0122 4136 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
23:59:50.0137 4136 partmgr - ok
23:59:50.0231 4136 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
23:59:50.0246 4136 Parvdm - ok
23:59:50.0356 4136 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
23:59:50.0371 4136 pci - ok
23:59:50.0465 4136 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
23:59:50.0480 4136 pciide - ok
23:59:50.0574 4136 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
23:59:50.0574 4136 pcmcia - ok
23:59:50.0668 4136 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\windows\system32\Drivers\pcouffin.sys
23:59:50.0683 4136 pcouffin - ok
23:59:50.0792 4136 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
23:59:50.0792 4136 pcw - ok
23:59:50.0902 4136 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
23:59:50.0917 4136 PEAUTH - ok
23:59:51.0120 4136 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\windows\system32\DRIVERS\point32.sys
23:59:51.0136 4136 Point32 - ok
23:59:51.0245 4136 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
23:59:51.0260 4136 PptpMiniport - ok
23:59:51.0370 4136 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
23:59:51.0385 4136 Processor - ok
23:59:51.0510 4136 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
23:59:51.0510 4136 Psched - ok
23:59:51.0650 4136 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
23:59:51.0682 4136 ql2300 - ok
23:59:51.0791 4136 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
23:59:51.0791 4136 ql40xx - ok
23:59:51.0900 4136 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
23:59:51.0916 4136 QWAVEdrv - ok
23:59:52.0009 4136 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
23:59:52.0025 4136 RasAcd - ok
23:59:52.0118 4136 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
23:59:52.0134 4136 RasAgileVpn - ok
23:59:52.0259 4136 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
23:59:52.0259 4136 Rasl2tp - ok
23:59:52.0321 4136 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
23:59:52.0321 4136 RasPppoe - ok
23:59:52.0368 4136 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
23:59:52.0384 4136 RasSstp - ok
23:59:52.0524 4136 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
23:59:52.0524 4136 rdbss - ok
23:59:52.0633 4136 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
23:59:52.0633 4136 rdpbus - ok
23:59:52.0742 4136 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
23:59:52.0742 4136 RDPCDD - ok
23:59:52.0852 4136 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
23:59:52.0867 4136 RDPENCDD - ok
23:59:52.0976 4136 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
23:59:52.0992 4136 RDPREFMP - ok
23:59:53.0101 4136 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
23:59:53.0117 4136 RDPWD - ok
23:59:53.0226 4136 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
23:59:53.0242 4136 rdyboost - ok
23:59:53.0366 4136 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
23:59:53.0382 4136 RFCOMM - ok
23:59:53.0522 4136 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
23:59:53.0538 4136 rspndr - ok
23:59:53.0632 4136 RTL8167 (5c74cc6c20092a6187ce51d90fc85c7b) C:\windows\system32\DRIVERS\Rt86win7.sys
23:59:53.0647 4136 RTL8167 - ok
23:59:53.0756 4136 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
23:59:53.0772 4136 SABI - ok
23:59:54.0209 4136 SASDIFSV - ok
23:59:54.0349 4136 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
23:59:54.0365 4136 sbp2port - ok
23:59:54.0490 4136 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
23:59:54.0490 4136 scfilter - ok
23:59:54.0614 4136 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
23:59:54.0630 4136 secdrv - ok
23:59:54.0770 4136 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
23:59:54.0786 4136 Serenum - ok
23:59:54.0880 4136 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
23:59:54.0880 4136 Serial - ok
23:59:54.0989 4136 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
23:59:54.0989 4136 sermouse - ok
23:59:55.0145 4136 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
23:59:55.0145 4136 sffdisk - ok
23:59:55.0254 4136 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
23:59:55.0254 4136 sffp_mmc - ok
23:59:55.0363 4136 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
