Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting redirected


  • This topic is locked This topic is locked
36 replies to this topic

#1 cdwarrior

cdwarrior

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 04 March 2012 - 10:45 PM

For some time now I've been getting randomly redirected to some ad site or (according to Malwarebytes popups) potentially malicious sites. This is NOT the Google redirects I find frequently discussed when I search for solutions to my problem. My redirects can happen at any time, anywhere, having nothing to do with Google searches. I could just be clicking on a friend's profile on Facebook, browsing items on amazon, or even clicking a topic in a forum like this. I don't see particular thing that triggers the redirects. Maybe it just does it every 30 clicks or something? I don't know, I haven't counted. It's not browser specific. It happens with both Firefox and Chrome.
Anyway, I have Spybot, AVG, and MalwareBytes all installed and updated and have run them a dozen times. They don't find anything. I wanted to try ComboFix next but was told I shouldn't run it without help. Can someone here help me through it?
Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 05 March 2012 - 02:48 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cdwarrior

cdwarrior
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 05 March 2012 - 10:00 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Aaron at 18:54:48 on 2012-03-05
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.4921 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Akamai NetSession Interface] "C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe"
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
mRun: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~2.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3B6658E7-C10A-490E-A52C-047DB94FA898} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO-X64: StumbleUpon Launcher - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
mRun-x64: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun-x64: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\nj9agfjp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Aaron\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-15 652360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-19 89920]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-19 1436424]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2008-11-25 120168]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2008-11-16 21200]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-03 19:44:52 -------- d-----w- C:\Users\Aaron\AppData\Roaming\AVG2012
2012-03-03 19:44:36 -------- d-----w- C:\ProgramData\AVG2012
2012-03-03 06:17:09 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-02-16 03:47:43 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 03:47:43 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 03:47:42 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 03:47:42 2765824 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-12-28 03:05:15 723294 ----a-w- C:\Windows\unins000.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-11 01:11:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:55:26.10 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/2008 11:56:29 AM
System Uptime: 3/3/2012 8:26:33 AM (58 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q DELUXE
Processor: Intel® Core™2 Quad CPU Q9550 @ 2.83GHz | LGA 775 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 342.998 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 351.377 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1117: 2/4/2012 10:43:30 AM - Scheduled Checkpoint
RP1118: 2/5/2012 2:47:51 PM - Scheduled Checkpoint
RP1119: 2/6/2012 8:23:58 PM - Scheduled Checkpoint
RP1120: 2/7/2012 8:06:53 PM - Scheduled Checkpoint
RP1121: 2/8/2012 10:16:01 PM - Scheduled Checkpoint
RP1122: 2/11/2012 9:43:08 AM - Scheduled Checkpoint
RP1123: 2/12/2012 10:40:43 AM - Scheduled Checkpoint
RP1124: 2/13/2012 9:33:19 AM - Scheduled Checkpoint
RP1125: 2/14/2012 7:24:54 PM - Scheduled Checkpoint
RP1126: 2/16/2012 9:22:52 AM - Scheduled Checkpoint
RP1127: 2/17/2012 9:58:52 AM - Windows Update
RP1128: 2/17/2012 10:47:25 PM - Scheduled Checkpoint
RP1129: 2/19/2012 9:59:14 AM - Scheduled Checkpoint
RP1130: 2/20/2012 11:34:37 AM - Scheduled Checkpoint
RP1131: 2/21/2012 8:48:27 PM - Scheduled Checkpoint
RP1132: 2/22/2012 8:57:04 AM - Scheduled Checkpoint
RP1133: 2/23/2012 8:47:44 AM - Scheduled Checkpoint
RP1134: 2/24/2012 7:45:19 PM - Scheduled Checkpoint
RP1135: 2/25/2012 5:13:11 PM - Scheduled Checkpoint
RP1136: 2/26/2012 2:10:31 PM - Scheduled Checkpoint
RP1137: 2/27/2012 10:12:31 AM - Scheduled Checkpoint
RP1138: 2/28/2012 10:04:41 AM - Scheduled Checkpoint
RP1139: 2/29/2012 2:26:32 PM - Scheduled Checkpoint
RP1140: 3/1/2012 9:54:48 AM - Scheduled Checkpoint
RP1141: 3/3/2012 11:42:31 AM - Installed AVG 2012
RP1142: 3/3/2012 11:43:23 AM - Installed AVG 2012
RP1143: 3/4/2012 9:05:51 PM - Scheduled Checkpoint
RP1144: 3/5/2012 10:01:07 AM - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
Hosts: 178.250.45.15 www.statcounter.com.
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
A Vampyre Story
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.1
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Software Update
ArcSoft PhotoStudio 5.5
ASUSUpdate
Canon CanoScan LiDE 600F User Registration
Canon CanoScan Toolbox 5.0
CDBurnerXP
Comcast Desktop Software (v1.2.1)
Composite 2011
CorelDRAW Graphics Suite X3
DivX Setup
DriverAgent by TouchStone Software
eArtist4
EN
Facebook Plug-In
Flick! 4.0.4
FlipShare
FontNav
GameHouse
Google Chrome
Google SketchUp 7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 24
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PDF Settings CS5
Presto! PageManager 7.15.14
QuickTime
Sam and Max - 101, 102, and 103
ScanSoft OmniPage SE 4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
StumbleUpon IE Toolbar
THE GAME OF LIFE™ by Hasbro
The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VBA
VC80CRTRedist - 8.0.50727.4053
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Wacom Tablet
Wav to Mp3 Converter
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Media Player Firefox Plugin
WorkingArtist_3.0
Works Suite OS Pack
Works Synchronization
World of Warcraft
XnView 1.95.3
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/3/2012 8:27:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/2/2012 7:50:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/2/2012 7:50:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/2/2012 7:50:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/2/2012 7:50:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/2/2012 7:50:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/2/2012 7:50:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/2/2012 7:50:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/2/2012 7:50:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/2/2012 7:49:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/2/2012 7:49:48 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
3/2/2012 7:49:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/2/2012 7:49:47 PM, Error: EventLog [6008] - The previous system shutdown at 7:47:25 PM on 3/2/2012 was unexpected.
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The TabletServiceWacom service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
3/2/2012 7:46:14 PM, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/2/2012 10:21:27 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/2/2012 10:15:56 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer PageManager PDF Writer with shared resource name PageManager PDF Writer. Error 2114. The printer cannot be used by others on the network.
3/2/2012 10:15:56 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp deskjet 5550 series (HPA) with shared resource name hp deskjet 5550 series (HPA). Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 06 March 2012 - 07:30 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cdwarrior

cdwarrior
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 07 March 2012 - 01:26 AM

Do I let ComboFix delete/quarantine whatever it wants? Or do I just get a report?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 March 2012 - 11:47 AM

just let it do what it wants and it will also give you a report when it is done


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cdwarrior

cdwarrior
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 07 March 2012 - 01:04 PM

ComboFix 12-03-04.02 - Aaron 03/07/2012 9:25.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5574 [GMT -8:00]
Running from: e:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aaron\AppData\Roaming\completescan
c:\users\Aaron\AppData\Roaming\install
c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\nj9agfjp.default\searchplugins\bing-zugo.xml
c:\users\Aaron\Documents\~WRL2073.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-03 19:44 . 2012-03-03 19:44 -------- d-----w- c:\users\Aaron\AppData\Roaming\AVG2012
2012-03-03 19:44 . 2012-03-03 19:59 -------- d-----w- c:\programdata\AVG2012
2012-03-03 06:17 . 2012-03-03 06:17 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-02-16 03:47 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 03:47 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 03:47 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 03:47 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 03:05 . 2011-12-28 03:05 723294 ----a-w- c:\windows\unins000.exe
2011-12-11 01:11 . 2011-05-15 01:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24 . 2011-12-16 01:58 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Akamai NetSession Interface"="c:\users\Aaron\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"WorksFUD"="c:\program files (x86)\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"Microsoft Works Portfolio"="c:\program files (x86)\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-27 413696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650646097-4246289937-2753561279-1000Core.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-20 22:26]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650646097-4246289937-2753561279-1000UA.job
- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-20 22:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 2206280]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\nj9agfjp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Sam and Max - Season One - e:\games\Sam and Max\Uninstall Sam and Max - 101
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-03-07 09:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 17:44
.
Pre-Run: 369,251,979,264 bytes free
Post-Run: 368,226,549,760 bytes free
.
- - End Of File - - BFB80C28F9F4C7A61637811A782FE3D4

#8 cdwarrior

cdwarrior
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 07 March 2012 - 01:05 PM

Did it find/fix anything? This is all I got. Didn't see any obvious messages telling me what it did.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 March 2012 - 01:11 PM

Greetings

It did fix some things are you still getting redirected?