23:59:55.0363 4136 sffp_sd - ok
23:59:55.0457 4136 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
23:59:55.0472 4136 sfloppy - ok
23:59:55.0628 4136 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
23:59:55.0644 4136 sisagp - ok
23:59:55.0738 4136 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:59:55.0738 4136 SiSRaid2 - ok
23:59:55.0847 4136 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
23:59:55.0862 4136 SiSRaid4 - ok
23:59:55.0972 4136 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) C:\windows\system32\Drivers\SmartDefragDriver.sys
23:59:55.0972 4136 SmartDefragDriver - ok
23:59:56.0096 4136 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
23:59:56.0112 4136 Smb - ok
23:59:56.0284 4136 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
23:59:56.0284 4136 spldr - ok
23:59:56.0424 4136 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
23:59:56.0440 4136 srv - ok
23:59:56.0549 4136 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
23:59:56.0564 4136 srv2 - ok
23:59:56.0674 4136 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
23:59:56.0674 4136 srvnet - ok
23:59:56.0798 4136 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
23:59:56.0814 4136 stexstor - ok
23:59:56.0908 4136 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
23:59:56.0908 4136 StillCam - ok
23:59:57.0032 4136 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
23:59:57.0048 4136 swenum - ok
23:59:57.0220 4136 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
23:59:57.0251 4136 Tcpip - ok
23:59:57.0391 4136 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
23:59:57.0407 4136 TCPIP6 - ok
23:59:57.0532 4136 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
23:59:57.0547 4136 tcpipreg - ok
23:59:57.0656 4136 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
23:59:57.0672 4136 TDPIPE - ok
23:59:57.0766 4136 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
23:59:57.0781 4136 TDTCP - ok
23:59:57.0875 4136 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
23:59:57.0890 4136 tdx - ok
23:59:58.0000 4136 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
23:59:58.0000 4136 TermDD - ok
23:59:58.0171 4136 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
23:59:58.0187 4136 tssecsrv - ok
23:59:58.0358 4136 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
23:59:58.0374 4136 TsUsbFlt - ok
23:59:58.0483 4136 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
23:59:58.0499 4136 tunnel - ok
23:59:58.0608 4136 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
23:59:58.0608 4136 uagp35 - ok
23:59:58.0717 4136 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
23:59:58.0733 4136 udfs - ok
23:59:58.0858 4136 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
23:59:58.0873 4136 uliagpkx - ok
23:59:58.0982 4136 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
23:59:58.0982 4136 umbus - ok
23:59:59.0092 4136 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
23:59:59.0107 4136 UmPass - ok
23:59:59.0232 4136 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
23:59:59.0248 4136 USBAAPL - ok
23:59:59.0341 4136 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
23:59:59.0372 4136 usbccgp - ok
23:59:59.0482 4136 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
23:59:59.0482 4136 usbcir - ok
23:59:59.0606 4136 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
23:59:59.0606 4136 usbehci - ok
23:59:59.0731 4136 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
23:59:59.0747 4136 usbhub - ok
23:59:59.0840 4136 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
23:59:59.0856 4136 usbohci - ok
23:59:59.0965 4136 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
23:59:59.0965 4136 usbprint - ok
00:00:00.0074 4136 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:00:00.0090 4136 USBSTOR - ok
00:00:00.0199 4136 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
00:00:00.0215 4136 usbuhci - ok
00:00:00.0324 4136 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
00:00:00.0324 4136 usbvideo - ok
00:00:00.0464 4136 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
00:00:00.0480 4136 vdrvroot - ok
00:00:00.0589 4136 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