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 cdwarrior

cdwarrior
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 07 March 2012 - 01:49 PM

I will have to do some web surfing for a little while to see if the redirecting is fixed.

Where does it show what Combofix did? I don't know how to read that log.

Thanks.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 March 2012 - 06:31 PM

send me the reports from the last two tools I asked for



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cdwarrior

cdwarrior
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 07 March 2012 - 10:47 PM

Still getting redirected. :(
Here's the TDSSKiller report.
19:27:29.0427 1032 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
19:27:30.0105 1032 ============================================================
19:27:30.0105 1032 Current date / time: 2012/03/07 19:27:30.0105
19:27:30.0105 1032 SystemInfo:
19:27:30.0105 1032
19:27:30.0105 1032 OS Version: 6.0.6002 ServicePack: 2.0
19:27:30.0105 1032 Product type: Workstation
19:27:30.0105 1032 ComputerName: AARON2-PC
19:27:30.0105 1032 UserName: Aaron
19:27:30.0105 1032 Windows directory: C:\Windows
19:27:30.0105 1032 System windows directory: C:\Windows
19:27:30.0105 1032 Running under WOW64
19:27:30.0105 1032 Processor architecture: Intel x64
19:27:30.0105 1032 Number of processors: 4
19:27:30.0105 1032 Page size: 0x1000
19:27:30.0105 1032 Boot type: Normal boot
19:27:30.0105 1032 ============================================================
19:27:30.0909 1032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:37.0336 1032 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:37.0341 1032 \Device\Harddisk0\DR0:
19:27:37.0364 1032 MBR used
19:27:37.0364 1032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
19:27:37.0364 1032 \Device\Harddisk1\DR1:
19:27:37.0364 1032 MBR used
19:27:37.0364 1032 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
19:27:37.0419 1032 Initialize success
19:27:37.0419 1032 ============================================================
19:44:47.0743 2080 ============================================================
19:44:47.0743 2080 Scan started
19:44:47.0743 2080 Mode: Manual;
19:44:47.0743 2080 ============================================================
19:44:48.0383 2080 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:44:48.0398 2080 ACPI - ok
19:44:48.0429 2080 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:44:48.0429 2080 adp94xx - ok
19:44:48.0461 2080 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:44:48.0461 2080 adpahci - ok
19:44:48.0492 2080 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:44:48.0492 2080 adpu160m - ok
19:44:48.0507 2080 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:44:48.0507 2080 adpu320 - ok
19:44:48.0585 2080 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:44:48.0585 2080 AFD - ok
19:44:48.0617 2080 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:44:48.0617 2080 agp440 - ok
19:44:48.0648 2080 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:44:48.0648 2080 aic78xx - ok
19:44:48.0819 2080 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:44:48.0835 2080 aliide - ok
19:44:48.0851 2080 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:44:48.0851 2080 amdide - ok
19:44:48.0866 2080 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:44:48.0866 2080 AmdK8 - ok
19:44:48.0882 2080 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:44:48.0882 2080 arc - ok
19:44:48.0913 2080 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:44:48.0913 2080 arcsas - ok
19:44:48.0975 2080 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:48.0975 2080 AsyncMac - ok
19:44:48.0991 2080 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:44:48.0991 2080 atapi - ok
19:44:49.0038 2080 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:44:49.0038 2080 AVGIDSDriver - ok
19:44:49.0085 2080 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:44:49.0085 2080 AVGIDSEH - ok
19:44:49.0100 2080 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:44:49.0100 2080 AVGIDSFilter - ok
19:44:49.0147 2080 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
19:44:49.0147 2080 Avgldx64 - ok
19:44:49.0163 2080 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:44:49.0163 2080 Avgmfx64 - ok
19:44:49.0178 2080 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:44:49.0178 2080 Avgrkx64 - ok
19:44:49.0209 2080 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
19:44:49.0209 2080 Avgtdia - ok
19:44:49.0241 2080 Beep - ok
19:44:49.0256 2080 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:44:49.0272 2080 blbdrive - ok
19:44:49.0303 2080 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:44:49.0303 2080 bowser - ok
19:44:49.0319 2080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:44:49.0319 2080 BrFiltLo - ok
19:44:49.0350 2080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:44:49.0350 2080 BrFiltUp - ok
19:44:49.0365 2080 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:44:49.0365 2080 Brserid - ok
19:44:49.0397 2080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:44:49.0397 2080 BrSerWdm - ok