00:00:00.0589 4136 vga - ok
00:00:00.0698 4136 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
00:00:00.0698 4136 VgaSave - ok
00:00:00.0808 4136 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
00:00:00.0823 4136 vhdmp - ok
00:00:00.0917 4136 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
00:00:00.0932 4136 viaagp - ok
00:00:01.0026 4136 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
00:00:01.0042 4136 ViaC7 - ok
00:00:01.0135 4136 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
00:00:01.0135 4136 viaide - ok
00:00:01.0244 4136 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
00:00:01.0260 4136 volmgr - ok
00:00:01.0385 4136 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
00:00:01.0400 4136 volmgrx - ok
00:00:01.0510 4136 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
00:00:01.0510 4136 volsnap - ok
00:00:01.0619 4136 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
00:00:01.0619 4136 vsmraid - ok
00:00:01.0775 4136 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
00:00:01.0790 4136 vwifibus - ok
00:00:01.0884 4136 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
00:00:01.0900 4136 vwififlt - ok
00:00:02.0009 4136 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
00:00:02.0024 4136 WacomPen - ok
00:00:02.0134 4136 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
00:00:02.0149 4136 WANARP - ok
00:00:02.0165 4136 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
00:00:02.0165 4136 Wanarpv6 - ok
00:00:02.0321 4136 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
00:00:02.0336 4136 Wd - ok
00:00:02.0461 4136 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
00:00:02.0461 4136 Wdf01000 - ok
00:00:02.0648 4136 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
00:00:02.0664 4136 WfpLwf - ok
00:00:02.0758 4136 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
00:00:02.0758 4136 WIMMount - ok
00:00:02.0929 4136 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
00:00:02.0945 4136 WinUsb - ok
00:00:03.0085 4136 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
00:00:03.0101 4136 WmiAcpi - ok
00:00:03.0272 4136 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
00:00:03.0304 4136 ws2ifsl - ok
00:00:03.0460 4136 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
00:00:03.0475 4136 WudfPf - ok
00:00:03.0584 4136 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
00:00:03.0600 4136 WUDFRd - ok
00:00:03.0725 4136 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
00:00:04.0146 4136 \Device\Harddisk0\DR0 - ok
00:00:04.0162 4136 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
00:00:05.0612 4136 \Device\Harddisk1\DR1 - ok
00:00:05.0628 4136 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
00:00:05.0644 4136 \Device\Harddisk3\DR3 - ok
00:00:05.0644 4136 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk4\DR4
00:00:05.0659 4136 \Device\Harddisk4\DR4 - ok
00:00:05.0768 4136 Boot (0x1200) (c4be404cffd489ca62dee4941b5d81d2) \Device\Harddisk0\DR0\Partition0
00:00:05.0768 4136 \Device\Harddisk0\DR0\Partition0 - ok
00:00:05.0800 4136 Boot (0x1200) (20513fcce9a3b249c937859b3f20e540) \Device\Harddisk0\DR0\Partition1
00:00:05.0800 4136 \Device\Harddisk0\DR0\Partition1 - ok
00:00:05.0831 4136 Boot (0x1200) (64c8c680eb468c635e046b295b84411a) \Device\Harddisk0\DR0\Partition2
00:00:05.0831 4136 \Device\Harddisk0\DR0\Partition2 - ok
00:00:05.0846 4136 Boot (0x1200) (9cd94bed4cba2c658368c34182b7734f) \Device\Harddisk1\DR1\Partition0
00:00:05.0846 4136 \Device\Harddisk1\DR1\Partition0 - ok
00:00:05.0862 4136 Boot (0x1200) (75ef166ff60515715dd8871325d5e78d) \Device\Harddisk3\DR3\Partition0
00:00:05.0862 4136 \Device\Harddisk3\DR3\Partition0 - ok
00:00:05.0878 4136 Boot (0x1200) (a4be286a91ef9f3af7e8c6ffbb53239e) \Device\Harddisk4\DR4\Partition0
00:00:05.0878 4136 \Device\Harddisk4\DR4\Partition0 - ok
00:00:05.0878 4136 ============================================================
00:00:05.0878 4136 Scan finished
00:00:05.0878 4136 ============================================================
00:00:05.0924 2168 Detected object count: 0
00:00:05.0924 2168 Actual detected object count: 0
00:03:06.0124 5896 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 28 February 2012 - 12:25 AM

Hello


now the aswMBR report please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 February 2012 - 12:58 AM

OK its done. here is the report. I also just notice that my external hard drive also have the same folders I just mention earlier F:/$RECYCLE.BIN and F:/$AVG. Dont know if those are from the Autorun.inf virus Im concerned my usb sdhc cards are infected with this virus also which is why I had them plugged in my pc also since the beggining, not sure how to clean those also so I dont keep infecting my pc and others.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 00:21:15
-----------------------------
00:21:15.547 OS Version: Windows 6.1.7601 Service Pack 1
00:21:15.547 Number of processors: 2 586 0x1C0A
00:21:15.562 ComputerName: ANDRY-PC UserName: Andry
00:21:58.963 Initialize success
00:25:06.380 AVAST engine defs: 12022701
00:26:50.167 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:26:50.182 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 3
00:26:50.214 Disk 0 MBR read successfully
00:26:50.214 Disk 0 MBR scan
00:26:50.245 Disk 0 unknown MBR code
00:26:50.260 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:26:50.292 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 89088 MB offset 206848
00:26:50.307 Disk 0 Partition - 00 0F Extended LBA 133701 MB offset 182659072
00:26:50.354 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 15584 MB offset 456478720
00:26:50.401 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 133700 MB offset 182661120
00:26:50.432 Disk 0 scanning sectors +488394752
00:26:50.526 Disk 0 scanning C:\windows\system32\drivers
00:27:15.782 Service scanning
00:28:09.726 Modules scanning
00:28:29.196 Disk 0 trace - called modules:
00:28:29.227 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
00:28:29.243 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e6c7d0]
00:28:29.274 3 CLASSPNP.SYS[86da059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8373e028]
00:28:29.898 AVAST engine scan C:\windows
00:28:42.817 AVAST engine scan C:\windows\system32
00:34:46.617 AVAST engine scan C:\windows\system32\drivers
00:35:24.746 AVAST engine scan C:\Users\Andry
00:38:48.819 File: C:\Users\Andry\AppData\Roaming\Microsoft Extensions\MicrosoftUpdate.dll **INFECTED** Win32:Adware-gen [Adw]
00:39:15.240 AVAST engine scan C:\ProgramData
00:41:47.550 Scan finished successfully
00:45:48.539 Disk 0 MBR has been saved successfully to "C:\Users\Andry\Desktop\MBR.dat"
00:45:48.555 The log file has been saved successfully to "C:\Users\Andry\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 28 February 2012 - 01:08 AM

Greetings

use this for the pen drives - http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 February 2012 - 12:07 PM

OK just a question... I followed the first intructions but CF first window came on with the green letters or whatever then nothing happend and AVG warning popped open... Threat detected. File name C:\32788R22FWJFW\IEXPLORE.EXE
Threat name: Tool-NirCmd.
What happend and should I move it to virus Vault then try again??? I dint dissable my AVG so I dont know if this is the combofix tool, I didnt recognized the name.

#13 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 February 2012 - 05:02 PM

Sorry I realized afterwords it was Combofix and my AVG was interfering of course so I disabled it again; forgot that step needed to be done for combofix to work properly. Everything seems ok. My pc seems a little slow sometimes but it could be something else, i have little memory, 1 GB on Samsung Netbook. Its not as slow as it was before though. Im concern about the Autorun/recycler virus, is it gone? I will run the tool you gave me for the usb drives and memory cards. Thanks!! Here is combofix log...