19:44:49.0412 2080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:44:49.0412 2080 BrUsbMdm - ok
19:44:49.0428 2080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:44:49.0443 2080 BrUsbSer - ok
19:44:49.0537 2080 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:44:49.0568 2080 BTHMODEM - ok
19:44:49.0599 2080 catchme - ok
19:44:49.0631 2080 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:44:49.0631 2080 cdfs - ok
19:44:49.0677 2080 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:44:49.0693 2080 cdrom - ok
19:44:49.0709 2080 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:44:49.0709 2080 circlass - ok
19:44:49.0740 2080 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:44:49.0740 2080 CLFS - ok
19:44:49.0771 2080 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:44:49.0771 2080 cmdide - ok
19:44:49.0787 2080 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:44:49.0787 2080 Compbatt - ok
19:44:49.0818 2080 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:44:49.0818 2080 crcdisk - ok
19:44:49.0865 2080 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
19:44:49.0896 2080 CSC - ok
19:44:49.0927 2080 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:44:49.0927 2080 DfsC - ok
19:44:50.0005 2080 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:44:50.0005 2080 disk - ok
19:44:50.0036 2080 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:44:50.0036 2080 drmkaud - ok
19:44:50.0099 2080 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:44:50.0099 2080 DXGKrnl - ok
19:44:50.0130 2080 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:44:50.0130 2080 E1G60 - ok
19:44:50.0192 2080 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:44:50.0192 2080 Ecache - ok
19:44:50.0223 2080 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:44:50.0223 2080 elxstor - ok
19:44:50.0255 2080 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:44:50.0255 2080 ErrDev - ok
19:44:50.0301 2080 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:44:50.0301 2080 exfat - ok
19:44:50.0348 2080 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:44:50.0364 2080 fastfat - ok
19:44:50.0379 2080 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:44:50.0395 2080 fdc - ok
19:44:50.0411 2080 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:44:50.0426 2080 FileInfo - ok
19:44:50.0442 2080 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:44:50.0442 2080 Filetrace - ok
19:44:50.0457 2080 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:50.0457 2080 flpydisk - ok
19:44:50.0489 2080 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:44:50.0489 2080 FltMgr - ok
19:44:50.0520 2080 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:44:50.0520 2080 Fs_Rec - ok
19:44:50.0551 2080 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
19:44:50.0551 2080 fvevol - ok
19:44:50.0582 2080 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:44:50.0582 2080 gagp30kx - ok
19:44:50.0598 2080 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
19:44:50.0613 2080 HdAudAddService - ok
19:44:50.0691 2080 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:50.0691 2080 HDAudBus - ok
19:44:50.0738 2080 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:44:50.0738 2080 HidBth - ok
19:44:50.0754 2080 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:44:50.0754 2080 HidIr - ok
19:44:50.0801 2080 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:44:50.0816 2080 HidUsb - ok
19:44:50.0832 2080 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:44:50.0832 2080 HpCISSs - ok
19:44:50.0879 2080 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:44:50.0894 2080 HTTP - ok
19:44:50.0910 2080 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:44:50.0925 2080 i2omp - ok
19:44:50.0941 2080 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:50.0957 2080 i8042prt - ok
19:44:50.0988 2080 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:44:50.0988 2080 iaStorV - ok
19:44:51.0019 2080 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:44:51.0019 2080 iirsp - ok
19:44:51.0050 2080 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:44:51.0050 2080 intelide - ok
19:44:51.0066 2080 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:44:51.0066 2080 intelppm - ok
19:44:51.0113 2080 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:51.0113 2080 IpFilterDriver - ok
19:44:51.0128 2080 IpInIp - ok
19:44:51.0144 2080 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:44:51.0144 2080 IPMIDRV - ok
19:44:51.0159 2080 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:44:51.0175 2080 IPNAT - ok
19:44:51.0191 2080 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:44:51.0191 2080 IRENUM - ok
19:44:51.0222 2080 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:44:51.0222 2080 isapnp - ok
19:44:51.0284 2080 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:44:51.0300 2080 iScsiPrt - ok
19:44:51.0315 2080 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:44:51.0315 2080 iteatapi - ok
19:44:51.0331 2080 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:44:51.0331 2080 iteraid - ok
19:44:51.0347 2080 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:51.0347 2080 kbdclass - ok
19:44:51.0409 2080 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:51.0425 2080 kbdhid - ok
19:44:51.0471 2080 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:44:51.0471 2080 KSecDD - ok
19:44:51.0503 2080 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:44:51.0503 2080 ksthunk - ok
19:44:51.0518 2080 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:44:51.0518 2080 lltdio - ok
19:44:51.0549 2080 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:44:51.0549 2080 LSI_FC - ok
19:44:51.0565 2080 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:44:51.0565 2080 LSI_SAS - ok
19:44:51.0612 2080 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:44:51.0612 2080 LSI_SCSI - ok
19:44:51.0643 2080 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:44:51.0643 2080 luafv - ok
19:44:51.0674 2080 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:44:51.0690 2080 MBAMProtector - ok
19:44:51.0737 2080 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:44:51.0737 2080 megasas - ok
19:44:51.0768 2080 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:44:51.0783 2080 MegaSR - ok
19:44:51.0799 2080 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:44:51.0799 2080 Modem - ok
19:44:51.0815 2080 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:44:51.0815 2080 monitor - ok
19:44:51.0846 2080 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:44:51.0846 2080 mouclass - ok
19:44:51.0877 2080 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:44:51.0877 2080 mouhid - ok
19:44:51.0893 2080 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:44:51.0893 2080 MountMgr - ok
19:44:51.0924 2080 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:44:51.0924 2080 mpio - ok
19:44:51.0939 2080 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:44:51.0939 2080 mpsdrv - ok
19:44:51.0955 2080 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:44:51.0971 2080 Mraid35x - ok
19:44:51.0986 2080 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:44:51.0986 2080 MRxDAV - ok
19:44:52.0017 2080 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:52.0017 2080 mrxsmb - ok
19:44:52.0080 2080 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:52.0095 2080 mrxsmb10 - ok
19:44:52.0111 2080 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:52.0111 2080 mrxsmb20 - ok
19:44:52.0127 2080 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:44:52.0142 2080 msahci - ok
19:44:52.0173 2080 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:44:52.0173 2080 msdsm - ok
19:44:52.0189 2080 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:44:52.0189 2080 Msfs - ok
19:44:52.0205 2080 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:44:52.0205 2080 msisadrv - ok
19:44:52.0220 2080 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:44:52.0236 2080 MSKSSRV - ok
19:44:52.0236 2080 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:52.0251 2080 MSPCLOCK - ok
19:44:52.0251 2080 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:44:52.0251 2080 MSPQM - ok
19:44:52.0298 2080 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:44:52.0314 2080 MsRPC - ok
19:44:52.0329 2080 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:52.0329 2080 mssmbios - ok
19:44:52.0345 2080 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:44:52.0345 2080 MSTEE - ok
19:44:52.0361 2080 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
19:44:52.0361 2080 MTsensor - ok
19:44:52.0376 2080 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:44:52.0376 2080 Mup - ok
19:44:52.0423 2080 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:44:52.0423 2080 NativeWifiP - ok
19:44:52.0485 2080 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:44:52.0485 2080 NDIS - ok
19:44:52.0501 2080 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:52.0501 2080 NdisTapi - ok
19:44:52.0517 2080 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:52.0517 2080 Ndisuio - ok
19:44:52.0579 2080 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:52.0595 2080 NdisWan - ok
19:44:52.0626 2080 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:44:52.0626 2080 NDProxy - ok
19:44:52.0641 2080 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:44:52.0641 2080 NetBIOS - ok
19:44:52.0673 2080 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:44:52.0688 2080 netbt - ok
19:44:52.0719 2080 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:44:52.0719 2080 nfrd960 - ok
19:44:52.0751 2080 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:44:52.0751 2080 Npfs - ok
19:44:52.0782 2080 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:44:52.0797 2080 nsiproxy - ok
19:44:52.0875 2080 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:44:52.0875 2080 Ntfs - ok
19:44:52.0891 2080 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:44:52.0891 2080 Null - ok
19:44:53.0546 2080 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:53.0733 2080 nvlddmkm - ok
19:44:53.0827 2080 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:44:53.0827 2080 nvraid - ok