ComboFix 12-02-27.02 - Andry 02/28/2012 13:00:54.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1013.121 [GMT -5:00]
Running from: c:\users\Andry\Desktop\ComboFix.exe
Command switches used :: c:\users\Andry\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 18:17 . 2012-02-28 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 05:19 . 2012-02-28 18:17 -------- d-----w- c:\users\Andry\AppData\Local\temp
2012-02-15 12:41 . 2012-02-26 22:23 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-15 12:41 . 2012-02-15 12:41 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-02-15 12:41 . 2012-02-26 22:23 -------- d-----w- c:\program files\AVG Secure Search
2012-02-12 07:10 . 2012-02-12 07:10 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-12 05:47 . 2012-02-12 05:47 -------- d-----w- c:\program files\explorer.com
2012-02-12 05:47 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-12 00:24 . 2012-02-12 00:24 -------- d-----w- c:\users\Andry\DoctorWeb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 14:18 . 2012-01-08 19:52 14664 ----a-w- c:\windows\stinger.sys
2012-01-28 05:51 . 2012-01-28 05:51 159608 ----a-w- c:\windows\system32\mfevtps.exe.a686.deleteme
2012-01-27 05:21 . 2011-12-30 13:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 05:10 . 2012-01-26 05:10 159608 ----a-w- c:\windows\system32\mfevtps.exe.ad2f.deleteme
2012-01-24 04:18 . 2012-01-24 04:18 159608 ----a-w- c:\windows\system32\mfevtps.exe.017e.deleteme
2012-01-10 14:31 . 2012-01-10 14:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-10 14:31 . 2012-01-10 14:31 47360 ----a-w- c:\users\Andry\AppData\Roaming\pcouffin.sys
2012-01-04 04:22 . 2012-01-04 04:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-31 05:04 . 2011-12-31 05:05 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-12-31 05:04 . 2011-12-31 05:05 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-31 05:04 . 2011-12-31 05:05 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-30 22:02 . 2012-01-28 15:16 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-28 14:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-23 06:17 . 2010-06-24 02:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-26 22:23 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-26 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Advanced SystemCare 5"="f:\toshiba program files\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2012-01-31 2980016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-10 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-10 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-10 150808]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="f:\toshiba program files\iTunesHelper.exe" [2012-01-16 421736]
"QuickTime Task"="f:\toshiba program files\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"Malwarebytes' Anti-Malware"="c:\program files\explorer.com\mbamgui.exe" [2012-01-13 460872]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-26 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-26 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
2010-11-12 22:24 1812264 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [BU]
.
R1 SASDIFSV;SASDIFSV;f:\toshiba program files\SASDIFSV.SYS [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;f:\toshiba program files\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-01-31 163008]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-31 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 MBAMService;MBAMService;c:\program files\explorer.com\mbamservice.exe [2012-01-13 652360]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-26 909152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 300584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 27632]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-10 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-25 324712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com?a=6PQmBClvdJ&i=26
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(116)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-02-28 13:23:20
ComboFix-quarantined-files.txt 2012-02-28 18:23
ComboFix2.txt 2012-02-27 09:02
ComboFix3.txt 2012-02-10 13:07
ComboFix4.txt 2012-02-10 04:43
.
Pre-Run: 61,782,335,488 bytes free
Post-Run: 61,834,780,672 bytes free
.
- - End Of File - - 9BBAAB1D408A138CB111C31DED4A3E6C

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 29 February 2012 - 08:31 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 angy08

angy08
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 01 March 2012 - 12:49 PM

Sorry, I ran MBAM twice because it has never detected anything since Ive had it but my avg did plus I missed the step of updating it before scanning, it usually updates every time I turn pc on but I disabled the full time protection when I used combofix. I did a full scan the 2nd time and it detected one thing. Then I tried to scan with hijack this and it wouldnt let me scan I followed the instructions on the message I got but i couldnt find the hijackthis report to delete it, I closed HijackThis when I tried to reopen hijackthis to run as administrator it'd say hijackthis is already running. This is the message when I 1st tried to scan...
For some reason your system denied write access
to the Host file. If any Hijacked domains are in this
file, HijackThis this may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this,
click start Run, type:
notepad: C:\Windows\System32\Drivers\etc\hosts
and press Enter. Find the lines HijackThis reports and delete them.
Save the file as 'hosts.' (with qoutes), and rebot.
For Vista: Simply Exit Hijack this, right click on Hijackthis Icon
Choose Run as Administrator.

After I restarted and ran Hijackthis as an administrator and I scanned and saved the log report, here is the mabam and hijackthis log reports. My pc seems to be running fine at the moment. I havent had any problems.

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.01.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Andry :: ANDRY-PC [administrator]

Protection: Disabled

3/1/2012 12:08:50 AM
mbam-log-2012-03-01 (00-08-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298451
Time elapsed: 1 hour(s), 48 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\Users\Andry\AppData\Local\TempDIR\BetterInstaller.exe.vir (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

-------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:24 AM, on 3/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
F:\Toshiba Program Files\iTunesHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
F:\Toshiba Program Files\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com?a=6PQmBClvdJ&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Toshiba Program Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Toshiba Program Files\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\explorer.com\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Advanced SystemCare 5] "F:\Toshiba Program Files\Advanced SystemCare 5\ASCTray.exe" /Manual
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - F:\Toshiba Program Files\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - E:\LeapFrog Connect\CommandService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\explorer.com\mbamservice.exe
O23 - Service: Norton Online Backup (NOBU) - Unknown owner - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--
End of file - 9648 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users