19:44:53.0858 2080 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:44:53.0858 2080 nvstor - ok
19:44:53.0889 2080 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:44:53.0889 2080 nv_agp - ok
19:44:53.0905 2080 NwlnkFlt - ok
19:44:53.0905 2080 NwlnkFwd - ok
19:44:53.0967 2080 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:44:53.0967 2080 ohci1394 - ok
19:44:54.0014 2080 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:44:54.0014 2080 Parport - ok
19:44:54.0061 2080 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:44:54.0061 2080 partmgr - ok
19:44:54.0123 2080 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:44:54.0139 2080 pci - ok
19:44:54.0170 2080 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:44:54.0170 2080 pciide - ok
19:44:54.0201 2080 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:44:54.0201 2080 pcmcia - ok
19:44:54.0233 2080 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:44:54.0233 2080 PEAUTH - ok
19:44:54.0295 2080 Point64 (e27b59c24404f671802f209bd580f818) C:\Windows\system32\DRIVERS\point64k.sys
19:44:54.0295 2080 Point64 - ok
19:44:54.0326 2080 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:44:54.0326 2080 PptpMiniport - ok
19:44:54.0357 2080 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:44:54.0357 2080 Processor - ok
19:44:54.0420 2080 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:44:54.0420 2080 PSched - ok
19:44:54.0467 2080 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:44:54.0498 2080 ql2300 - ok
19:44:54.0513 2080 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:44:54.0513 2080 ql40xx - ok
19:44:54.0545 2080 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:44:54.0545 2080 QWAVEdrv - ok
19:44:54.0560 2080 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:44:54.0560 2080 RasAcd - ok
19:44:54.0576 2080 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:54.0576 2080 Rasl2tp - ok
19:44:54.0623 2080 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:54.0623 2080 RasPppoe - ok
19:44:54.0654 2080 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:44:54.0654 2080 RasSstp - ok
19:44:54.0685 2080 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:44:54.0685 2080 rdbss - ok
19:44:54.0701 2080 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:54.0701 2080 RDPCDD - ok
19:44:54.0716 2080 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
19:44:54.0716 2080 rdpdr - ok
19:44:54.0732 2080 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:44:54.0732 2080 RDPENCDD - ok
19:44:54.0779 2080 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:44:54.0794 2080 RDPWD - ok
19:44:54.0825 2080 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:44:54.0825 2080 rspndr - ok
19:44:54.0857 2080 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:44:54.0857 2080 sbp2port - ok
19:44:54.0872 2080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:44:54.0872 2080 secdrv - ok
19:44:54.0919 2080 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:44:54.0919 2080 Serenum - ok
19:44:54.0950 2080 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:44:54.0950 2080 Serial - ok
19:44:54.0966 2080 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:44:54.0966 2080 sermouse - ok
19:44:54.0997 2080 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:44:54.0997 2080 sffdisk - ok
19:44:55.0013 2080 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:44:55.0013 2080 sffp_mmc - ok
19:44:55.0028 2080 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:44:55.0044 2080 sffp_sd - ok
19:44:55.0059 2080 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:44:55.0059 2080 sfloppy - ok
19:44:55.0091 2080 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:44:55.0091 2080 SiSRaid2 - ok
19:44:55.0122 2080 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:44:55.0122 2080 SiSRaid4 - ok
19:44:55.0169 2080 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:44:55.0169 2080 Smb - ok
19:44:55.0184 2080 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:44:55.0184 2080 spldr - ok
19:44:55.0215 2080 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:44:55.0231 2080 srv - ok
19:44:55.0293 2080 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:44:55.0293 2080 srv2 - ok
19:44:55.0340 2080 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:44:55.0356 2080 srvnet - ok
19:44:55.0387 2080 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:44:55.0387 2080 swenum - ok
19:44:55.0418 2080 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:44:55.0418 2080 Symc8xx - ok
19:44:55.0449 2080 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:44:55.0449 2080 Sym_hi - ok
19:44:55.0465 2080 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:44:55.0465 2080 Sym_u3 - ok
19:44:55.0543 2080 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:44:55.0559 2080 Tcpip - ok
19:44:55.0793 2080 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:44:55.0793 2080 Tcpip6 - ok
19:44:55.0949 2080 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:44:55.0949 2080 tcpipreg - ok
19:44:55.0964 2080 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:44:55.0964 2080 TDPIPE - ok
19:44:55.0980 2080 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:44:55.0980 2080 TDTCP - ok
19:44:56.0027 2080 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:44:56.0027 2080 tdx - ok
19:44:56.0073 2080 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:44:56.0073 2080 TermDD - ok
19:44:56.0105 2080 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:56.0105 2080 tssecsrv - ok
19:44:56.0120 2080 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:44:56.0120 2080 tunmp - ok
19:44:56.0151 2080 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:44:56.0151 2080 tunnel - ok
19:44:56.0198 2080 TVICHW64 (1a006963644c7fde5be60036f3a43e68) C:\Windows\SysWOW64\Drivers\TVICHW64.SYS
19:44:56.0198 2080 TVICHW64 - ok
19:44:56.0229 2080 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:44:56.0229 2080 uagp35 - ok
19:44:56.0261 2080 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:44:56.0276 2080 udfs - ok
19:44:56.0307 2080 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:44:56.0307 2080 uliagpkx - ok
19:44:56.0339 2080 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:44:56.0339 2080 uliahci - ok
19:44:56.0370 2080 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:44:56.0370 2080 UlSata - ok
19:44:56.0385 2080 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:44:56.0401 2080 ulsata2 - ok
19:44:56.0417 2080 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:44:56.0417 2080 umbus - ok
19:44:56.0448 2080 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\drivers\usbccgp.sys
19:44:56.0463 2080 usbccgp - ok
19:44:56.0479 2080 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:44:56.0479 2080 usbcir - ok
19:44:56.0495 2080 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:44:56.0510 2080 usbehci - ok
19:44:56.0541 2080 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:44:56.0557 2080 usbhub - ok
19:44:56.0573 2080 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:44:56.0573 2080 usbohci - ok
19:44:56.0588 2080 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:44:56.0604 2080 usbprint - ok
19:44:56.0635 2080 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:44:56.0635 2080 usbscan - ok
19:44:56.0666 2080 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:56.0682 2080 USBSTOR - ok
19:44:56.0682 2080 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:44:56.0682 2080 usbuhci - ok
19:44:56.0697 2080 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:56.0713 2080 vga - ok
19:44:56.0713 2080 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:44:56.0713 2080 VgaSave - ok
19:44:56.0744 2080 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:44:56.0744 2080 viaide - ok
19:44:56.0791 2080 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:44:56.0791 2080 volmgr - ok
19:44:56.0838 2080 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:44:56.0838 2080 volmgrx - ok
19:44:56.0885 2080 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:44:56.0885 2080 volsnap - ok
19:44:56.0916 2080 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:44:56.0916 2080 vsmraid - ok
19:44:56.0978 2080 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:44:56.0978 2080 wacommousefilter - ok
19:44:56.0994 2080 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:44:56.0994 2080 WacomPen - ok
19:44:57.0041 2080 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
19:44:57.0041 2080 wacomvhid - ok
19:44:57.0103 2080 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:44:57.0103 2080 Wanarp - ok
19:44:57.0103 2080 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:44:57.0103 2080 Wanarpv6 - ok
19:44:57.0134 2080 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:44:57.0134 2080 Wd - ok
19:44:57.0165 2080 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:44:57.0181 2080 Wdf01000 - ok
19:44:57.0228 2080 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:44:57.0228 2080 WmiAcpi - ok
19:44:57.0275 2080 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
19:44:57.0275 2080 WpdUsb - ok
19:44:57.0290 2080 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:44:57.0290 2080 ws2ifsl - ok
19:44:57.0321 2080 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:57.0337 2080 WUDFRd - ok
19:44:57.0368 2080 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
19:44:57.0368 2080 yukonx64 - ok
19:44:57.0384 2080 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:44:57.0415 2080 \Device\Harddisk0\DR0 - ok
19:44:57.0431 2080 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
19:44:57.0431 2080 \Device\Harddisk1\DR1 - ok
19:44:57.0446 2080 Boot (0x1200) (5f88d2f92552f0355a3cad0b056265d9) \Device\Harddisk0\DR0\Partition0
19:44:57.0446 2080 \Device\Harddisk0\DR0\Partition0 - ok
19:44:57.0446 2080 Boot (0x1200) (456f3f25ea4f196868b18f798dff95b0) \Device\Harddisk1\DR1\Partition0
19:44:57.0446 2080 \Device\Harddisk1\DR1\Partition0 - ok
19:44:57.0446 2080 ============================================================
19:44:57.0446 2080 Scan finished
19:44:57.0446 2080 ============================================================
19:44:57.0462 4148 Detected object count: 0
19:44:57.0462 4148 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 07 March 2012 - 10:48 PM

Hello


and the aswMBR report please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 cdwarrior

cdwarrior
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 07 March 2012 - 11:25 PM

And here's the aswMBR report. Looks like it found something. I did not click "FixMBR" yet. Should I?

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-07 19:47:32
-----------------------------
19:47:32.090 OS Version: Windows x64 6.0.6002 Service Pack 2
19:47:32.090 Number of processors: 4 586 0x170A
19:47:32.090 ComputerName: AARON2-PC UserName: Aaron
19:47:34.212 Initialize success
19:48:08.832 AVAST engine defs: 12030701
19:48:25.680 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:48:25.680 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
19:48:25.680 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
19:48:25.680 Disk 1 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
19:48:25.696 Disk 0 MBR read successfully
19:48:25.696 Disk 0 MBR scan
19:48:25.711 Disk 0 Windows VISTA default MBR code
19:48:25.711 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
19:48:25.727 Disk 0 scanning C:\Windows\system32\drivers
19:48:34.151 Service scanning
19:48:51.483 Modules scanning
19:48:51.483 Disk 0 trace - called modules:
19:48:51.498 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:48:51.514 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c15790]
19:48:51.514 3 CLASSPNP.SYS[fffffa6000b97c33] -> nt!IofCallDriver -> [0xfffffa8007a16520]
19:48:51.514 5 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007a12590]
19:49:00.999 AVAST engine scan C:\Windows
19:49:03.931 AVAST engine scan C:\Windows\system32
19:52:09.135 AVAST engine scan C:\Windows\system32\drivers
19:52:21.396 AVAST engine scan C:\Users\Aaron
19:55:54.289 File: C:\Users\Aaron\AppData\Roaming\Adobe\Flash Player\NativeCache\036AFE043A03EAFF3F55582DF5BBB80F\6776bcaa\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
19:59:07.776 AVAST engine scan C:\ProgramData
20:02:12.777 Scan finished successfully
20:22:39.467 Disk 0 MBR has been saved successfully to "E:\Downloads\MBR.dat"
20:22:39.483 The log file has been saved successfully to "E:\Downloads\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 08 March 2012 - 12:09 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
 C:\Users\Aaron\AppData\Roaming\Adobe\Flash Player\NativeCache\036AFE043A03EAFF3F55582DF5BBB80F\6776bcaa\adobecp-200489-1.dll 

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1:9421

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users